none
How to identify a group whose members will be removed?

    Discussion générale

  • Hi! This is the case,

    We need to identify the security groups that have at least one member to be removed in the syncronization.

    The idea is to alert the administrator via a notification that the group will lose members.

    Is there any way to implement this?

    Thanks in advance for your help.

    mercredi 10 avril 2013 16:28

Toutes les réponses

  • You'd need to look at the pending exports in the FIM Connector Space and parse through them/translate the references to do this. Is there a reason you can't send the mail after someone has been removed?


    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    mercredi 10 avril 2013 18:16
    Modérateur
  • The groups come from a TDS repository and not all its members are managed by FIM, for this reason, we need to generate a notification to alert about this potencial deletion.

    So, I think that we can identify with a flag all groups whose members were or will be removed during the syncronization. The notice may be before or after export. Is possible to check pending exports o members status in the provision method?

     
    mercredi 10 avril 2013 18:50
  • All you need is a Request MPR, Use All People in the Requestors and check the checkbox Remove a value form a MultiValue attribute, in the target resources select all Groups and use ExplicitMember in the Target Attributes.

    In the policy Workflows, attach an Action Workflow which will send notification to whoever you want.

    This will ensure that whenever a member from a Group is removed in FIM, the notification will be sent.

     

    Regards Furqan Asghar

    mercredi 10 avril 2013 19:01
  • Ok but, This rule works for non-managed members too?

    mercredi 10 avril 2013 19:27
  • NO! it will not work with non-managed members as they won't be in the FIM Portal.

    I't will work only if the member is removed from the Group and FIM Portal gets the removal Request.


    Regards Furqan Asghar

    mercredi 10 avril 2013 19:35
  • That's the problem, I need to identify groups with unmanaged members will be removed during the synchronization process. My idea is create a set with all groups identified by a flag, then create a MPR transition-in for this set and send a notification.

    Any other ideas?

    mercredi 10 avril 2013 19:51