none
AD AccountExpires attribute flow? RRS feed

  • Question

  • Hi,

    Our HR system has an 'expiry date' as one of the fields in a DATETIME format.

    Can we do a direct import of this into FIM into a MV STRING attribute?

    And once its in FIM MV, how do we set it to the correct AD 'accountExpires' attribute value?

    Many thanks,

    SK

    Friday, February 8, 2013 2:55 AM

Answers

  • You cannot set accountExpires via codeless provisioning rules, account expires is formatted a little bit different, look at the example here:

    http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/81f8a0cd-f41b-45ba-afb8-f66ca1aef065/


    Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

    Friday, February 8, 2013 6:22 AM
  • You do need custom code for this. The suggestions below are valid and another would be to have an additional attribute in the FIM Portal and use my Code Run workflow activity to populate that attribute and then just flow it directly - https://fimactivitylibrary.codeplex.com/wikipage?title=Code%20Run&referringTitle=Documentation . You should be able to use the code from the link that Paul provided with little modification - with the Code Run activity.

    The code could look something like this

    
    using System; 
    public class FIMDynamicClass 
    { 
      public string FIMDynamicFunction(object inputDate) 
      { 
        return DateTime.ParseExact(inputDate, "yyyyMMdd", null).ToFileTimeUtc(); 
      } 
    }


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt


    Friday, February 8, 2013 8:22 AM
  • also see:
     
    FROM AD TO THE MV (EXAMPLE)
    Case "Flow-To-lastLogonTimestamp(MV)"
        Dim lstLgnTstmp As Date = Date.FromFileTime(csentry("lastLogonTimestamp").IntegerValue)
        mventry("lastLogonTimestamp").Value = lstLgnTstmp.ToUniversalTime().ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'")
     
    Case "Flow-To-PasswordLastSetDateTime(MV)"
        If csentry("pwdLastSet").IntegerValue <> 0 Then
            Dim pwdLastSetDateTime As Date = Date.FromFileTime(csentry("pwdLastSet").IntegerValue)
            mventry("PasswordLastSetDateTime").Value = pwdLastSetDateTime.ToUniversalTime().ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'")
        End If
        If csentry("pwdLastSet").IntegerValue = 0 Then
            mventry("PasswordLastSetDateTime").Value = "9999-01-01T00:00:00.000"
        End If
     
     
    FROM MV TO THE AD (EXAMPLE)
    Case "Flow-To-accountExpires(CS)"
        Dim expTime As Date = Convert.ToDateTime(mventry("expirationTime").Value)
        csentry("accountExpires").IntegerValue = expTime.ToFileTime()
     
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "S.Kwan" wrote in message news:c85ee61d-1fac-453c-a87c-42795508680a@communitybridge.codeplex.com...

    Hi,

    Our HR system has an 'expiry date' as one of the fields in a DATETIME format.

    Can we do a direct import of this into FIM into a MV STRING attribute?

    And once its in FIM MV, how do we set it to the correct AD 'accountExpires' attribute value?

    Many thanks,

    SK


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Friday, February 8, 2013 12:41 PM

All replies

  • Hi SK

    As per my experience you only have the option to import them into a string attribute of MV as MV attributes do no have the DateTime Type.

    You may use the employeeEndDate as the attribute to store this information

    I would suggest that you do all the formatting in your Import Flows and let the employeeEndDate pass on to AccoutExpires as it is. FIM should take care of the output format.

    However, to import it into FIM you need to have the correct format in a string for the DateTime which is something like

    yyyy-MM-ddTHH:mm:ss.fff or 2013-01-31T13:25:32.324


    Regards Furqan Asghar

    Friday, February 8, 2013 4:19 AM
  • You cannot set accountExpires via codeless provisioning rules, account expires is formatted a little bit different, look at the example here:

    http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/81f8a0cd-f41b-45ba-afb8-f66ca1aef065/


    Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

    Friday, February 8, 2013 6:22 AM
  • You do need custom code for this. The suggestions below are valid and another would be to have an additional attribute in the FIM Portal and use my Code Run workflow activity to populate that attribute and then just flow it directly - https://fimactivitylibrary.codeplex.com/wikipage?title=Code%20Run&referringTitle=Documentation . You should be able to use the code from the link that Paul provided with little modification - with the Code Run activity.

