none
Can workflows be triggered by user emails? RRS feed

  • Question

  • Hi,

     Can FIM 2010 R2 be integrated with Exchange to do the following:

    1. User A@Contoso.com email comes into an Exchange mailbox (reset@company.com)
    2. The email triggers a workflow to randomise the password for A@contoso.com and email this password touser's alternative account

    What's the best way to achieve this, if possible with FIM?

    Thanks

    Sunday, April 21, 2013 9:01 PM

Answers

  • Thanks for the tips guys,

     How difficult would this be to implement in FIM 2010 R2? I have a couple of months experience with FIM from using it to achieve some account sync, but am by no means an expert.

     The PowerShell route seems like the easier route for me, but before I do, I'd like to get a second opinion of how one task weighs up against the other. It just seems to me that if I'm needing to go downt he EWS route, then scripting is the much simpler route.

    Cheers


    I think you're going to need both. The EWS component will enable you to listen for/retrieve/process the emails, and the FIM PowerShell component will let you action them. This blog has a lot of EWS + PowerShell samples - http://gsexdev.blogspot.com/.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    • Marked as answer by EuroTechie2013 Wednesday, April 24, 2013 4:29 PM
    Tuesday, April 23, 2013 8:42 PM
    Moderator

All replies

  • FIM does integrate with Exchange. However the out of the box functionality is around approving or rejecting requests that need approval.

    You could have a process that monitors an inbox and then uses PowerShell or the FIM community supported client -- that then modifies an attribute on the user that an MPR catches and kicks off a workflow to randomize the password and send off the email.

    Easier: PowerShell

    Cleaner and more robust would probably be to create your own program using the FIM community supported client.

    1) Customize the FIM schema with two custom attributes on the user object

    a. CustomPasswordReset (boolean)

    b. AltEmail

    2) Build a set of users that have CustomPasswordReset true

    3) Build a workflow that randomizes the password and sends the email and turns the attribute to false (three or four wf activities)

    4) Build an MPR to launch the workflow when an object joins the set

    5) Build a process that monitors the inbox and then calls FIM to set the CustomPasswordReset attribute to true


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Monday, April 22, 2013 4:01 PM
  • FIM does integrate with Exchange. However the out of the box functionality is around approving or rejecting requests that need approval.

    You could have a process that monitors an inbox and then uses PowerShell or the FIM community supported client -- that then modifies an attribute on the user that an MPR catches and kicks off a workflow to randomize the password and send off the email.

    Easier: PowerShell

    Cleaner and more robust would probably be to create your own program using the FIM community supported client.

    1) Customize the FIM schema with two custom attributes on the user object

    a. CustomPasswordReset (boolean)

    b. AltEmail

    2) Build a set of users that have CustomPasswordReset true

    3) Build a workflow that randomizes the password and sends the email and turns the attribute to false (three or four wf activities)

    4) Build an MPR to launch the workflow when an object joins the set

    5) Build a process that monitors the inbox and then calls FIM to set the CustomPasswordReset attribute to true


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html


    You can configure subscriptions with Exchange Web Services (there is an SDK download that has the client). If you subscribe a service to this mailbox, it could listen for these requests and then fire the processes David describes.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Monday, April 22, 2013 7:07 PM
    Moderator
  • Thanks for the tips guys,

     How difficult would this be to implement in FIM 2010 R2? I have a couple of months experience with FIM from using it to achieve some account sync, but am by no means an expert.

     The PowerShell route seems like the easier route for me, but before I do, I'd like to get a second opinion of how one task weighs up against the other. It just seems to me that if I'm needing to go downt he EWS route, then scripting is the much simpler route.

    Cheers

    Tuesday, April 23, 2013 8:41 AM
  • Thanks for the tips guys,

     How difficult would this be to implement in FIM 2010 R2? I have a couple of months experience with FIM from using it to achieve some account sync, but am by no means an expert.

     The PowerShell route seems like the easier route for me, but before I do, I'd like to get a second opinion of how one task weighs up against the other. It just seems to me that if I'm needing to go downt he EWS route, then scripting is the much simpler route.

    Cheers


    I think you're going to need both. The EWS component will enable you to listen for/retrieve/process the emails, and the FIM PowerShell component will let you action them. This blog has a lot of EWS + PowerShell samples - http://gsexdev.blogspot.com/.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    • Marked as answer by EuroTechie2013 Wednesday, April 24, 2013 4:29 PM
    Tuesday, April 23, 2013 8:42 PM
    Moderator