none
ldap memberUid to ad group member RRS feed

  • Question

  • Adding ldap groups to AD but also want to populate them with members. The LDAP conn. space has the attribute "memberUid" (type string - multivalue)) and this contains all members (only contains the members accountname). How can I get those names into the MV? I tried a flow definition from "memberUid" to "members" but that doesn't work (string to reference error). What would be the best approach???

    Thanks

    M.A.

    Thursday, January 15, 2015 2:46 AM

Answers

All replies

  • Hello,

    i also did this a very Long time ago (MIIS times).

    The only way is to use advanced Attribute flows with rules extensions in MA flows

    You can use the Util.FindMVEntries Method to search the mv for objects with the accountname you have in the Attribute and with that set it as a reference to the member Attribut of Groups in MV.

    See: http://msdn.microsoft.com/en-us/library/windows/desktop/ms698819(v=vs.85).aspx

    Regards
    Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    • Marked as answer by MickeyX13 Thursday, January 15, 2015 10:55 PM
    Thursday, January 15, 2015 2:07 PM
  • Thanks Peter, will give that a go.

    Mik

    Thursday, January 15, 2015 10:56 PM
  • I don't see how that would work, at least not today with FIM 2010. Reference attributes are not permitted to use Attribute Flows with Rules Extensions. I am struggling with the same problem as the original poster. I cannot source group information from an posixGroup using the "Oracle (previously Sun) directory server" MA. The inability to use flow rules on reference attributes is something I've hit my head on so many times.
    Tuesday, February 10, 2015 8:58 PM
  • Hello.

    yes you are right, did not read the fact of reference attributes correctly in the starting post.

    So a solution could be to fill a SQL table with the memberUid string information, and import that table as a multivalue table to FIM, so you will have references then.

    Maybe by querying the LDAP with PowerShell and write Data to the SQL table.

    Bad thing the non advanced reference flow in FIM

    -Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Tuesday, February 10, 2015 9:59 PM