none
FIM Provisioning Extension RRS feed

  • Question

  • Hello,

    I'm getting a problem when I'm trying to only run the provisioning code just for a certain MA. I've got 3 MA's, AD, ADLDS and SQL Server 2008. When I initiate provisioning by running "full import and full sync" with the SQL Server 2008 MA I only want to run the provisioning code for the one who initiated it. Is this possible, how?

    What I want: 

    void IMVSynchronization.Provision(MVEntry mventry)
    {
    //pseudo code
      if(<MA that initiated provisioning>.Name == "SQL MA")
      {
        sqlProvision();
      }
      else if(<MA that initiated provisioning>.Name == "AD MA")
      {
        ADProvision();
      }
    }
    private sqlProvision()
    {
    // I have this code...
    }
    private ADProvision()
    {
    // I have this code...
    }
    Much appriciated!
    Tuesday, March 5, 2013 1:10 PM

Answers

  • Seeing as Transaction properties have been deprecated as of FIM 2010 R2 SP1, it's probably not a good idea to use them.

    As Markus has stated, your provisioning code should be independant from the originating MA.

    My designs tend to work off the premise of "where is this object meant to go?". This way, if you take a look at the full object each time and work out where it needs to be, you're going to get your object in the desired end state.

    My logic then looks something like this:

    void IMVSynchronization.Provision(MVEntry mventry)
    {
    //pseudo code
      switch(mventry.objectType)
      {
      case "person":
        processUser(mventry);
      break;
      }
    }
    
    void processUser(MVEntry mventry)
    {
            sqlProvision();
            ADProvision();
    }
    
    private sqlProvision()
    { 
      if (shouldBeInSQL() && NotInSQL())
       ProvisiontoSQL();
    
    }
    private ADProvision()
    {
      if (shouldBeInAD() && NotInAD())
       ProvisionToAD()
    }

    the "NotInSQL" and "NotinAD" looks at the existing connectors to the relevant MA and the "ShouldBeInAD" and "ShouldBeInSQL" methods evaluate my criteria for provisioning - is the user active, do they hold a valid role, is their termination date in the future or unset, etc.

    To check whether an mventry object is connected to a particular MA, use: mventry.ConnectedMAs["MAName"].Connectors.Count. Sometimes I also flow boolean attributes, just to make the code a bit easier to read (mventry["inAD"].BooleanValue == true)

    Hope that helps

    - Ross Currie


    FIMSpecialist.com | MCTS: FIM 2010 | Now Offering ECMA1->ECMA2 Upgrade Services

    • Proposed as answer by Ross Currie Wednesday, March 6, 2013 4:49 AM
    • Marked as answer by Bobby Kristensen Thursday, March 7, 2013 11:23 AM
    Wednesday, March 6, 2013 4:49 AM

All replies

  • The best practice recommendation is to make your provisioning code independent from an originator.
    You might want to revisit your design.

    One option you have is to configure an advanced connector filter and to set a transaction property in your code.

    You can stick the name of the management agent into the property.

    However, as mentioned before, this is not really a recommended solution.

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Tuesday, March 5, 2013 3:50 PM
  • Seeing as Transaction properties have been deprecated as of FIM 2010 R2 SP1, it's probably not a good idea to use them.

    As Markus has stated, your provisioning code should be independant from the originating MA.

    My designs tend to work off the premise of "where is this object meant to go?". This way, if you take a look at the full object each time and work out where it needs to be, you're going to get your object in the desired end state.

    My logic then looks something like this:

    void IMVSynchronization.Provision(MVEntry mventry)
    {
    //pseudo code
      switch(mventry.objectType)
      {
      case "person":
        processUser(mventry);
      break;
      }
    }
    
    void processUser(MVEntry mventry)
    {
            sqlProvision();
            ADProvision();
    }
    
    private sqlProvision()
    { 
      if (shouldBeInSQL() && NotInSQL())
       ProvisiontoSQL();
    
    }
    private ADProvision()
    {
      if (shouldBeInAD() && NotInAD())
       ProvisionToAD()
    }

    the "NotInSQL" and "NotinAD" looks at the existing connectors to the relevant MA and the "ShouldBeInAD" and "ShouldBeInSQL" methods evaluate my criteria for provisioning - is the user active, do they hold a valid role, is their termination date in the future or unset, etc.

    To check whether an mventry object is connected to a particular MA, use: mventry.ConnectedMAs["MAName"].Connectors.Count. Sometimes I also flow boolean attributes, just to make the code a bit easier to read (mventry["inAD"].BooleanValue == true)

    Hope that helps

    - Ross Currie


    FIMSpecialist.com | MCTS: FIM 2010 | Now Offering ECMA1->ECMA2 Upgrade Services

    • Proposed as answer by Ross Currie Wednesday, March 6, 2013 4:49 AM
    • Marked as answer by Bobby Kristensen Thursday, March 7, 2013 11:23 AM
    Wednesday, March 6, 2013 4:49 AM