Remove From My Forums

IIFP/PCNS sync modification to MV extension to existing users

Question
0

Sign in to vote

I am running IIFP 2003 to sync users from an AD to an ADLDS instance. I have created an MV Extension to add some attributes with a value that are not in AD, but needed in ADLDS. This looks like: -------------------------------------------------------------------
Public Sub Provision(ByVal mventry As MVEntry) Implements IMVSynchronization.Provision
If mventry("cn").IsPresent
Then
Dim csentry As CSEntry
Dim dn As ReferenceValue
Dim rdn As String
Dim ParentContainer As String = "OU=employees,OU=dummy,DC=enterprise,DC=dummy,DC=nl"
Dim Connected_AD_MA As ConnectedMA Connected_AD_MA = mventry.ConnectedMAs("ADAM")
'Construct the dn
rdn = "CN=" + mventry("cn").Value dn = Connected_AD_MA.EscapeDNComponent(rdn).Concat(ParentContainer)
If Connected_AD_MA.Connectors.Count = 0 Then
csentry = Connected_AD_MA.Connectors.StartNewConnector("user")
csentry.DN = dn
csentry("msDS-UserAccountDisabled").Values.Add("FALSE")
csentry("obver").Values.Add("10.1.4.0")
csentry("UserPrincipalName").Value = GenerateGUID() + "@enterprise.dummy.nl"
csentry.CommitNewConnector()
ElseIf Connected_AD_MA.Connectors.Count = 1 Then
'Grab the existing connector and reset the dn (it might have changed)
csentry = Connected_AD_MA.Connectors.ByIndex(0)
csentry.DN = dn
End If
End If
'Deprovisioning code
If (mventry.ObjectType.Equals("person"))
Then Dim myMA As ConnectedMA = mventry.ConnectedMAs("TWO")
If (0 = myMA.Connectors.Count) Then
myMA.Connectors.DeprovisionAll()
Exit Sub
End If
End If
End Sub
Public Function ShouldDeleteFromMV(ByVal csentry As CSEntry, ByVal mventry As MVEntry) As Boolean Implements IMVSynchronization.ShouldDeleteFromMV
' TODO: Add MV deletion code here
Throw New EntryPointNotImplementedException()
End Function
Public Function GenerateGUID()
Dim sGUID As String sGUID = System.Guid.NewGuid.ToString()
Return sGUID
End Function
End Class
-------------------------------------------------------------------
We use the password change notification Service to sync up passwords. This extension code works fine and all user synced to ADLDS get created with the attributes configured in de MA and the ones in the extension. Now I added csentry("appver").Values.Add("477.1") to the mv extension. New users receive this new appver attribute in ADLDS ,but how can I make sure my existing users also receive this new attribute in ADLDS.
Maarten

Tuesday, February 15, 2011 8:35 PM

Answers

0

Sign in to vote
Maarten,

If this appver is a constant, you don't need a source: you can specify in your export attribute flow that you just want to flow a constant to your attribute (on mapping type, select Advanced, you then get a couple of options, constant is one of them).

If you generate a GUID yourself: if you would like to do this ILM, you can again use an advanced export flow rule, but instead of specifying a constant, you now specify that you want to use code. In the extension code you build, you can provide your GUID generation code taking care of setting the value for your attribute.

Otherwise, you will need to flow a value from a source system to the MV using that MA's definition, after which you can of course flow it your destination MA.

Paul.

Paul Loonen (Avanade) | MCM: Directory 2008 | MVP: ILM
- Marked as answer by Koffiefilter Wednesday, February 16, 2011 12:03 PM
Wednesday, February 16, 2011 11:32 AM
0

Sign in to vote
Maarten,

You would have to create a new MAExtension (or update the extension you already have for your MA). The MVExtension assembly cannot be used for this (well, you could, but you'll make a big mess of your code)

If you don't have extension yet, it is very easy: just specify your advanced flow, indicating a flow rule name you decide yourself. After that, you specify on the last screen of the MA designer that you want to use an extension (if you don't, ILM will take you there). When you have done that, back in the MA designer tool, you can hit generate extension. This will generate boiler-plate code for you. In the generated code, search for the flow-rule name you decided (which should be in the method MapAttributesForExport) and add your code there.

Paul.
Paul Loonen (Avanade) | MCM: Directory 2008 | MVP: ILM
- Marked as answer by Koffiefilter Wednesday, February 16, 2011 1:20 PM
Wednesday, February 16, 2011 12:23 PM

All replies

0

Sign in to vote

Maarten,

You shouldn't do this in your MVExtension, though this will work when you provision new users. Instead, create an export attribute flow for your ADLDS MA and flow this constant to your appver attribute. You will need to run a Full Sync on your source MA to make this work for existing users.

Paul
Paul Loonen (Avanade) | MCM: Directory 2008 | MVP: ILM

Tuesday, February 15, 2011 10:06 PM
0

Sign in to vote

Hi Paul,

Ok, thanks...but can you give me a hint on how to achieve it, cause I can only select to export the value of an attribute from the metaverse to an attribute in eg ADLDS. And this appver is not listed there. How can this be done and how do I assign this constant.

What would the best way be if it wouldn't be a constant but something like a vb generated guid.

Thanks,

Maarten

Tuesday, February 15, 2011 10:42 PM
0

Sign in to vote
Maarten,

If this appver is a constant, you don't need a source: you can specify in your export attribute flow that you just want to flow a constant to your attribute (on mapping type, select Advanced, you then get a couple of options, constant is one of them).

If you generate a GUID yourself: if you would like to do this ILM, you can again use an advanced export flow rule, but instead of specifying a constant, you now specify that you want to use code. In the extension code you build, you can provide your GUID generation code taking care of setting the value for your attribute.

Otherwise, you will need to flow a value from a source system to the MV using that MA's definition, after which you can of course flow it your destination MA.

Paul.

Paul Loonen (Avanade) | MCM: Directory 2008 | MVP: ILM
- Marked as answer by Koffiefilter Wednesday, February 16, 2011 12:03 PM
Wednesday, February 16, 2011 11:32 AM
0

Sign in to vote

Hi Paul,

So this constant works..like you descibed!!! My mistake was that I always thought I needed to select a source and a destination:) Thanks

Regarding to the guid..i have code in mvextension to generate a guid. That indeed works for new users..if for one update to all existing users i want to reuse this code..can I point the advanced flow to the mvextension or do I have to create a new extension?

Regards,

Maarten

Wednesday, February 16, 2011 12:08 PM
0

Sign in to vote
Maarten,

You would have to create a new MAExtension (or update the extension you already have for your MA). The MVExtension assembly cannot be used for this (well, you could, but you'll make a big mess of your code)

If you don't have extension yet, it is very easy: just specify your advanced flow, indicating a flow rule name you decide yourself. After that, you specify on the last screen of the MA designer that you want to use an extension (if you don't, ILM will take you there). When you have done that, back in the MA designer tool, you can hit generate extension. This will generate boiler-plate code for you. In the generated code, search for the flow-rule name you decided (which should be in the method MapAttributesForExport) and add your code there.

Paul.
Paul Loonen (Avanade) | MCM: Directory 2008 | MVP: ILM
- Marked as answer by Koffiefilter Wednesday, February 16, 2011 1:20 PM
Wednesday, February 16, 2011 12:23 PM
0

Sign in to vote

Paul,

Again, very helpfull..it solved my issues..

Thanks again!!!

Regards,

Maarten

Wednesday, February 16, 2011 1:20 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

IIFP/PCNS sync modification to MV extension to existing users

Question

Answers

All replies