Duplicate Account Name issue in FIM 2010 R2
-
Wednesday, October 17, 2012 7:54 AM
Hello folks,
I am very new to FIM and would like to ask the following question hoping someone will assist me.
In the HR inbound Policy Rule I have configured (LastName+firstINitial= accountName)
I have successfully exported most users to FIM Portal except some 26 users who have duplicate "accountName" which I ma getting errors for.
Example: User one : Tom Major acountName = majort
user two : Timothy Major acountName = majort
How would I solve this issue.
I will eventually be provisioning these accounts to AD and would like to add enumerated number in FIM to the end of the account name for uniqueness for exampleuser one : Tom Major acountName = majort
user two : Tthomas Major acountName = majort1
user three: Timothy Major accountName= majort2
Can some one provide me codeless and easy way to accomplish this please. I would prefer a codeless solution as I have no idea how to write Codes.
Thank you in advance
Aw
All Replies
-
Wednesday, October 17, 2012 3:08 PM
Hello Aw,
This can not be easily solved. as codeless provision is in the FIM portal and you are not able to sync these users to the portal.
A solution would be to leave the accountname blanco and let the portal decide what the correct account name should be. Codeless provisioning can not do a lookup so it can not check if the accountname already exists. A piece of code in the portal is required to generate unique accountnames.
regards,
Fer
-
Wednesday, October 17, 2012 7:54 PM
Agreed, either a piece of code in the portal or an import rule extension would be needed to do it within FIM. Another option is to have the account name generated and provided by the HR system or other source (SQL table with a trigger to generate it, for example) that can be used to flow in the account name. Regardless of the method, you have to have available the list of account names that are already used, and code that can compare a possible account name with that list to ensure it has generated a good one.
For a large environment with a relatively flat OU structure, you also have the same uniqueness concern when building the CN/RDN/DN of the object since displayName might be repeated. Making it the already-unique account name instead of displayName, or including the account name in the RDN, resolves the problem.
Chris
-
Thursday, October 18, 2012 5:06 AM
HI,
Tools 4 FIM have a few free functions, and one of them is a Unique Name Generator - this may be a bit easier to figure out and implement then writing code for some of us.
cheers.
-
Thursday, October 18, 2012 11:10 AM
To summarize, there are several option to generate usernames:
- Load the identities in a database and let the database genereate the usernames. Then load the identities in FIM for the provisioning of the accounts to the desired systems.
- Load the identies in FIM with a management agent with an extension for the generation of the usernames. This requires the coding of the extension.
- Load the identities in FIM without the usernames and let FIM generate the username. This is not possible with codeless provisioning so a piece of code is required. This can be an existing function or the writing of a piece of code.
I hope this helps
Fer
-
Thursday, October 18, 2012 7:29 PM
A while back, I posted some code to perform a similar activity here
This would get you about 90% of the way through your requirements. You would only need to add a loop to find the first unique AccountName as you increment a counter.
-
Friday, October 19, 2012 12:29 AM
Hey S, Kwan,
as I am ne wto FIM, this solution sounds easier. are you able to provide details on Tools4FIM function and how to use it,
Regards
Thanks for youyr assistance
-
Friday, October 19, 2012 7:58 AM
If you want to use the Tools4Fim option you should follow the installation in the inclosed help file.
You need to locate the gacutil to register the DLL file, use the command as given in the helpfile.
For the policy you need to add the attribute to the MPR, a fast solution would be to select all Attributes
Create the activity and fill in:
Description: T4FIM Function Evaluator
Display Name: T4FIM Function Evaluator
Activity Name: T4FIM.FunctionEvaluator.WorkflowPart
Assembly Name: T4FIM.FunctionEvaluator, Version=4.0.0.1, Culture=neutral, PublicKeyToken=1cff8ccc43c5c5ec
Type Name: T4FIM.FunctionEvaluator.UIpart
Check the Action Activity and the Authorization Activity.
It is important to check that the assembly name line is one line. It should be copied as above with no line breaks as this breaks the acticvity.
Stop and start the fimservicve, iisreset and the activity should be there in the activity picker.
- Marked As Answer by aw_hakim Monday, October 22, 2012 4:58 AM
-
Friday, October 19, 2012 3:29 PM
Before implementing any significant changes, I would try to become a little more familiar with FIM. Every FIM implementation is a little different because it must be tailored to each environment, so it is critical that you know what you're doing and not just following a cookbook recipe.
There's a good free on-line training course for Microsoft that I recommend you check out:
http://technet.microsoft.com/en-us/ff793470.aspx
Chris
-
Monday, October 22, 2012 5:06 AM
Thank you Fer,
I followed your instruction above and it worked for me nicely...I appreciate your assistance.
My next challenge is to find how to use the tool in order to solve my initial request. Have you used the tool in the past.?
Cheers and Thank you again
AW
-
Monday, October 22, 2012 9:11 AM
Hello AW,
I have not used these tools. The different requirements I have had for account name generation could not be satisfied by these tools. I wrote code to satisfy my needs. So unfortunately I cannot help you with these tools.
I did have a short look at the help file and the examples seem easy enough to modify to your needs. Goud luck with your problem
Regards, Fer
-
Monday, October 22, 2012 11:25 PM
Hello Fer,
You have done it again.
I didnot even take notice that help file was included with the tool. Some times you need another eye to solve an issue.
I briefly looked at the example in the help file you mentioned. It looks like exactly what i need with (may be) minor modification. I will try the tool soon in a test envronmnet and see how I go.
Thanks Heaps ....Again!. You are a champ. :)
Regards
Aw
-
Wednesday, October 24, 2012 2:40 AM
Hello AW,
I have not used these tools. The different requirements I have had for account name generation could not be satisfied by these tools. I wrote code to satisfy my needs. So unfortunately I cannot help you with these tools.
I did have a short look at the help file and the examples seem easy enough to modify to your needs. Goud luck with your problem
Regards, Fer
Hi Fer,
it it is me again, just a final qeuery about the code within the help file.
the original code to use for account name uniqueness in the help file is:
GenerateUniqueString(EmployeeId,'samAccountName',substr(LastName,0,5)& substr(FirstName,0,1), substr(LastName,0,5) & if(ispresent (MiddleName),substr(MiddleName,0,1),'x') & substr(FirstName,0,1) & '{0}').
But I would like to modify the code in to the following becuase I dont use middle name and also woul not wnat to use x
GenerateUniqueString(substr(LastName) & substr(FirstName,0,1), substr(LastName) & substr(FirstName,0,1) & '{0}')
hoping this will produce lastname+firstinitial+number (if necessary)
Thank you Fer,
Aw
-
Wednesday, October 24, 2012 7:09 AM
GenerateUniqueString(substr(LastName) & substr(FirstName,0,1), substr(LastName) &substr(FirstName,0,1) & '{0}')
Should produce the correct unique string, you still need to provide an identification attribute and the desired type.
GenerateUniqueString(EmployeeID,'samAccountName',substr(LastName) & substr(FirstName,0,1), substr(LastName) &substr(FirstName,0,1) & '{0}')
The first two elements of the function are important.
-
Wednesday, October 24, 2012 10:55 PM
Yes Fer, Got it.
thanks you
AW
.png)
