Wednesday, October 09, 2013

FIM ValueViolatesUniqueness Error with ObjectSID

The FIM Service is smart enough to protect the ObjectSID attribute from duplication, but what happens if you land there by accident and need to replace the ObjectSID attribute?  The first challenge is finding the offender because it isn’t easy (at least for me) to search on ObjectSID because the PowerShell cmdlet Export-FimConfig doesn’t support it.  If you try that cmdlet with this filter “/Person[ObjectSID='OHMYHOOFHEARTEDmmmmm==']” then you will get an error like this: “The endpoint could not dispatch the request”.

You can however remove the ObjectSID attribute if you manage to find the offending object, like this:

###

### Set ObjectSID to NULL

###

New-FimImportObject -ObjectType Person -State Put -AnchorPairs @{AccountName='hoofhearted'} -Changes @{

    ObjectSID = ''

} -ApplyNow

 

The challenge is, the second time you try that you’ll get this error:

 

Import-FIMConfig : Failure when making web service call.

SourceObjectID = 00000000-0000-0000-0000-000000000000

Error = The web service client has encountered the following class of error: ValueViolatesUniqueness

Details: AttributeName: ObjectSID

AttributeValue:

Additional Text Details: The specified attribute value must be unique for this Resource Type.

 

My guess is that FIM is caching the ObjectSID attribute values somewhere, and when you set it to ‘’ it is caching that value so you can’t use it again.

The workaround is to instead use a GUID (fairly random and safe to use).  You can do that like this:

 

###

### Set ObjectSID to a GUID

###

New-FimImportObject -ObjectType Person -State Put -AnchorPairs @{AccountName='hoofhearted'} -Changes @{

    ObjectSID = [System.Convert]::ToBase64String([Guid]::NewGuid().ToByteArray())

}-ApplyNow

 

No comments: