none
Set AD Group member

    Question

  • Hello All,

    When I provision users to AD from FIM, can I set AD ADGroupMember in the synchronization rule instead of running the following powershell?

    Add-ADGroupMember -Identity "Home100 Users" -Member $AcctName

    Thanks!

    Monday, April 01, 2013 6:58 PM

Answers

  • If you let FIM handle your groups, you should be able to just flow the member attribute through the AD MA. You can not call Powershell out-of-the-box but would need to write an extended flow rule (I wouldnt recommend calling Powershell in a flow rule though); if you dont want to manage groups directly take a look at Craigs Powershell workflow activity or my Powershell MA for doing PS stuff...

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by fim_sc Monday, April 01, 2013 8:28 PM
    Monday, April 01, 2013 8:01 PM

All replies

  • If you let FIM handle your groups, you should be able to just flow the member attribute through the AD MA. You can not call Powershell out-of-the-box but would need to write an extended flow rule (I wouldnt recommend calling Powershell in a flow rule though); if you dont want to manage groups directly take a look at Craigs Powershell workflow activity or my Powershell MA for doing PS stuff...

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by fim_sc Monday, April 01, 2013 8:28 PM
    Monday, April 01, 2013 8:01 PM
  • Thanks! Would I be able to pass a constant string that denotes the group name? Also, I have selected the member attribute in sync engine but I don't see that in portal AD - synchronization rules - AD attributes.

    • Edited by fim_sc Monday, April 01, 2013 8:43 PM
    Monday, April 01, 2013 8:43 PM