none
FIM 2010 R2 -- Sending mail when user added to active directory group RRS feed

  • Question

  • Hello Everyone,

    i have a small question i hope you can help me answer,

    i'd like to send and email to a user when he is added to an active directory group, 

    now the Workflow i created sends the mail when the user is added to the fim group, but i'd like to send this email when the synchronization happens and the user is added to the Active Directory Group, any idea how to do that ?

    thank you !


    Hitch Bardawil

    Thursday, March 7, 2013 12:50 PM

All replies

  • Thursday, March 7, 2013 1:36 PM
  • nop nithing there :(

    Hitch Bardawil

    Thursday, March 7, 2013 2:32 PM
  • Building this is going to be very involved. If it were me, I'd think strongly about revisiting the requirements for your project.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Thursday, March 7, 2013 9:11 PM
    Moderator
  • +1 for Brian's point. Users would also have to logoff and on to get the new groupmembership so a delay in sending the mail (from portal, maybe) probably wouldn't be that big an issue (depending on the requirements, of course)


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thursday, March 7, 2013 9:19 PM
  • Kind of a simple solution, but just include in the email that you already got working how long they can expect before the account is a member of the group.

    So...for us...delta synchs every 5 minutes so the longest wait time would be 5....I would put that in the email.  Please wait 5 minutes before you try to utilize the membership.

    • Proposed as answer by gdtilghman Thursday, March 7, 2013 9:38 PM
    Thursday, March 7, 2013 9:38 PM
  • thanks for you answers everyone,

    i though i'd manage to send the email by adding the workflow i created to some MPR that gets executer during a sync, wouldnt that work ?

    cheers 

    Hicham


    Hitch Bardawil

    Friday, March 8, 2013 9:33 AM
  • Much depends as well  whether the AD account already exists or not.

    If the AD account already exists, Your workflow could call an Activity which runs a Powershell script.

    This script *could* add that user to the Group on AD and send an Email immediately saying what it has done without waiting for the synchronization. Without knowing your sequence of synchronization or data flows this may be bad, catastrophic even or this may be ok. It is just a possibility.

    Otherwise its as was pointed out above a reasonable course of action is.. your users have to be educated that the form is not 'hot' and they have to wait x minutes before what they submit actually affects the connected systems. By the time they read the mail sent after they push the submit button this may already have happened of course.

    Wednesday, March 13, 2013 11:35 AM