Resources for IT Professionals >
Forums Home
>
Identity Management Forums
>
Identity Lifecycle Manager 2
>
Setting accountExpires using codeless provisioning
Setting accountExpires using codeless provisioning
- Hi
can someone point out how to convert a string in form of "2010/31/12" in the required integer format to be able to set accountExpires attribute in Active Directory?
Thanks in advance
Henry
Answers
- Sorry but for this you'll have to create a custom workflow activity and in that one you could simply use the DateTime.ToFileTime Method.
The AD accountExpire attribute is a FileTime structure (8 byte) and a not easily converted to and from without the right tools and the limited sync rule functions are not the right tools to use...
This would have been a perfect candidate (together with it's sister FromFileTime) for a custom sync rule function but since there isn't anything like that (yet) we have to fall back on workflow. If you read this and think custom sync rule functions could be nice to have, head on to Connect and give this feature request a vote!
//Henrik
Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)- Marked As Answer byMarkus VilcinskasMSFT, ModeratorWednesday, November 04, 2009 10:30 PM
All Replies
- Sorry but for this you'll have to create a custom workflow activity and in that one you could simply use the DateTime.ToFileTime Method.
The AD accountExpire attribute is a FileTime structure (8 byte) and a not easily converted to and from without the right tools and the limited sync rule functions are not the right tools to use...
This would have been a perfect candidate (together with it's sister FromFileTime) for a custom sync rule function but since there isn't anything like that (yet) we have to fall back on workflow. If you read this and think custom sync rule functions could be nice to have, head on to Connect and give this feature request a vote!
//Henrik
Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)- Marked As Answer byMarkus VilcinskasMSFT, ModeratorWednesday, November 04, 2009 10:30 PM
- Thanks a lot for your answer and explanation (as well as for the other one concerning the manager attribute).
But isn't it much simpler to go one step back and use the MIIS / ILM - style attribute export flow?
(At least until such commonly used features are not usable in the portal out of the box)
Henry - Legacy sync rules or workflow is your choice... In this case I wanted to point out that declarative provisioning isn't complete without custom functions.
//Henrik
Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se) - no, no
everything is perfect. I am very happy with your answer.
Henry - But remember for your other question (Setting Manager attribute in FIM) you would have to use the Utils.FindMVEntries method to find your manager when using legacy sync rules and that's probably not a good practice because it's slooooow!
Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