    The code could look something like this

    
    using System; 
    public class FIMDynamicClass 
    { 
      public string FIMDynamicFunction(object inputDate) 
      { 
        return DateTime.ParseExact(inputDate, "yyyyMMdd", null).ToFileTimeUtc(); 
      } 
    }


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt


    Friday, February 8, 2013 8:22 AM
  • also see:
     
    FROM AD TO THE MV (EXAMPLE)
    Case "Flow-To-lastLogonTimestamp(MV)"
        Dim lstLgnTstmp As Date = Date.FromFileTime(csentry("lastLogonTimestamp").IntegerValue)
        mventry("lastLogonTimestamp").Value = lstLgnTstmp.ToUniversalTime().ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'")
     
    Case "Flow-To-PasswordLastSetDateTime(MV)"
        If csentry("pwdLastSet").IntegerValue <> 0 Then
            Dim pwdLastSetDateTime As Date = Date.FromFileTime(csentry("pwdLastSet").IntegerValue)
            mventry("PasswordLastSetDateTime").Value = pwdLastSetDateTime.ToUniversalTime().ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'")
        End If
        If csentry("pwdLastSet").IntegerValue = 0 Then
            mventry("PasswordLastSetDateTime").Value = "9999-01-01T00:00:00.000"
        End If
     
     
    FROM MV TO THE AD (EXAMPLE)
    Case "Flow-To-accountExpires(CS)"
        Dim expTime As Date = Convert.ToDateTime(mventry("expirationTime").Value)
        csentry("accountExpires").IntegerValue = expTime.ToFileTime()
     
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "S.Kwan" wrote in message news:c85ee61d-1fac-453c-a87c-42795508680a@communitybridge.codeplex.com...

    Hi,

    Our HR system has an 'expiry date' as one of the fields in a DATETIME format.

    Can we do a direct import of this into FIM into a MV STRING attribute?

    And once its in FIM MV, how do we set it to the correct AD 'accountExpires' attribute value?

    Many thanks,

    SK


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Friday, February 8, 2013 12:41 PM
  • Thank you all for such great responses.

    What would the attribute mapping look like though?

    SQL (data time) -> FIM (string) -> AD (integer) ?

    Sunday, February 10, 2013 6:18 AM
  • I think thats pretty much it. the string in FIM however needs to be in the specific format as you may already know: "2013-01-01T00:00:00.000"


    Regards Furqan Asghar

    Sunday, February 10, 2013 11:40 AM
  • Hello, we are having problems when running this code.
    Our scenario is as follows:

    Input parameter: [/ / Target / EmployeeEndDate] (attribute of type DateTime)
    Output parameter: [/ / Target / EmployeeEndDateFileTime] (attribute of type "integer" created to provision the Active Directory (AccountExpired).

    We are running the following code:

    using System;
    public class FIMDynamicClass
    {
       public String FIMDynamicFunction (object inputDate)
       {
         DateTime.ParseExact return (inputDate, "yyyymmdd", null). ToFileTimeUtc ();
       }
    }

    But we throw the following error:

    "Could not compile Error: CS1502 in Ln 6 Col 12-The best overloaded method match for 'System.DateTime.ParseExact (string, string, System.IFormatProvider)' has some invalid arguments Compile Error: CS1503 in Ln 6 Col 32 - Argument'1 ': can not convert from' object 'to' string '"

    Can you help us?.

    Thanks!!!.

    Friday, February 15, 2013 3:26 PM
  • using System;
     public class FIMDynamicClass
     {
        public String FIMDynamicFunction (object inputDate)
        {
          DateTime.ParseExact return (inputDate.ToString(), "yyyymmdd", null). ToFileTimeUtc ();
        }
     }
    

    use the .ToString() as shown it should work.

    Regards Furqan Asghar

    Saturday, February 16, 2013 10:56 AM
  • There is a plain C# syntax error in your code. Try this maybe -

    using System; 
    public class FIMDynamicClass 
    { 
      public string FIMDynamicFunction(object inputDate) 
      { 
        return DateTime.ParseExact(inputDate.ToString(), "yyyyMMdd", null).ToFileTimeUtc(); 
      } 
    }


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Saturday, February 16, 2013 6:48 PM
  • Oh yes! Thanks Soren, I missed that out completely. The return syntax was also messed up.

    Regards Furqan Asghar

    Saturday, February 16, 2013 7:50 PM
  • Huh? your method is type string and you return a long integer.

    using System; public class FIMDynamicClass { public string FIMDynamicFunction(object inputDate) {

    long ft = DateTime.ParseExact(inputDate.ToString(), "yyyyMMdd", null).ToFileTimeUtc(); return ft.ToString(); } }

    Sunday, February 17, 2013 2:07 PM
  • Thank you all very much for the feedback. Will attempt and revert.
    Wednesday, February 27, 2013 12:42 AM