FIM MetaVerse rule extension - updating the CSEntry object if possible
-
7 мая 2012 г. 20:19
Working on a FIM solution and here is what I am doing:
Using a metaverse rules extension to provision accounts from SQL DB to AD. Provision is working as expected. However, now I am considering that user names and location will change and must account for changes that occur that will change the DN. So, I am looking at trying to update the CSEntry Object, but the items(attributes) are mostly read only. So how does one change the Connector Space based on changes - That will need my logic to get to the correct DN?
Am I missing some thing here?
Thanks for any response in advance
Here is the stack trace from the dll exception:
System.InvalidOperationException: attribute sn is read-only
at Microsoft.MetadirectoryServices.Impl.AttributeImpl.set_Value(String value)
at Mms_Metaverse.MVExtensionObject.Provision(MVEntry mventry) in C:\Applications\FIMBuilder\MVExtension231\MVExtension231.vb:line 148Here some code of what I am trying to do: (this is after I know that the record already exists in the AD CS
'Edit the entry for AD
Dim editcsentry As CSEntry
editcsentry = ADConnMA.Connectors.ByIndex(0)
editcsentry.DN = refDN
editcsentry.Item("sn").Value = mventry.Item("lastname").Value.ToString
editcsentry.Item("givenName").Value = mventry.Item("firstname").Value.ToString
editcsentry.Item("middleName").Value = mventry.Item("middleName").Value.ToString
editcsentry.Item("displayName").Value = mventry.Item("LastName").Value.ToString + ", " + _
mventry.Item("firstname").Value.ToString()
editcsentry.Item("sn").Value = mventry.Item("lastname").Value.ToString
editcsentry.Item("employeeType").Value = "Student" 'always set to this
editcsentry.Item("sAMAccountName").Value = strCN- Изменено Codepuller 7 мая 2012 г. 20:37
- Изменено Codepuller 7 мая 2012 г. 20:43
Все ответы
-
7 мая 2012 г. 22:02Владелец
The objective of the provisioning code is to create and initialize objects.
You CAN'T use provisioning code to do regular attribute updates - this is why you got the error.For attribute updates, you need to configure attribute flow rules.
Cheers,
MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
-
7 мая 2012 г. 22:08
Okay, but when I have user records change, (name changes) - I have to run through some logic to get a new and unique accountName for them. I am not sure I can put this logic into into a flow rule?
I guess another way to ask is there a way to put this into code?
Thanks for the reply -
-
7 мая 2012 г. 22:23Владелец
Just read your original post again.
There is one exception to my response - the DN.DN updates are handled by your provisioning code.
All other attribute updates are subject to flow rules.You can put logic to to calculate unique names into a flow rule, however, the question is whether this is really a task that should be handled by sync.
If you need to handle this in sync, you can use the FindMVEntries method.There are some examples on how to do use this on the ILM forum.
Cheers,
MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
- Помечено в качестве ответа Codepuller 8 мая 2012 г. 12:41
-
8 мая 2012 г. 12:43
That answered my question. Flow rule for the sync. "really a task that should be handled by sync" - is correct. I am going to do that another way.
Thanks -
.png)
