none
Group Sync AD -> FIM, how to provide a default Owner when managedBy attribute is empty RRS feed

  • Question

  • I have an Inbound Sync rule flowing Groups into FIM Portal. All is fine until I try to give the newly provisioned Portal Group a default owner. 

    I have tried to push a DN e.g. "CN=GroupsOwner,OU=USer Accounts,DC=MyDomain,DC=Local" into owner but I get some error saying this is not allowed when creating the attribute flow.

    Is the ObjectGUID or ObjectSID of the AD object 'GroupsOwner' a better bet? If so, how do I get these values out of AD or FIM?

    Tuesday, May 22, 2012 10:04 AM

Answers

  • The way I do it is to set the MembershipAddWorkflow to None which turns off the owner check then I have a workflow in FIM Service to add the default owner I want if there isn't one and change the MembershipAddWorkflow to something else.

    Eric

    Tuesday, May 22, 2012 12:23 PM

All replies

  • Harold,

    The Manager-attribute is a reference. You should flow a reference to a person that is present in your FIM solution. Are you flowing users into FIM?

    Best regards,
    Pieter.


    Pieter de Loos - Consultant at Traxion (http://www.traxion.com) http://fimfacts.wordpress.com/

    Tuesday, May 22, 2012 12:13 PM
  • The way I do it is to set the MembershipAddWorkflow to None which turns off the owner check then I have a workflow in FIM Service to add the default owner I want if there isn't one and change the MembershipAddWorkflow to something else.

    Eric

    Tuesday, May 22, 2012 12:23 PM
  • It seems that use of custom function is a no-no in Inbound SR. I need the IIF(IsPresent(managedBy).... test.

    Problem is not the reference, the DN string I give IS present in the CS and so is a valid reference, I guess if I always flowed that string FIM would be happy but I only want to do that if and only if managedBy is empty.

    Wednesday, May 23, 2012 6:19 PM