User Management

Microsoft Forefront Identity Manager 2010 R2 Handbook

How to configure FIM to manage provisioning, management and de-provisioning of users.

  1. #1 by Rafal Grzybowski on November 9, 2012 - 12:12

    Hi,

    I cannot figure out HRGUID attribute from your FIM book on page 167. When this attribute is populated on FIM?

    I””””m trying to implement some outbound sync policy for custom resource types from FIM to SQL and I don””””t have any unique column other than FIM ObjectID. And this doesn””””t flow into SQL uniqueidentifier column because of type mismatch. That””””s why I””””m trying to understand your examples from the book but I””””m stuck with this HRGUID attribute.

    BTW: Your book about FIM 2010 R2 is the best on the market.

    Thank you.

    Best regards
    Rafal Grzybowski

    Reply Quote

    • #2 by Kent on November 9, 2012 - 12:51

      I realize a piece of information is missing around this. A GUID in FIM is not the same thing as a GUID in SQL. If you would like to export a GUID in FIM to a SQL you need to add the curly brackets ending up with something like { + FIM_GUID + } -> SQL_GUID in your synchronization rule. This is because the datatype in SQL is not present as datatype in FIM. In the MV it is stored as a String. Hope this helps and glad you like the book!

      Reply Quote

      • #3 by Rafal Grzybowski on November 9, 2012 - 13:07

        Ok, I could try to concatenate it for attribute flow. But what about relationship criteria? I cannot create relationship based on expressions only simple column names. Are there any design guidelines for exporting such simple custom resource types into SQL Server if there is no unique attribute other than ObjectID.

        Reply Quote

        • #4 by Kent on November 9, 2012 - 13:12

          That”s is indeed a problem. Since the datatypes are different you cannot use them in declarative relationship criteria. You would need to use classic code based join rules to solve this.

          Reply Quote

    • #5 by Kent on November 9, 2012 - 12:58

      Regarding the HRGUID value, this is not fully explained, but I have added this “new” attribute in the MV Schema of Type string and imports the objectID from the HR system to that value.

      Reply Quote

  2. #6 by Kent on December 16, 2012 - 13:10

    I got this question from a user via another channel but would like to share it with you all…:
    I bought your book FIM 2010 R2 handbook and had a question. In the sync rule for new user you create a custom expression for userAccountControl using itself in the function. How is that possible (UAC is a AD attribute, not MV). But the function itself looks useful.

    Reply Quote

    • #7 by Kent on December 16, 2012 - 13:13

      What has happend is that I have added a new attribute “userAccountControl” to the MV. The rule I use looks to see it that attribute has been set (import from AD) and if so only change the 2 bit. If not set I configure it to use the default values.

      Hope this explains it.

      Reply Quote

      • #8 by Sachin on December 16, 2012 - 23:16

        Thanks Kent, I realised it after sending the note.

        Reply Quote

  3. #9 by Sachin on January 22, 2013 - 03:34

    Hi Kent, In your version of homefolder script, you use objectguid as the anchor attribute. FIM stores this as a binary value and passing it to powershell MA doesn”t work with an error like:
    The parameter for the function is of an unknown type: ”174; 236; 146; 235; 76; 37; 2; 71; 191; 81; 152; 190; 67; 103; 229; 163; ”. System.FormatException: Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
    Can you explain how should I flow the attribute from ADMA-MV-PowerShellMA?

    Reply Quote

    • #10 by Kent on January 22, 2013 - 08:03

      You never pass the Guid to the MA. The MA does not support provisioning in this case. The anchor is only used internally in this MA. Hope you understand.

      Reply Quote
(will not be published)