none
Add new user to an AD group RRS feed

  • Question

  • Hi all,

    I'm starting with FIM 2010, and I need to do a procedure that adds all new users (created in the current day) to an AD group (let's say newUsersGroup).

    In my environment, I have the following connectors: AD MA, AD Group MA (with the respective c# extentions) and a provisionning extention called MVExtention.dll

    My idea is to search each MV entry and if the attribute CreationDate (a better approach in my case would be read the Connector Space createTimeStamp attribute) is the same as the current date, then add the user to my newUsersGroup

    I tought that a good idea is to use the MVExtention.dll to do it, but I'm not sure how to do the add the person in a group in this extention. When I'm in my AD Group MA extention, I normally do (where csentry is my group in the Connector Space):

    csentry["member"].Values.Add(DNMember);

    Can someone please help me with this one?

    Thanks in advance for your help,

    Marc




    • Edited by Marc_27 Tuesday, July 7, 2015 2:17 PM
    Tuesday, July 7, 2015 2:10 PM

Answers

  • First of all, you don't need two AD MAs. 

    Second, the adding user to group, is a tricky business. This question keeps coming up at least once a week.  These are reference objects.

    Third, you cannot add user to group in the MVExtension.dll because user does not yet exist.

    You are left with one option. in the Extension.dll for AD MA (remember, you only need one)

    You need to create a custom method that adds a user to a group in AD. 

    Create an advanced import flow, within that flow call the add user to group method you created above.


    Nosh Mernacaj, Identity Management Specialist


    • Proposed as answer by Nosh Mernacaj Tuesday, July 7, 2015 5:31 PM
    • Edited by Nosh Mernacaj Tuesday, July 7, 2015 5:32 PM
    • Marked as answer by Marc_27 Wednesday, July 8, 2015 8:04 AM
    Tuesday, July 7, 2015 5:29 PM

All replies

  • First of all, you don't need two AD MAs. 

    Second, the adding user to group, is a tricky business. This question keeps coming up at least once a week.  These are reference objects.

    Third, you cannot add user to group in the MVExtension.dll because user does not yet exist.

    You are left with one option. in the Extension.dll for AD MA (remember, you only need one)

    You need to create a custom method that adds a user to a group in AD. 

    Create an advanced import flow, within that flow call the add user to group method you created above.


    Nosh Mernacaj, Identity Management Specialist


    • Proposed as answer by Nosh Mernacaj Tuesday, July 7, 2015 5:31 PM
    • Edited by Nosh Mernacaj Tuesday, July 7, 2015 5:32 PM
    • Marked as answer by Marc_27 Wednesday, July 8, 2015 8:04 AM
    Tuesday, July 7, 2015 5:29 PM
  • Thanks for the explanation

    I'm aware that I normaly use just one connector for the AD, but I'm just starting in this company and they already had the two connectors running, I just need to do this modification.

    I will try to do it as you explain to see how it works.

    Thanks again,

    Marc

    Wednesday, July 8, 2015 8:07 AM