FIM - Management Agent Creation Error–Index was out of range

Published 28 July 11 10:19 AM | forefrontsecurity

Hi All,

Last week, I have encountered a strange issue with a multi Active Directory Domain Management Agent. This management agent was created initially to import users from a specific domain in a multi domain forest. All was working fine, and we wanted to add an other domain in the import flow.

We decided to create an temporary MA, to test the import. The validation of the MA failed with this error :

Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index

We made a network trace with Wireshark, and see that at the end of the creation, there is an ldap search :

image

The answer is :

image

Finally, we discover that an Exchange Schema Update was done in the forest (in order to create some ExtensionAttribute), but no DomainPrep. That’s why there was no msExchOrganizationContainer in the Configuration Partition.

The final solution was to manually create some fake object in the Configuration Partition.

Published by Olivier DETILLEUX

Filed under: , , , , ,

Comments

No Comments

This Blog

News

    We talk about Forefront Unified Access Gateway, Web SSO, DirectAccess, Threat Management Gateway, Identity Manager and other Forefront Technologies. Also, some post about Active Directory and other Identity and Access technos.

Syndication