none
Manager to accountname resolving in extension RRS feed

  • Question

  • I have an Oracle MA with table with collumns:

    UserID / UserFIRSTName / ManagerID (reference)

    01  /  Jack / 02

    02   /  Bill / (null)

    I need to create extension in c# to resolve ManagerID to his accountname to write this attribute in special parameter in AD.

    Manager account name I can get from AD using UserID.

    Can somebody say how it can be done?

    Thanks!


    1


    • Edited by alexiszp Tuesday, September 6, 2016 11:46 AM
    Tuesday, September 6, 2016 11:39 AM

All replies

  • Below is the code, please check to make sure it is correct.

    Essentially, you are querying the Metaverse for anyone who has an EmployeeID that matches the ManagerID in a user's profile.  If so, you then ask for the accountname of that user.

    Caution: If the user is not present in the metaverse, you will need to run to jobs, one to import the manager and the second to get the managerID.

     string mvMGRemployeeID;    //temp string that holds the supervisor code
                        MVEntry[] mgrSearch;    //Collection of MV Etriers used to perform the search forMV object based on the manager employeeID

                        if (mventry["ManagerID"].IsPresent)
                        {
                            mvMGRemployeeID = mventry["MAnagerID"].Value.ToString().ToLower();
                            mgrSearch= Utils.FindMVEntries("employeeID", mvMGRemployeeID, 1); //Is there an object with employeeID = ManagerID

                            if (mgrDNSearch.Length == 1)//if we get only one return (which we should)
                            {

                                if (mgrDNSearch[0]["accountName"].IsPresent) //get the DN of the returned object
                                {
                                    csentry["manager"].Value = mgrDNSearch[0]["accountName"].Value.ToString();
                                }

                            }
                        }
                        break;
                    #endregion manager


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Monday, September 12, 2016 11:14 AM
    Tuesday, September 6, 2016 1:04 PM
  • Thanks, Nosh!

    I'm planning to make a search not in MV, but in CS.

    As I can see there is no methods like Utils.FindCSEntries to look forr objects in connector space, so Utils.FindMVEntries is the one method?

    Your code is near to what I need, but in my MIM, field ManagerID is reference and contains already transformed not UserID (02) but full username, so I need to adopt your code or my scheme to contain this reference not as reference, but as a ID.

    Now I'm thinking what would be better.

    As I understand there is mistake in your code, because mgrDNSearch is not declared, so it would be mgrSearch, right?


    1



    • Edited by alexiszp Wednesday, September 7, 2016 1:57 PM
    Wednesday, September 7, 2016 1:39 PM
  • 1- There is a way to query ConnectorSpace, but that's not very pretty. You have to go directly against the mms.ConnectoSpace table in SQL. This is purely SQL stuff.

    Not as pretty, and I do not think you need it.

    #region query ConnectedSpace
            public static bool queryCS(string Value)
            {
                bool exists = false;

                SqlConnection sqlConn = new SqlConnection(SQL_CONN_STRINGS);
                SqlDataReader readTarget = null;
                string queryString = "select * from mms_connectorspace WITH (NOLOCK) where rdn='CN=" + Value + "' AND ma_id='" + AD_MA_ID + "'";
                SqlCommand selectStatemnt = new SqlCommand(queryString, sqlConn);
                try
                {
                    sqlConn.Open();
                    readTarget = selectStatemnt.ExecuteReader();

                    while (readTarget.Read())
                    {
                        exists = true;
                        string cn = readTarget["rdn"].ToString();
                    }
                    sqlConn.Close();
                    sqlConn.Dispose();
                    sqlConn = null;

                    readTarget.Close();
                    readTarget.Dispose();
                    readTarget = null;

                }
                catch (SqlException sqlE)
                {
                    LogMessage(DateTime.Now.ToString() + " --- An error has occured while quering the ConnectedSpace DB. 
    FIM will try again on the next runcycle. ", "Stack Trace: " + sqlE.ToString(), LOG_FILE_NAME);
                }

                return exists;
            }
            #endregion query ConnectedSpace

    2- I am suspecting you are getting that attribute and converting into Reference in Connector Space. MIM has the ability to read an ID and convert into Reference.  So in this case, you already have the manager reference (which is done in MV also, by the way)

    3- If you have portal, you can easily get any attribute of this reference by creating an actin Workflow and mapping //ReferenceAttribute/ReferenceAttributeName  for instance //Manager/accountName

    4- Why do you even need the accountName of the manager?  if you tell me what the goal is, I can provide a much easier way to accomplish this.  Also, you need to understand that accountName is a Metaverse attribute so quering ConnectorSpace helps you nothing if manager is not in the Metaverse

    If any of these fail you, contact me at info@mernacaj.com and I can provide further assistance.


    Nosh Mernacaj, Identity Management Specialist

    Wednesday, September 7, 2016 2:15 PM
  • I need to get accountName becouse of business requirement. This parameter is need to be placed in field in AD to make a connect with external system.

    Yes, I have a portal, but I want to make configuration in one place with exstensions.

    And yes, you are right, I need to use MV, not CS in my case.

    One more question, sorry.

    As I understand there is mistake in your code, because mgrDNSearch is not declared, so it would be mgrSearch, right?

    Thanks!


    1

    Wednesday, September 7, 2016 2:29 PM
  • It is declared as MVEntry[] mgrSearch;    //Collection of MV Etriers used to

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, September 7, 2016 2:41 PM
  • Yes, I understand it.

    But later you use it like:

    if (mgrDNSearch.Length == 1)

    So, what's why I'm asking if it is a typo mistake.


