How to track changes made to a group owner for Distribution/Security Group in FIM 20101 R2? RRS feed

  • Question

  • We have a requirement where we have to send a consolidated email to the new group owner which lists all the groups that are tagged to him/her.

    This requirement is needed so that the new group owner can be notified of the groups that he/she owns. Group owner information can be updated in AD which would then sync with FIM, Bulk updates for groups in FIM.

    So first we would have to basically track the group owner change in FIM, retrieve the owner information, then list all the groups listed under him, consolidate an email and trigger the notification.

    Can someone help me and let me know how this can be achieved?

    Thanks in advance!!

    Monday, April 20, 2015 6:42 AM

All replies

  • Hello,

    you can not do with only OOB functions. You will need a custom activity to enumerate all group a specific persons owns.

    First part is easy, create a MPR which triggers a workflow activity on owner attribute changes.
    The custom activity should then search for all groups new owner owns in addition.

    Pass that information through the WorklowDictionary to a notification activity.

    If your are not familar with developing workflow activities you could use PowerShell Activity for example.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Monday, April 20, 2015 4:09 PM
  • Hi Peter,

    Thanks for your response.

    Can you let us know how can we track the group owner change in the MPR. We cannot create a request based MPR because then for each request custom work flow will be triggered. Say if 100 group owner attribute is updated then it triggers 100 individual mails(custom workflow) for all the change. Our objective is to consolidate the list of all groups associated for the changed owner.

    could you please suggest us how we can perform this first step?

    Wednesday, April 22, 2015 11:20 AM
  • ahh ok, now i understand the "consolidated" part of your requirement.

    But since These changes are individual requests (from Portal/webserver perspective) I dont see a way to do what you need.

    I think some external scripting in a sheduled task will fit better, or maybe generate a daily/weeklyreport of groups a users owns.
    A user can also go to portal a see all Groups they own.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Wednesday, April 22, 2015 11:29 AM