none
Equal Precedence RRS feed

  • Question

  • I am currently utlizing FIM 2010 to provision all student and faculty/staff accounts to AD.  I would like for all current accounts already found for our faculty staff to retain their display name but all new accounts to utilize the information being brought in by our HR MA.   The problem is that if i do not set the equal precedence flag then all new accounts get provision with the displayname blank but of course with equal precedence the HR MA takes over and modifies all existing faculty/staff accounts displayname.  This has cause some employees to get mad as the religious backgrounds and culture opposes the visualization of their full last name.   How can i set it up so that only new accounts utilze the new displayname but all existing accounts from AD remain as is.   Should i be setting the displayname as an initial attribute also?  Any recommendations. 

    Also how I can import all of my security groups and distribution groups? I have found some documents but most deal with the new creations.  any information would be welcome.

    thanks,  

    Sunday, May 27, 2012 5:34 AM

Answers

  • Have a look at the Replay MA idea, in which I list a variation of your scenario as an inspiration for coming up with this idea.  You may find this is the easiest and quickest way to achieve the outcome you want.  There is also an example (first use case scenario) for initial import of groups/d-lists.

    With specific reference to your question about display name flow, yes, the initial flow checkbox should be on.


    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

    Sunday, May 27, 2012 10:51 AM

All replies

  • Have a look at the Replay MA idea, in which I list a variation of your scenario as an inspiration for coming up with this idea.  You may find this is the easiest and quickest way to achieve the outcome you want.  There is also an example (first use case scenario) for initial import of groups/d-lists.

    With specific reference to your question about display name flow, yes, the initial flow checkbox should be on.


    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

    Sunday, May 27, 2012 10:51 AM
  • Regarding the initial flow only checkbox, keep in mind that this will prevent any name updates from flowing to AD.  If your educational institution is anything like mine, there are always typos that need to be fixed and name changes for other reasons as well.

    If it is only one set of people that can't have a change to displayName, you could create different sets in FIM with different rules attached to each.  Or if you are old-school like me, you could write classic rule extensions that make decisions about whether or not to flow out a change based on the OU the user sits in or some other attribute flag.

    That said, I haven't tried Bob's Replay MA but it seems like one of the best ideas to come along to get around the awkward limitations of the FIM MA.

    Chris

    Tuesday, May 29, 2012 3:20 PM