none
Group Membership based on other attribute value RRS feed

  • Question

  • Hi,

    I am trying to find a method of assigning new employees Dynamically to AD groups based on an attribute being of the same value as the group name i.e. if your Department is "Finance" should be added to all AD groups beginning with"Finance", if Department is "IT" should be added to all AD groups beginning with "IT" . I do not want to set this manually in the criteria membership and would want to automatically cater for when the names change.

    I have group synchronisation and user synchronisation working however am not able to see a method of achieving the above logic natively in FIM 2010. Is anyone able to provide assistance or guidance on this?

    ~D

    Wednesday, June 6, 2012 10:28 PM

Answers

  • Hi Andrew,

    Apologies in the delay of reply, there was no in-built behaviour to acheive what we were looking for so we currently have a script in place that runs after our FIM synchronisation.

    ~D

    • Marked as answer by FIMDB Wednesday, July 25, 2012 5:45 AM
    Wednesday, July 25, 2012 5:44 AM

All replies

  • Hi FIMDB,

    You can create dynamic groups where for instance a group 'Finance Department' could have the criteria of all people where their department is 'Finance'.  If you configure the groups this way, whenever someone joins the Finance department they will be automatically added into that group (and removed when the leave it).

    With that approach however you would need to manually maintain the groups and the criteria when for instance a department changes name or when departments are created/deleted (unless you want to do some custom workflow development to do it automatically - which is probably only worth it in a large organisation where departments change all the time)

    However if I understand your scenario correctly it sounds like the membership of the Finance groups will all be the same? (i.e. groups for finance would be 'Finance ABC', 'Finance XYZ'... and they would have the same members being everyone in the Finance department?).  

    If that's the case you could have one group called Finance department and then nest that into the other groups (either in AD or FIM).

    Some more background information might be handy as I'm not 100% sure if I understand the scenario correctly.

    Andrew.

    Thursday, June 7, 2012 5:03 AM
  • Hi Andrew,

    Apologies in the delay of reply, there was no in-built behaviour to acheive what we were looking for so we currently have a script in place that runs after our FIM synchronisation.

    ~D

    • Marked as answer by FIMDB Wednesday, July 25, 2012 5:45 AM
    Wednesday, July 25, 2012 5:44 AM