Home Directory MA - features?
I'm currently working on a Management Agent for provisioning and deprovisioning home directories (and other directories) for users in ILM / FIM environments. I do a lot of Proof of Concepts and a typical scenario is home folder handling. Therefore I'm working on building a generic homefolder MA that rocks and is highly customizable. Some basic features currently are -
1) Create and apply ACLS for user
2) Move / rename based on, i.e. sAMAccountName
3) Deletion / removal
I'd very much like some additional feature that you see customers may need in the real world. Please reply here and maybe on my blog at http://granfeldt.blogspot.com
I'll make the MA generally available for testing / PoC's when I'm done.
March 20th, 2010 1:59am
This is a pretty interesting topic, Soren.
What I would be interested to know is where you see the benefits of using a management agent for this task in comparison to workflows when working with FIM.
Cheers,Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2010 8:16pm
Hi, Markus...
Using a Management Agent for this is the way to go, I think; I've written some other MA's, i.e. with multi-threading to gain performance. Managing home directories for users, I think belongs in a MA as oppose to a workflow. The workflow could indeed calculate the server/share where the homedir is to be located but I think a MA would be the place do the actual work of creating, ACL'ing, building initial directory structure and such. AND if you need to ACL the users home directory, you'd have to have the user created to get a SID before creating and ACL'ing the folders.
Regards,
Soren
March 21st, 2010 8:55pm
Hello Soren,
Are you going to publish the MA soon?
thanks
Neil
Free Windows Admin Tool Kit Click here and download it now
April 21st, 2010 8:12pm
Do you plan on reconciling the existing folders on import? If not there is not benefit to doing this in an ma compared to doing it in workflow.Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
April 21st, 2010 8:22pm
I agree, plus you wouldn't have to try and mult-thread the XMA yourself, with a WF approach you'd get async/multi-threaded by design.Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
Free Windows Admin Tool Kit Click here and download it now
April 21st, 2010 11:00pm
Really the main issue would be is would we create a home drive doesn't exist... Which a workflow could still do, but how do you action it... Which would mean we still need a way to see what has a homedirectory and what doesn't... which would be a good
reason for the xma... so a mix might be the best, but alot of overhead would be in the mix.. Honestly its really down to what your trying to accomplish...Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
April 21st, 2010 11:21pm
I could think of a few scenarios that wouldn't require an XMA, possibly the easiest of which would be:
Contribute homeDir from AD via an Inbound SR (equal precedence) Create a Set of users that do not have homeDir populated in the portal Create a Transition-In MPR for users transtitioning into the Set and the Action the custom WF
You would still want the WF to check for an existing share, and then at the end write the value for homeDir back to the portal object which would transition the user out of the set. In an Outbound SR you could contribute the value back to AD.
An XMA would require at least one additional csobject for each home directory/user which would add additional overhead. It would also add additional time to the entire delta processing loop. Using a WF would avoid this completely.Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2010 2:15am
Hi, guys...
Suddenly it seems as if this topic has "kicked off". I really appreciate all your input. I'm still working on the MA to make sure that it is solid when released as I'm going to be using this at a customer.
I have a few input to the discussion as the customer has some requirements already that I need to build in
1) They are using Notes - so if and when a Notes account has be created, the HomeDir MA needs to copy the Notes.ID file to the users home directory
2) They need a special file structure created;
3) The Home Directory needs to be renamed and potentially moved when the samAccountName is changed - or if a user changes location, i.e. between UK and DE
Now, I'm still working on this and here is the status -
1) My Full Import is working (it's multi-threaded and gets it data be examining all directories in all specified shares
2) Creation works
3) Still struggling with moves as their may be locked/open files
More to come - and I'll publish as soon as I've got a working version
I still plan to allow for scripts (VBSCripts or Powershell) scripts to be fired upon creation, moves or deletes, as you may want to do addtional stuff, such as changing setup files for the user or archiving data on deletion
Still hoping for more input for feature set.Regards, Soren Granfeldt --------------- http://granfeldt.blogspot.com
April 22nd, 2010 8:26am
Brad,
If step 1. involved a request-approval process instead of AD setting/mastering homeDir data, what would be a good approach to go about with the design? For example, if I had all users synched up from AD into MV/FIM, and any user could
go into the portal and request for homeDir and his manager would be notified for approval/reject, and based on which MPRs/Action WFs are fire off and go about creating the homeDir? It is fairly easy to go about the latter part with MPR, WF, CRUD etc but
I can't just yet figure out how to do the request-approval cleanly without first creating a new resource-type. Your input is much appreciated.
Thanks.
Anu
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2010 8:18pm
Hi Soren
Any News about your FIM MA?
Regards
December 10th, 2010 9:40am
Hi, Simon
Sorry for not posting anything for a long while; unfortunately the project was put on hold for a long while due to some other facts, so I didn't get to finished this yet; however, I'm still planning for this, but have had some other customer engagements
where I needed to focus my time.
Are you in "desperate" need :-) ? Also the discussions here in this thread are actually interesting to follow and it seems that some people think that this actually should be done in a workflow rather than an XMA. I'm not totally convienced yet, though,
so I'm stilling moving on with me littel XMA ;-)
I promised to let you guys know as soon as I get something finished for testing, but right now I'm really pressed for time, so it probarbly won't be untill next year (Q1)
/SorenRegards, Soren Granfeldt
http://granfeldt.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 10:36am
Hi Soren
At the moment i plan to develop my own XMa.
One of my
customers need a Solution for creating
the
Home User , Profile and TSE Profile Directory based on the information in the HR System. Right now, i think
that it is
easier to be done
in
a XMA
rather than in a Workflow.
What you think about a Codeplex Project? If you Upload your current Project i wile use the codebase and extend it with the requirements thats my customer has.
Other People can also work on it.
Please let
me
me know if
there
is interest on your side.
Kind regards
December 28th, 2010 4:22pm
Hi, verbalhoodz
I don't mind sharing my code on Codeplex, however, it's not in a working state ready for publishing, so right now I can't do that; when I get it in a working version, Codeplex could be a way to go.
/Soren
Regards, Soren Granfeldt
http://granfeldt.blogspot.comRegards, Soren Granfeldt
http://granfeldt.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2011 2:49am
Hi
For now, I've put the HomeDir on hold, but have created a PowerShell MA that allows you to run any script; already a few of my customers have bought this and maybe other could be interested. See more at
http://granfeldt.blogspot.com/2011/04/granfeldt-powershell-management-agent.html
Regards, Soren Granfeldt
http://granfeldt.blogspot.com
April 26th, 2011 2:01pm
I'd very much like some additional feature that you see customers may need in the real world.
Site aware DFS link provisioning and permissioning please!
Cheers,
MMS_guru
Identity & Metadirectory, Hewlett-Packard UK
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2011 5:01am