Hello,

IDM 4.5.2
Office365 4.1.0.2.

Even though I have got the solution working as per the specification, I
am not happy with it and I was wondering if this is my error or
something that is known with Office365?

The data flow:

1. A User is created in the IDV with an Internet Email Address
2. The User is given a User Entitlement for Office365, and a License
3a. The requirement is that if the User has an Internet Email Address,
then that Email Address will be used as the Primary Email Address in
Office365
3b. If the User does not have an Internet Email Address, then the
Primary Email Address in Office365 will be the Username (Default)

I have read a lot of threads about setting the MsolUserType attribute to
UserMailbox on the <add> event to get this to work...but for me, it acts
strangely. First off, I had to set a password on the <add> event to get
the New-Mailbox to work. That is fine, it's a new 'User'. However, the
following XDS <add> document does not work correctly:

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.2.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20161117105652.722Z" class-name="MSolUser"
event-id="sr-ped-idm-01#20161117105652#1#1:881e0799-5428-4631-4284-99071e882854"
previous-class-name="MSolUser"
qualified-src-dn="O=rfk-dev\OU=Personer\OU=Ansatt\CN=021_Test_User"
src-dn="\RFK-DEV-TRE\rfk-dev\Personer\Ansatt\021_Test_User"
src-entry-id="59748" timestamp="1479380212#25">
<add-attr attr-name="UserPrincipalName" old-name="CN">
<value naming="true" timestamp="1479379415#44"
type="string">021_Test_User@263T72I272B272.onmicro soft.com</value>
</add-attr>
<add-attr attr-name="DisplayName" old-name="Full Name">
<value timestamp="1479379415#58" type="string">TESTING Keith_021
Armstrong_021</value>
</add-attr>
<add-attr attr-name="FirstName" old-name="Given Name">
<value timestamp="1479379415#24" type="string">TESTING Keith_021</value>
</add-attr>
<add-attr attr-name="LastName" old-name="Surname">
<value timestamp="1479379415#23" type="string">Armstrong_021</value>
</add-attr>
<add-attr attr-name="PhoneNumber" old-name="Telephone Number">
<value timestamp="1479379415#22"
type="teleNumber">+44.751.445.9728</value>
</add-attr>
<add-attr attr-name="Title" old-name="Title">
<value timestamp="1479379415#9" type="string">IDM Consultant</value>
</add-attr>
<add-attr attr-name="MsolUserType" old-name="MsolUserType">
<value type="string">UserMailbox</value>
</add-attr>
<add-attr attr-name="LicenseAssignment">
<value type="string">263T72I272B272:ENTERPRISEPREMIUM_FAC ULTY</value>
</add-attr>
<add-attr attr-name="UsageLocation">
<value type="string">NO</value>
</add-attr>
<add-attr attr-name="BlockCredential">
<value type="string">false</value>
</add-attr>
<add-attr attr-name="ForceChangePassword">
<value type="string">false</value>
</add-attr>
<add-attr attr-name="PasswordNeverExpires">
<value type="state">true</value>
</add-attr>
<add-attr attr-name="StrongPasswordRequired">
<value type="state">false</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>

The result from PowerShell on the Remote Loader is:

DirXML: [11.17.16 11:56:55.574]: TRACE: : New-MailBox -DisplayName
'TESTING Keith_021 Armstrong_021' -FirstName 'TESTING Keith_021'
-LastName 'Armstrong_021' -MicrosoftOnlineServicesID
'021_Test_User@263T72I272B272.onmicrosoft.com' -Password $passwd -Name
****
DirXML: [11.17.16 11:56:57.199]: TRACE: SUB: get-pssession
DirXML: [11.17.16 11:56:57.199]: TRACE: : Set-MSolUser -PhoneNumber
'+44.751.445.9728' -Title 'IDM Consultant' -UsageLocation 'NO'
-BlockCredential $false -PasswordNeverExpires $true
-StrongPasswordRequired $false -UserPrincipalName
'021_Test_User@263T72I272B272.onmicrosoft.com'
DirXML: [11.17.16 11:56:57.559]: TRACE: : User Not Found. User: .

The SHIM returns this:

<nds dtdversion="3.5">
<source>
<product build="201601262214"
instance="\RFK-DEV-TRE\rfk-dev\ikt\DirXML\Driver Set\O365-RFK-A"
version="4.1.0.2">Identity Manager Driver for Microsoft
Office365</product>
<contact>NetIQ, Corporation.</contact>
</source>
<output>
<status
event-id="sr-ped-idm-01#20161117121649#1#1:97404f4c-2421-4053-e2be-4c4f40972124"
level="retry" type="command-retry"> User Not Found. User:
..<operation-data attempt-to-match="true"
email-on-add="keith.samir_023@263T72I272B272.onmicrosoft.co m"
final-operation="add" unmatched-src-dn="Ansatt\023_Test_User"
username="testing.one_023@263T72I272B272.onmicroso ft.com">
<upn-naming attribute-name="CN" attribute-value="023_Test_User"
name="023_Test_User"/>
<entitlement-impl id="" name="License"
qualified-src-dn="O=rfk-dev\OU=Personer\OU=Ansatt\CN=023_Test_User"
src="UA" src-dn="\RFK-DEV-TRE\rfk-dev\Personer\Ansatt\023_Test_User"
src-entry-id="59750"
state="1">{"ID":"263T72I272B272:ENTERPRISEPREMIUM_ FACULTY"}</entitlement-impl>
</operation-data>
</status>
</output>
</nds>

Now, the 'User Not Found' warning results in the Engine doing a 'retry',
which results in the match / merge / update...and that is the bit that
sets the Primary Email Address, License, all the other bits and bobs on
the User. So, the end result is that the newly added User in Office365
looks great, but I don't really like the flow of the process.

My question is: I followed the documentation, and this still does not
work for the initial add. Please let me know where I am being stupid

Thanks!

-Keith


--
karmst
------------------------------------------------------------------------
karmst's Profile: https://forums.netiq.com/member.php?userid=2806
View this thread: https://forums.netiq.com/showthread.php?t=56916