none
How to get a list of all FIM managed security groups by providing the attribute name used in the group membership criteria? RRS feed

  • Question

  • Hi All,

    Can you share your views on achieving the below:

    Suppose HR needs to make some attribute value changes for a large number of users. Now in the environment we have certain criteria based groups which have certain attributes for users which determines which user qualifies to become a member. Now if HR wants to check if the attribute they are going to update will make any impact on those FIM managed group membership, can we do a setting where HR will enter the attribute name and get a list of all such FIM managed groups where that attribute is considered in the criteria?

    Regards,

    Rajan Shrivastava

    Wednesday, November 19, 2014 1:48 PM

All replies

  • You need to query the Filter attribute on the Groups for the attribute names in question. However, since Filter is an unindexed String you can't include it in the predicate (like a where clause) of an XPATH query -- so Sets, Search Scopes, even PowerShell commandlets can't get at the data directly. Instead you need to export all of the Groups and then search them. This can be done through PowerShell. Craig Martin gives an example here with Sets, but you can just change it to groups, they both have the Filter attribute:

    http://www.integrationtrench.com/2011/09/cant-use-xpath-contains-function-to.html


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    • Proposed as answer by Furqan Asghar Sunday, November 23, 2014 7:05 AM
    Wednesday, November 19, 2014 5:50 PM