locked
Oracle and Active Directory Integration

    Question

  •  

    Hi All, one of my customers is looking at ILM, They want to integrate Oracle HR DB with AD/Exchange. The process is as follows, HR (Oracle DB based) create a user then when the employee joins the dept head sends a request to IT for the AD Account and access to be created, however not all employees require an AD account, is there anyrthing we can do with MIIS so that information is only replicated when a field is added (trigger mechanism) so we can show no sync initially then add the field entry and show the account in AD. I am thinking how we could use a boolean values or something like that. Any advice?

     

    Thanks

    Friday, February 22, 2008 11:14 AM

Answers

  • You are right on track.

    A Boolean could do the trick. I would use a bit vector to keep the architecture open. You never know whether you additional data sources will have to be managed tomorrow.

    You should read the first few pages of this document. The general topic of this document is related to your topic.

     

    //////////////////////////////////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    //////////////////////////////////////////////////////////////////////////////////////////////////
    .

     

     

     

    Friday, February 22, 2008 2:05 PM
  • Yes, this is all possible and I'd consider it best practice for sure.  It's pretty typical to derive some sort of status boolean that is a result of the various dates and status combinations.  You can use this boolean and others if there are multiple states to "gate" your Provisioning code.  So, while you typically nest logic in Provisioning like so:

     

    Object Type:

    Person:

    Boolean check:

    Boolean check:

    ProvisionUserToAD

    Boolean check:

    ProvisionUserToADAM

    ...

    Group:

    Boolean check:

    ProvisionGroupToAD

    So that's all pseudo-code of course, and there are numerous examples in the Developers Reference, and in the Getting Started collection to help you along.

     

    Just remember that you'll have to derive these booleans yourself perhaps in a view or temporary table if you cannot have them added to the schema of the base tables and populated by the HR application.

    Friday, February 22, 2008 2:12 PM

All replies

  • You are right on track.

    A Boolean could do the trick. I would use a bit vector to keep the architecture open. You never know whether you additional data sources will have to be managed tomorrow.

    You should read the first few pages of this document. The general topic of this document is related to your topic.

     

    //////////////////////////////////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    //////////////////////////////////////////////////////////////////////////////////////////////////
    .

     

     

     

    Friday, February 22, 2008 2:05 PM
  • Yes, this is all possible and I'd consider it best practice for sure.  It's pretty typical to derive some sort of status boolean that is a result of the various dates and status combinations.  You can use this boolean and others if there are multiple states to "gate" your Provisioning code.  So, while you typically nest logic in Provisioning like so:

     

    Object Type:

    Person:

    Boolean check:

    Boolean check:

    ProvisionUserToAD

    Boolean check:

    ProvisionUserToADAM

    ...

    Group:

    Boolean check:

    ProvisionGroupToAD

    So that's all pseudo-code of course, and there are numerous examples in the Developers Reference, and in the Getting Started collection to help you along.

     

    Just remember that you'll have to derive these booleans yourself perhaps in a view or temporary table if you cannot have them added to the schema of the base tables and populated by the HR application.

    Friday, February 22, 2008 2:12 PM