Error when creating new User Object using New-FimImportObject function

Sep 11, 2013 at 11:00 AM
Hi,

I am fairly new to PowerShell and especially the FIM PowerShell module. I am trying to automate the creation of new Shared Mailboxes user objects for my customer (shared mailbox creation is managed through the FIM portal). I have created a test script to register new shared mailbox user objects via the cmdlets instead of through the web UI. The script is working and the new user object request is processed by the FIM portal but I am noticing an error after running the cmdlet

Here's a very simplified version of the script to create a single new shared mailbox user object:
New-FimImportObject -uri $uri -ObjectType SharedMailbox -State Create -Changes @(
    New-FimImportChange -Operation None -uri $uri -AttributeName 'DisplayName' -AttributeValue 'SMBTest12'
    New-FimImportChange -Operation None -uri $uri -AttributeName 'Description' -AttributeValue 'Test created with FIM cmdlets'
    New-FimImportChange -Operation None -uri $uri -AttributeName 'MailNickname' -AttributeValue 'SMBTest12'
    New-FimImportChange -Operation None -uri $uri -AttributeName 'ExtensionAttribute7' -AttributeValue 'MBX=5GB;TYPE=Shared;'
    New-FimImportChange -Operation None -uri $uri -AttributeName 'ExtensionAttribute8' -AttributeValue '0'
    New-FimImportChange -Operation None -uri $uri -AttributeName 'Owner' -AttributeValue @('Person','Email','joe.bloggs@domain.com')
    New-FimImportChange -Operation None -uri $uri -AttributeName 'Owner' -AttributeValue @('Person','Email','joe.bloggs@domain.com')
    New-FimImportChange -Operation None -uri $uri -AttributeName 'SMBFMAAccess' -AttributeValue @('Person','Email','joe.bloggs@domain.com')
    New-FimImportChange -Operation None -uri $uri -AttributeName 'SMBSendAsAccess' -AttributeValue @('Person','Email','joe.bloggs@domain.com')
    New-FimImportChange -Operation None -uri $uri -AttributeName 'SMBSendOnBehalfAccess' -AttributeValue @('Person','Email','joe.bloggs@domain.com')
) -ApplyNow
Like I said the script works and the SMB user object is created in the FIM portal and in our AD. However when I check the $error variable in the script to determine if the New-FIMImportObject cmdlet worked properly I see the following error (creating a new user called "SMBTest11":

__
Get-FimObjectID : An object was not found with this criteria: SharedMailbox:DisplayName:SMBTest11
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\FIM\Fim.psm1:404 char:36
  • $objectId = Get-FimObjectID <<<< -Uri $Uri -ObjectType $ImportObject.ObjectType -AttributeName $AnchorAttributeName -AttributeValue $anchorAttributeValue -ErrorAction SilentlyContinue
    • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-FimObjectID
Import-FIMConfig : When resolving a required object using its anchor attribute, the target system returned no matching object. Please ensure the anchor attribute is correct in the source system and that the object actually exists in the target system.

Import Object SourceObjectID = 00000000-0000-0000-0000-000000000000
Filter = /SharedMailbox[(DisplayName='SMBTest11')]
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\FIM\Fim.psm1:544 char:29
  • Import-FIMConfig <<<< $resolver -Uri $Uri -ErrorAction Stop | Out-Null
    • CategoryInfo : ObjectNotFound: (:) [Import-FIMConfig], InvalidOperationException
    • FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig
      __
So I am wondering 1) Why is this error occurring when the the actual user object is created successfully and 2) How can I best check/confirm within my script that the FIM cmdlet processed successfully? The error seems to indicate that the module is calling the "Get-FIMObjectID" function and the function cannot find the object "SharedMailbox:DisplayName:SMBTest11" which I guess makes sense because I am performing a Create request and the object does not yet exist?

Many thanks,

Stuart
Sep 12, 2013 at 9:41 AM
Edited Sep 12, 2013 at 9:52 AM
I've determined that the above non-terminating error is occurring at the following line of code in the 'Skip-DuplicateCreateRequest' function:
$objectId = Get-FimObjectID -Uri $Uri -ObjectType $ImportObject.ObjectType -AttributeName $AnchorAttributeName -AttributeValue $anchorAttributeValue -ErrorAction SilentlyContinue
So reading through the module code maybe this is working as designed? The New-FIMImportObject function pipes the request to the Skip-DuplicateCreateRequest function prior to piping the request to Import-FIMConfig to create the requested object. The error is generated because Skip-DuplicateCreateRequest is performing a lookup to the FIM portal to see if an object already exists with the specified attributes. And the $error variable is set because the Get-FimObjectID function returns an error because the object doesn't exist in FIM.

So I think I can pass the -SkipDuplicateCheck parameter in my New-FimImportObject cmd to avoid this issue or alternatively I need to find another way to determine if my request was successfully submitted to FIM other than looking at the $error variable.

Or could the Skip-DuplicateCreateRequest function be changed to clear the error from $error after processing?

Thanks,

Stuart
Developer
Sep 13, 2013 at 3:24 PM
Hi Stuart-

The Skip-DuplicateCreateRequest function is doing what it's supposed to in terms of failing but it sounds like we have a bug around how we trap that error.

Can you give me the broader code sample where you check $error? I can setup a repro and see if we have a bug.

Sounds like you have a workaround in the short term though.
Sep 13, 2013 at 4:20 PM
Hi Brian,

Many thanks for responding. I have emailed you the pertinent code.

Cheers,

Stuart
Developer
Sep 13, 2013 at 5:14 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.