NetIQ IDM 4.5.5 with Remoteloder Windows Server 2012 R2



The driver is running preferctly fine and startsup okay does all good CRUDs with AzureAD Graph api both on subscriber and pubslisher , refreshes Deleted Users from MSOL. If we set driver properties "Exchange and Powershell Service" to "Yes" and "Office 365 Exchange Online" to "No". but if we set

"Exchange and Powershell Service" to "Yes" and "Office 365 Exchange Online" to "Yes", the driver startsup and dies with fatal error on startup!!!


This is the final logs before driver dies due to "fatal"

<nds dtdversion="4.x" ndsversion="8.x">
<source>
<product version="5.0.0.0">NetIQ Identity Manager Driver for Azure AD and Office365</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<driver-operation-data class-name="users" command="schema-extensions">
<request method="GET" url="https://graph.windows.net/AAD_TENANAT.onmicrosoft.com/applications/APP_ID/extensionProperties?api-version=1.6">
<url-token/>
<header/>
<value/>
</request>
</driver-operation-data>
</input>
</nds>
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: sub-execute
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: Calling document modifier class com.novell.nds.dirxml.driver.azure.apiext.GraphAPI Extension.modifySubscriberRequest()
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: customHandler
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: customHandler: class-name == 'users'
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: Custom: preparing GET to https://graph.windows.net/AAD_TENANA...pi-version=1.6
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: Setting the following HTTP request properties:
Authorization: <content suppressed>
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: OAuth2: Token is valid.
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: OAuth2: Token is valid.
DirXML: [05/07/17 21:35:36.47]: TRACE: Azure AD_Azure: Did a HTTP GET with 0 bytes of data to https://graph.windows.net/AAD_TENANA...pi-version=1.6
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD_Azure: Response code and message: 200 OK
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD_Azure: Calling document modifier class com.novell.nds.dirxml.driver.azure.apiext.GraphAPI Extension.modifySubscriberResponse()
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Received response document from subscriber

<nds dtdversion="3.0">
<source>
<product build="20170130_0359" version="1.0.0.1">Identity Manager REST Driver</product>
<contact>NetIQ Corporation.</contact>
</source>
<output>
<status level="success" type="driver-general">
<driver-operation-data class-name="users" command="schema-extensions" dest-dn="">
<response method="GET" url="https://graph.windows.net/AAD_TENANAT.onmicrosoft.com/applications/APP_ID/extensionProperties?api-version=1.6">
<url-token/>
<header/>
<value message="OK" status="200">{"odata.metadata":"https://graph.windows.net/AAD_TENANAT.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.ExtensionProperty","va lue":[array_of_custom_extensions,m '--REMOVED_INENTIONALLY:--']}</value>
</response>
</driver-operation-data>
</status>
</output>
</nds>


DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Total 10 schema extensions are registered for application APP_ID
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Populating 10 registered schema extensions in driver schema.
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Azure AD: Added '--REMOVED_INENTIONALLY:--'
DirXML: [05/07/17 21:35:36.59]: TRACE: Remote Loader: PublicationShim.init() returned:
DirXML: [05/07/17 21:35:36.59]: TRACE: <nds dtdversion="4.x" ndsversion="8.x">
<source>
<product build="20170326_1258" instance="Azure AD" version="5.0.0.0">Identity Manager Driver for Azure AD and Office 365</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="fatal" type="com.novell.nds.dirxml.driver.azure.StatusExc eption"/>
</output>
</nds>
DirXML: [05/07/17 21:35:36.59]:
DirXML Log Event -------------------
Driver = \prefix_--DRIVER--REFAzure AD
Thread = Publisher
Level = fatal
DirXML: [05/07/17 21:35:36.59]:
DirXML Log Event -------------------
Driver = \prefix_--DRIVER--REFAzure AD
Thread = Subscriber
Level = error
Message = Fatal error returned from shim
DirXML: [05/07/17 21:35:36.59]: TRACE: Remote Loader: Sending...



IDM Exchange service logs says:

AAD.onmicrosoft.com Invocation: Completed
AAD.onmicrosoft.com Keeping subscriber session alive
AAD.onmicrosoft.com https://localhost:2313/ExchServer/AA...oft.com/schema



I have removed Exchange attributes from the filter and scema map

<attr-name class-name="User">
<nds-name>DirXML-AADArchiveStatus</nds-name>
<app-name>ArchiveStatus</app-name>
</attr-name>
<attr-name class-name="User">
<nds-name>DirXML-AADLegacyExchangeDN</nds-name>
<app-name>ServerLegacyDN</app-name>
</attr-name>
<attr-name class-name="User">
<nds-name>DirXML-AADLitigationHoldEnabled</nds-name>
<app-name>LitigationHoldEnabled</app-name>
</attr-name>



I do not want to sync any of these things, I Only want to execute some PSExecute "CmdLets" to the Exchange Online..


Regards,

Maqsood.