登录
 
主页技术资源库学习下载支持社区论坛
IT 专业人士的资源 >
Custom expression for AD placement

Answered Custom expression for AD placement

  • 2011年4月6日 16:54
     
     
    登录进行投票
    0

    Hi all,

    I'm trying to develop a rule to perform custom placement in AD via a synchronization rule based on a number of different attributes of a user in FIM/the portal.  My requirement is:

    1. If an attribute called DoIT is set to "DG1" then they go into a DoIT OU, otherwise
    2. If an attribute called MediaStudent is set to "Y" then they go into a Media OU, otherwise
    3. If an attribute called Site is set to "G" they go into a Gretna OU, otherwise
    4. If an attribute called Site is set to "C" they go into a Chelsea OU, otherwise
    5. If an attribute called Site is set to "F" they go into a Fleetwood OU.

    My intention was to build the DN attribute as Initial flow as follows:

    CN=Given Name Surname (student number), OU=custom expression, DC=wherever, DC=com

    And my custom expression I was going to build up through several nested IIFs, something like:

    IIF(Eq(DoIT,"DG1"),"DoIT",IIF(Eq(MediaStudent,"Y"),"Media",IIF(Eq(Site,"G"),"Gretna",IIF(Eq(Site,"C"),"Chelsea",IIF(Eq(Site,"F"),"Fleetwood","UNKNOWN")))))

    I seem to get a sync flow provisioning failed error whenever it evaluates the first Eq to the else clause as I tried

    IIF(Eq(DoIT,"DG1"),"DoIT","Other") with the same result.

    Am I missing something very obvious or is there a better way?

    Thanks,

    Paul

     

全部回复

  • 2011年4月6日 20:56
     
     
    登录进行投票
    0

    Are you actually specifying the DN?  In each TRUE clause of the IIF you must specify the DN.  And you should use Nul() in the last ELSE clause not "UNKNOWN".

     

     
  • 2011年4月7日 2:30
     
     已答复
    登录进行投票
    1

    Do you have an OU called Unknown?

    You should do the whole things as a custom expression

    Try this one first, it will work if you have an OU called Unknown off of the root of the domain.

    "CN=" + FirstName + " " + LastName + "(" + StudentNumber + "),OU=" + IIF(Eq(DoIT,"DG1"),"DOIT","Unknown") + ",DC=wherever,DC=COM"

    Then build it up and see if this one works

    "CN=" + FirstName + " " + LastName + "(" + StudentNumber + "),OU=" + IIF(Eq(DoIT,"DG1"),"DOIT",IIF(Eq(MediaStudent,"Y"),"Media","Unknown") + ",DC=wherever,DC=COM"

    Then put it all together

    "CN=" + FirstName + " " + LastName + "(" + StudentNumber + "),OU=" + IIF(Eq(DoIT,"DG1"),"DOIT",IIF(Eq(MediaStudent,"Y"),"Media",IIF(Eq(Site,"G"),"Gretna",IIF(Eq(Site,"C"),"Chelsea",IIF(Eq(Site,"F"),"Fleetwood","Unknown") + ",DC=wherever,DC=COM"

    Or if all of these come from the same database then you could do something like this in your view:

    SELECT OU= CASE WHEN DoIT='DG1' Then 'DoIT'

    WHEN MediaStudent='Y' Then 'Media'

    ELSE CASE Site

            WHEN 'G' Then 'Gretna'

             WHEN 'C' Then 'Chelsea'

             WHEN 'F' Then 'Fleetwood'

          ELSE 'Unknown'

    END

    END

    ,allmyother columns

    From mytable

     

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
    • 已标记为答案 Paul Green 2011年4月7日 16:08
    •  
     
  • 2011年4月7日 10:39
     
     
    登录进行投票
    0

    Hi David,

    I tried your suggestion, this worked:

    "CN=" + FirstName + " " + LastName + "(" + StudentNumber + "),OU=" + IIF(Eq(DoIT,"DG1"),"DOIT","Unknown") + ",DC=wherever,DC=COM"

    This didn't:

    "CN=" + FirstName + " " + LastName + "(" + StudentNumber + "),OU=" + IIF(Eq(DoIT,"DG1"),"DOIT",IIF(Eq(MediaStudent,"Y"),"Media","Unknown") + ",DC=wherever,DC=COM"

    I had the same problem as before - if the DoIT evaluated true, no problem, but otherwise, as soon as it hit the second IIF I get the error.

    The doing-it-all-in-the-database suggestion was a good one though and that's how I'm proceeding.

    Paul, thanks for the suggestion about using Null(), but I'd created the "Unknown" OU as a catch-all, so my intention was to use it.

    Thanks again,

    Paul.

     
  • 2012年8月6日 15:36
     
     
    登录进行投票
    0

    Hello David!

    I want to update the Adress atributes in AD based on the Users OU. Is that possibele with the IIF function or do I need a custom expression?

    Thank You!


    • 已编辑 Rotkap 2012年8月6日 15:37
    •  
     
  • 2012年8月6日 17:41
     
     
    登录进行投票
    0

    Rotkap, you should open a new thread for new questions.

    In reply to the original, old thread: Nested IIFs work, but there is a syntax error--a missing close-paren--in the troublesome snippet above.  Given that the FIM Portal expression editor provides no editing assistance at all, I find it easiest to edit these in Notepad++, which highlights begin/close parens as you edit.