OIM910: Can not get ObjectGUID during provisioining Exchange account

Can not get ObjectGUID during provisioining Exchange account

As you know, exchange stores its informatin in AD, and when OIM provision exchange account, it needs to get the object GUID of the corresponding AD account.

What OIM actually do are summarized as below:
1) Check AD User Process
If Check AD User Process succeed, then proceed to step 2.
2) Get ObjectGUID from Process
What Get ObjectGUID from Process do is to get the corresponding object GUID, and save
it to exchange table : UD_MSEXCHG, column: UD_MSEXCHG_OBJECTUID , meaning get the AD account's object GUID from AD process table: UD_ADUSER, then convert it to exchange process table.
3) Check ObjectGUID Set
This step checks whether the column UD_MSEXCHG_OBJECTUID got set or not in step 2, if got set then proceed to step 4.
4) Create Mailbox.

As what we have stated above, the most important part of provisoning exchange account is getting objectGUID from AD process, which is step 2, so we need to discuss more about step 2, actually, step 2 needs to know the user key and IT resource key as a parameter for the query below:
*****************************************************************************
select distinct UD_ADUSER.UD_ADUSER_OBJECTGUID from UD_ADUSER UD_ADUSER, orc orc ,sta sta where UD_ADUSER.orc_key=orc.orc_key and orc.usr_key=2662 and UD_ADUSER.UD_ADUSER_AD=161 and orc.orc_status=STA.sta_status AND STA.sta_bucket != 'Cancelled'

****************************************************************************
Parameters:
-----------------------------------------
a. 2662 is a user Key in USR table.
b. 161 is a IT Resource Key in table SVR.
Explain how the get param a and b
(1) For user key, get be actually get from ORC (process table), as ORC has user key column, beside UD_MSEXCHG table has ORC_KEY column as well, that how be get user key,
(2) For IT Resource key, this is very obviously, UD_MSEXCHG has a column of AD IT Resource, UD_MSEXCHG_ADSERVER.
-----------------------------------------
Result
-----------------------------------------
UD_ADUSER.UD_ADUSER_OBJECTGUID
87e1bf040c85ba49b3d57ce9b4c38ec8
-----------------------------------------


How to solving the problem stated as the title of this article
If you can not get object GUID from UD_ADUSER table, and you confirmed that the corresponding AD account record in UD_ADUSER table has objectGUID, then the problem probably is that you use different AD IT Resource for AD User and Exchange,
e.g. You use ADITResource_DEV for AD User, but ADITResource for Exchange, and the key for ADITResource_DEV is 161, but the key for ADITResource is 1,

AD User - ADITResource_DEV - 161
Exchange - ADITResource - 1

so when you create exchange account, you will be executing the SQL below:
select distinct UD_ADUSER.UD_ADUSER_OBJECTGUID from UD_ADUSER UD_ADUSER, orc orc ,sta sta where UD_ADUSER.orc_key=orc.orc_key and orc.usr_key=2662 and UD_ADUSER.UD_ADUSER_AD=1 and orc.orc_status=STA.sta_status AND STA.sta_bucket != 'Cancelled'

Then you won't get any result, because corresponding AD User account in UD_ADUSER table has a key of ITResource key (UD_ADUSER.UD_ADUSER_AD) equals to 161, not 1 , that's the reason why you get not get object GUID from AD USER Table.