You know I don’t really like the no code option on that MA, they should at least make the code visible so one can troubleshoot. I was getting an ma-extension-error on a group sync, for about 30 security groups created in AD and flowing tot the Portal. The error occurs when the ERE is being generated. I click on stack trace and all I see is
Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: ‘AD Security Group Sync Rule’. Details: Object reference not set to an instance of an object.
at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)
No more information. I do research on the web and folks say its likely the DN but that it could be any of flow rules. I pondered on this because the same flow rules worked for 15000 other SGs. Closely examining the groups I see there is no owner specified, really not a big deal since 14000 of the groups do not have owner specified but flowed successfully to the Portal. But I go ahead and remove the managedowner to displayowener flow from the sync rule and finally the SGs are processed successfully.
Of course I have to put the flow rule back, I tried using a custom expression flow rule for that field using the IIF(IsPresent(managedby)) but it would not take it, you cannot flow a function expression to a reference MV attribute.