    1

    Wednesday, September 7, 2016 2:43 PM
  • No mistake. Please test and don't assume. Sorry. This method returns a collectoion but we care about one entry and expect one entry only

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, September 7, 2016 2:54 PM
  • Looking strange, because I get error 

    "The name 'mgrDNSearch' does not exist in current context", so as I understand it is not declared


    1

    Wednesday, September 7, 2016 2:59 PM
  • you really need to do some debugging

    I assume you need to adjust this line

    mgrSearch= Utils.FindMVEntries("employeeID", mvMGRemployeeID, 1);


    Nosh Mernacaj, Identity Management Specialist

    Wednesday, September 7, 2016 3:36 PM
  • In process of debugging got error:

    System.InvalidOperationException: Unable to access attribute manager.  Reference values not accessible on MV objects.
       at Microsoft.MetadirectoryServices.Impl.AttributeImpl.get_Value()
       at Mms_ManagementAgent_HRExtension.MAExtensionObject.Microsoft.MetadirectoryServices.IMASynchronization.MapAttributesForImport(String FlowRuleName, CSEntry csentry, MVEntry mventry) ....


    1

    Friday, September 9, 2016 2:47 PM
  • Please show the code where this is occurring.  I am not sure what you are doing here, but seems you are trying to do something with a reference attribute.

    Nosh Mernacaj, Identity Management Specialist

    Sunday, September 11, 2016 9:15 PM
  • That's right, unfortunately Reference values aren't searchable using Utils.FindMVEntries.

    You could store the value as a string attribute aswell, and search the MV using that.


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Monday, September 12, 2016 7:51 AM
  • I'm looking for a way to convert this reference to string.

    How it can be done?

    I have found this page:

    https://msdn.microsoft.com/en-us/library/windows/desktop/ms696014%28v=vs.100%29.aspx?f=255&MSPPError=-2147217396

    But there are no explanations there, only "Supported"


    1


    • Edited by alexiszp Monday, September 12, 2016 1:36 PM
    Monday, September 12, 2016 1:27 PM
  • I believe you are mixing apples and oranges a little. If this Reference was on the connector space, Oracle DB on your case, it would work as you are aiming but this is in Metaverse. So you are trying to read a reference from MV during Import (connector space). 

    The attribute you are using as reference, as I have told you before, it is a string ""02" and you are converting it into reference using the out of the box feature. 

    You can use the portal to do this using a simple workflow as I have stated above.  

    Or do not convert the O2 into Reference and my code will do the trick.


    Nosh Mernacaj, Identity Management Specialist


    Monday, September 12, 2016 3:05 PM
  • Sorry for my late reply.

    I'm getting this error 

    System.InvalidOperationException: Unable to access attribute manager.  Reference values not accessible on MV objects.
       at Microsoft.MetadirectoryServices.Impl.AttributeImpl.get_Value()
       at Mms_ManagementAgent_HRExt.MAExtensionObject.Microsoft.MetadirectoryServices.IMASynchronization.MapAttributesForImport(String FlowRuleName, CSEntry csentry, MVEntry mventry) in C:......HRExt.cs:line 213

    at this point

    mvMGRemployeeID = mventry["ManagerID"].Value.ToString().ToLower();

    As I understand we need to get this attribute as a Reference and convert it to string.

    But we can't get a value of this attribute, becouse it is a reference.


    1


    • Edited by alexiszp Wednesday, September 14, 2016 12:19 PM
    Wednesday, September 14, 2016 12:16 PM
  • As the error states and some people have told you already, you cannot query a reference mv attribute. We also gave you all possible options. Short to come and do it for you, there is nothing left. This forum is not for learning FIM (esecially when you want it to behave in a way it does not). Sorry!

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, September 14, 2016 12:26 PM
  • Leo, can you, please say, how I can store this attribute as a string?

    I think that this is correct varian of transformation:

    mvMGRemployeeID = mventry["MAnagerID"].Value.ToString().ToLower();

    Thanks!


    1

    Wednesday, September 14, 2016 3:07 PM
  • Attribute names are case sensitive, are you sure this is correct? "MAnagerID".  It should maybe be "ManagerID". Double check the MV and ensure this is right.

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, September 14, 2016 3:08 PM
  • First of all I want to thanks everybody for helping me.

    Let me describe what I have now more detailed, because I feel some misunderstanding.

    I’m taking data from OracleDB.

    UserID / UserFIRSTName / ManagerID (reference)
    01        /    Jack                / 02
    02        /    Bill                  / (null)

    I have two flows in Sync Service with this ManagerID reference.

    1. Direct ManagerID -> Manager. In MV this attribute shows as hyperlink to Manager account, like Bill (not number) because this is reference.
    2. And second flow is advanced rule extension ManagerID-> ManagerID. In MV this attribute shows as number, 02 for example.

    Code for this part is below:

    case "ManagerAccount":
    
              if (csentry["ManagerID"].IsPresent)
    
                {
    
    mventry["ManagerID"].Value =csentry["ManagerID"].Value.ToString().ToLower();
    
                 }
    
    break;

    As I know, I cannot update in one “case” statement 2 MV attributes (ManagerID as a string and new attribute extensionAttribute (which needed to be exported to AD).

    And I suppose to update attribute extensionAttribute at time of exporting it from MV to AD with rules extension code.

    At time of export we will have attribute “ManagerID” In MV and can make search and update extensionAttribute in cs and in AD (this attribute is also created in AD schema) with purposed code in this post.

    So, what do you think? Is this is a right way?<o:p></o:p>

    Thanks!


    1




    • Edited by alexiszp Thursday, September 15, 2016 10:42 AM
    Thursday, September 15, 2016 10:34 AM