[SUPPORT TROUBLESHOOTING] Group Objects Sync Error: Error in evaluation of expression – securityEnabled

Hello again!

So today was working on an issue where I was attempting to synchronize groups and experienced several different exceptions that prevented the synchronization of groups.

In attempting to synchronize a group an exception is thrown.

Exception

Error in evaluation of expression: CBool(BitAnd([groupType],-2147483648)) . Sync Rule: In from AD – Group Common Destination: securityEnabled

NOTE: Snapshot taken from Preview feature while testing in lab

previewsnapshot

If you save the Preview Results, you can see the Exception documented in the XML and it will look like the below information.

previewresultssnapshot

CAUSE

This error happens because there is no data flowing to the groupType attribute in the metaverse. This can happen if you deselect the Group object type in the On-Premise Active Directory Connector and then re-select the Group Object Type in the On-Premise Active Directory Connector.

Deselecting the Group Object Type in the On-Premise Active Directory Connector will remove the associated attributes from the Select Attributes tab and thus deselecting them. Upon re-checking the Group Object Type in the On-Premise Active Directory Connector it will re-display the associated attributes on the Select Attributes tab, but will not always re-select these attributes. (ie. groupType and/or member).

NOTE: Snapshot below is an example of the data for the groupType attribute not flowing to the metaverse object and thus producing the error message.

grouptypeflow

 

RESOLUTION

  1. In the Synchronization Service Manager Console, select Connectors
  2. Select the On-Premise Active Directory Connector
  3. From the Actions menu, select Properties
  4. Select the Select Attributes tab in the Properties Dialog
  5. Locate and check the groupType attribute and the member attributeNOTE: If you do not select member, you may see the group synchronize, but it will not send members.