Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Group Sync AD -> FIM, how to provide a default Owner when managedBy attribute is empty

Answered Group Sync AD -> FIM, how to provide a default Owner when managedBy attribute is empty

  • Tuesday, May 22, 2012 10:04 AM
     
     
    Sign In to Vote
    0

    I have an Inbound Sync rule flowing Groups into FIM Portal. All is fine until I try to give the newly provisioned Portal Group a default owner. 

    I have tried to push a DN e.g. "CN=GroupsOwner,OU=USer Accounts,DC=MyDomain,DC=Local" into owner but I get some error saying this is not allowed when creating the attribute flow.

    Is the ObjectGUID or ObjectSID of the AD object 'GroupsOwner' a better bet? If so, how do I get these values out of AD or FIM?

     

All Replies

  • Tuesday, May 22, 2012 12:13 PM
     
     
    Sign In to Vote
    0

    Harold,

    The Manager-attribute is a reference. You should flow a reference to a person that is present in your FIM solution. Are you flowing users into FIM?

    Best regards,
    Pieter.

    Pieter de Loos - Consultant at Traxion (http://www.traxion.com) http://fimfacts.wordpress.com/

     
  • Tuesday, May 22, 2012 12:23 PM
     
     Answered
    Sign In to Vote
    1
    The way I do it is to set the MembershipAddWorkflow to None which turns off the owner check then I have a workflow in FIM Service to add the default owner I want if there isn't one and change the MembershipAddWorkflow to something else.

    Eric

     
  • Wednesday, May 23, 2012 6:19 PM
     
     
    Sign In to Vote
    0

    It seems that use of custom function is a no-no in Inbound SR. I need the IIF(IsPresent(managedBy).... test.

    Problem is not the reference, the DN string I give IS present in the CS and so is a valid reference, I guess if I always flowed that string FIM would be happy but I only want to do that if and only if managedBy is empty.