Home Directory MA - features?
I'm currently working on a Management Agent for provisioning and deprovisioning home directories (and other directories) for users in ILM / FIM environments. I do a lot of Proof of Concepts and a typical scenario is home folder handling. Therefore I'm working on building a generic homefolder MA that rocks and is highly customizable. Some basic features currently are - 1) Create and apply ACLS for user 2) Move / rename based on, i.e. sAMAccountName 3) Deletion / removal I'd very much like some additional feature that you see customers may need in the real world. Please reply here and maybe on my blog at http://granfeldt.blogspot.com I'll make the MA generally available for testing / PoC's when I'm done.
March 20th, 2010 1:59am

This is a pretty interesting topic, Soren. What I would be interested to know is where you see the benefits of using a management agent for this task in comparison to workflows when working with FIM. Cheers,Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2010 8:16pm

Hi, Markus... Using a Management Agent for this is the way to go, I think; I've written some other MA's, i.e. with multi-threading to gain performance. Managing home directories for users, I think belongs in a MA as oppose to a workflow. The workflow could indeed calculate the server/share where the homedir is to be located but I think a MA would be the place do the actual work of creating, ACL'ing, building initial directory structure and such. AND if you need to ACL the users home directory, you'd have to have the user created to get a SID before creating and ACL'ing the folders. Regards, Soren
March 21st, 2010 8:55pm

Hello Soren, Are you going to publish the MA soon? thanks Neil
Free Windows Admin Tool Kit Click here and download it now
April 21st, 2010 8:12pm

Do you plan on reconciling the existing folders on import? If not there is not benefit to doing this in an ma compared to doing it in workflow.Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
April 21st, 2010 8:22pm

I agree, plus you wouldn't have to try and mult-thread the XMA yourself, with a WF approach you'd get async/multi-threaded by design.Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
Free Windows Admin Tool Kit Click here and download it now
April 21st, 2010 11:00pm

Really the main issue would be is would we create a home drive doesn't exist... Which a workflow could still do, but how do you action it... Which would mean we still need a way to see what has a homedirectory and what doesn't... which would be a good reason for the xma... so a mix might be the best, but alot of overhead would be in the mix.. Honestly its really down to what your trying to accomplish...Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
April 21st, 2010 11:21pm

I could think of a few scenarios that wouldn't require an XMA, possibly the easiest of which would be: Contribute homeDir from AD via an Inbound SR (equal precedence) Create a Set of users that do not have homeDir populated in the portal Create a Transition-In MPR for users transtitioning into the Set and the Action the custom WF You would still want the WF to check for an existing share, and then at the end write the value for homeDir back to the portal object which would transition the user out of the set. In an Outbound SR you could contribute the value back to AD. An XMA would require at least one additional csobject for each home directory/user which would add additional overhead. It would also add additional time to the entire delta processing loop. Using a WF would avoid this completely.Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2010 2:15am

Hi, guys... Suddenly it seems as if this topic has "kicked off". I really appreciate all your input. I'm still working on the MA to make sure that it is solid when released as I'm going to be using this at a customer. I have a few input to the discussion as the customer has some requirements already that I need to build in 1) They are using Notes - so if and when a Notes account has be created, the HomeDir MA needs to copy the Notes.ID file to the users home directory 2) They need a special file structure created; 3) The Home Directory needs to be renamed and potentially moved when the samAccountName is changed - or if a user changes location, i.e. between UK and DE Now, I'm still working on this and here is the status - 1) My Full Import is working (it's multi-threaded and gets it data be examining all directories in all specified shares 2) Creation works 3) Still struggling with moves as their may be locked/open files More to come - and I'll publish as soon as I've got a working version I still plan to allow for scripts (VBSCripts or Powershell) scripts to be fired upon creation, moves or deletes, as you may want to do addtional stuff, such as changing setup files for the user or archiving data on deletion Still hoping for more input for feature set.Regards, Soren Granfeldt --------------- http://granfeldt.blogspot.com
April 22nd, 2010 8:26am

Brad, If step 1. involved a request-approval process instead of AD setting/mastering homeDir data, what would be a good approach to go about with the design? For example, if I had all users synched up from AD into MV/FIM, and any user could go into the portal and request for homeDir and his manager would be notified for approval/reject, and based on which MPRs/Action WFs are fire off and go about creating the homeDir? It is fairly easy to go about the latter part with MPR, WF, CRUD etc but I can't just yet figure out how to do the request-approval cleanly without first creating a new resource-type. Your input is much appreciated. Thanks. Anu
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2010 8:18pm

Hi Soren Any News about your FIM MA? Regards
December 10th, 2010 9:40am

Hi, Simon Sorry for not posting anything for a long while; unfortunately the project was put on hold for a long while due to some other facts, so I didn't get to finished this yet; however, I'm still planning for this, but have had some other customer engagements where I needed to focus my time. Are you in "desperate" need :-) ? Also the discussions here in this thread are actually interesting to follow and it seems that some people think that this actually should be done in a workflow rather than an XMA. I'm not totally convienced yet, though, so I'm stilling moving on with me littel XMA ;-) I promised to let you guys know as soon as I get something finished for testing, but right now I'm really pressed for time, so it probarbly won't be untill next year (Q1) /SorenRegards, Soren Granfeldt http://granfeldt.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 10:36am

Hi Soren At the moment i plan to develop my own XMa. One of my customers need a Solution for creating the Home User , Profile and TSE Profile Directory based on the information in the HR System. Right now, i think that it is easier to be done in a XMA rather than in a Workflow. What you think about a Codeplex Project? If you Upload your current Project i wile use the codebase and extend it with the requirements thats my customer has. Other People can also work on it. Please let me me know if there is interest on your side. Kind regards
December 28th, 2010 4:22pm

Hi, verbalhoodz I don't mind sharing my code on Codeplex, however, it's not in a working state ready for publishing, so right now I can't do that; when I get it in a working version, Codeplex could be a way to go. /Soren Regards, Soren Granfeldt http://granfeldt.blogspot.comRegards, Soren Granfeldt http://granfeldt.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2011 2:49am

Hi For now, I've put the HomeDir on hold, but have created a PowerShell MA that allows you to run any script; already a few of my customers have bought this and maybe other could be interested. See more at http://granfeldt.blogspot.com/2011/04/granfeldt-powershell-management-agent.html Regards, Soren Granfeldt http://granfeldt.blogspot.com
April 26th, 2011 2:01pm

I'd very much like some additional feature that you see customers may need in the real world. Site aware DFS link provisioning and permissioning please! Cheers, MMS_guru Identity & Metadirectory, Hewlett-Packard UK
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2011 5:01am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics