4 Replies Latest reply: Sep 3, 2012 3:42 AM by a73210 RSS

    recon AD groups to OIM error

    user13026152
      Hello experts, this is 11.1.1.5bp3. I can provision users into AD and now want to pull AD OUs into OIM because my understanding is that if I want to provision AD users into certain OUs, those OUs must exist as orgs in OIM, right?

      When running the Org Recon task (which completes successfully supposedly) I'm getting multiple: oracle.iam.reconciliation.exception.InvalidDataFormatException: Required column name RECON_ORGNAME4EAE4287 and value does not exist

      The troubleshooting section of the doc says this can be caused by the lookup value of Trusted being used but that is not the case here. Also I should mention that I can run both Lookup Recon tasks successfully. On the connector side, the logs don't show errors and do correctly show debug messages about it processing my various AD orgs so it seems fine over there. On the OIM log, I also see the AD org names in the logs and I also see the above error for each of them. The orgs do not get created in OIM. Thoughts? Thanks.
        • 1. Re: recon AD groups to OIM error
          BikashBagaria
          user13026152 wrote:
          Hello experts, this is 11.1.1.5bp3. I can provision users into AD and now want to pull AD OUs into OIM because my understanding is that if I want to provision AD users into certain OUs, those OUs must exist as orgs in OIM, right?
          The OUs from AD should be in the lookup in OIM and not orgs in OIM.
          When running the Org Recon task (which completes successfully supposedly) I'm getting multiple: oracle.iam.reconciliation.exception.InvalidDataFormatException: Required column name RECON_ORGNAME4EAE4287 and value does not exist
          Which schedule task are you running? You should be running 'AD Organization Lookup Recon' task. As for the error you are seeing paste me few more stack traces.
          The troubleshooting section of the doc says this can be caused by the lookup value of Trusted being used but that is not the case here. Also I should mention that I can run both Lookup Recon tasks successfully. On the connector side, the logs don't show errors and do correctly show debug messages about it processing my various AD orgs so it seems fine over there. On the OIM log, I also see the AD org names in the logs and I also see the above error for each of them. The orgs do not get created in OIM. Thoughts? Thanks.
          Check the lookup 'Lookup.ADReconciliation.Organization' and 'Lookup.ADReconciliation.GroupLookup'

          -Bikash
          • 2. Re: recon AD groups to OIM error
            KCCS
            I believe I am seeing the exact same problem with OIM 11.1.5 BP03 using the AD 9.1.7.0 connector.

            The ad Group & Org Lookup tasks work as expected. The Org and Group recons throw errors, as you descibe.

            I have recreated the Recon Profiles, and that did not help.

            Kerry
            • 3. Re: recon AD groups to OIM error
              user13026152
              Neither one of those exist in my Lookup Definition table (searching by Code): 'Lookup.ADReconciliation.Organization' and 'Lookup.ADReconciliation.GroupLookup'. Could that be the problem?

              Yes I can run this successfully: 'AD Organization Lookup Recon' But I don't know if it is doing the correct things.

              Also can you explain what I should see/add in the Lookup.ActiveDirectory.OrganizationalUnits codes? My IT Resource Users container is X for example but that dn only contains users. It doesn't contain the OUs they belong to. So I'm guessing I should remove the existing codes and put in the root DN so that it can find all the OUs? That doesn't seem to work though and it just removes the entry I entered manually. The doc around this is not clear at all.

              Here is a sample error from the org recon:

              [2012-07-02T07:34:00.013-04:00] [oim-app1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000JWZ^eFN1JfhhP9v1Cd1Fu5Qb000002,1:29741] [APP: oim#11.1.1.3.0] Generic Information: ignoreEvent Input Data : {Unique Id=<GUID=d858817bb970b24ca5eefa0adccd1bb2>, IT Resource Name=Active Directory, Display Name=Workstations, Container=3~OU=IS,OU=Servers,OU=_IT,DC=TAD,DC=TEST,DC=COM, IT Resource Key=3} dateFormat : yyyy/MM/dd HH:mm:ss z
              [2012-07-02T07:34:00.013-04:00] [oim-app1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl.config] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000JWZ^eFN1JfhhP9v1Cd1Fu5Qb000002,1:29741] [APP: oim#11.1.1.3.0] Generic Information: Xellerate Organization from cache
              [2012-07-02T07:34:00.013-04:00] [oim-app1] [ERROR] [IAM-5010000] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000JWZ^eFN1JfhhP9v1Cd1Fu5Qb000002,1:29741] [APP: oim#11.1.1.3.0] Generic Information: {0}[[
              oracle.iam.reconciliation.exception.InvalidDataFormatException: Required column name RECON_ORGNAME4EAE4287 and value does not exist


              The AD OU it mentions there does not appear in OIM anywhere as far as I can tell.

              Thanks
              • 4. Re: recon AD groups to OIM error
                a73210
                Were you able to solve this? I am getting the same error as well