none
(No displayName) and precedence RRS feed

  • Question

  • Hello,

    I have a requirement where AD users should be able to update some of their attributes in the FIM portal. Users are created in AD.

    If I set AD as being precedent for displayName the FIM portal changes for displayName are not reflected in AD. If I set FIM as being precedent for display Name as new users are imported into AD their display names are shown as "(no DisplayName)".

    I need the FIM portal to reflect the actual AD display name, but also give users the ability to set their AD display name. Would using equal precedence be the correct way to go? I'm suspicious that one change could be over written by another.

    Thanks


    IT Support/Everything

    Monday, March 31, 2014 8:18 AM

Answers

  • On Tue, 1 Apr 2014 11:05:56 +0000, Aetius2012 wrote:

     I suspect I may have to go with equal precedence and hope an AD change doesn't over write FIM portal self service changes

    That's a false hope if you use equal precedence. Any change to that
    attribute in either the portal or AD will be reflected in the other, that's
    the whole point of equal precedence.

    Also, given that equal precedence is going to be removed, are you sure you
    want to go down that path, knowing that you'll have to figure out some
    other solution at some point in the not too distant future?


    Paul Adare - FIM CM MVP
    All programs evolve until they can send email. -- Richard Letts
    Except Microsoft Exchange. -- Art

    • Marked as answer by Aetius2012 Thursday, April 3, 2014 9:48 AM
    Tuesday, April 1, 2014 12:14 PM

All replies

  • case 1): For New User Imported from FIM portal : You have to Enter the Display Name there (if display name is not coming from AD).

    Case2): But If you want New User created without Display Name through FIM Portal and update display name from AD then you can do that :

    Set the Precedence to the AD 

    create a Sync rule : AD Inbound  

                                       Inbound Flow :  AD(displayName) => Fim(DisplayName)

    So here you'll have (no DisplayName) on fim portal => update the  display name of that user in AD => AD-Delta Import Delta Sync => will updtae the display name on fim portal for that user.


    • Edited by srm.ankur Monday, March 31, 2014 10:36 AM
    Monday, March 31, 2014 10:35 AM
  • Looks like you want both AD and FIM to be authoritative for this attribute, so yes equal precedence is your answer. 

    Monday, March 31, 2014 8:54 PM
  • On Mon, 31 Mar 2014 20:54:43 +0000, kmittal82 wrote:

    Looks like you want both AD and FIM to be authoritative for this attribute, so yes equal precedence is your answer.

    Keep in mind that equal precedence is going away.

    http://technet.microsoft.com/en-us/library/jj879229%28v=ws.10%29.aspx


    Paul Adare - FIM CM MVP
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
    immane mittam. -- <some>

    Monday, March 31, 2014 9:03 PM
  • kmittal,

     That's the conclusion I came to, although it doesn't seem like an elegant approach. I would have thought may organisations have a similar requirement where users can self service some of their attributes in the FIM portal, but handle the creation and management of accounts in AD. At no point do we want AD accounts imported with "no display name"

     I suspect I may have to go with equal precedence and hope an AD change doesn't over write FIM portal self service changes. Otherwise we'll just configure manual precedence for run profiles.


    IT Support/Everything

    Tuesday, April 1, 2014 11:05 AM
  • On Tue, 1 Apr 2014 11:05:56 +0000, Aetius2012 wrote:

     I suspect I may have to go with equal precedence and hope an AD change doesn't over write FIM portal self service changes

    That's a false hope if you use equal precedence. Any change to that
    attribute in either the portal or AD will be reflected in the other, that's
    the whole point of equal precedence.

    Also, given that equal precedence is going to be removed, are you sure you
    want to go down that path, knowing that you'll have to figure out some
    other solution at some point in the not too distant future?


    Paul Adare - FIM CM MVP
    All programs evolve until they can send email. -- Richard Letts
    Except Microsoft Exchange. -- Art

    • Marked as answer by Aetius2012 Thursday, April 3, 2014 9:48 AM
    Tuesday, April 1, 2014 12:14 PM