We are doing a full import from Active Directory to FIM in order to sync all AD accounts with all their attributes into FIM database. we are finding some problems in importing the logon hours of users, is there a way to import the logon hours attribute from AD into FIM using inbound synchronization?ThanksMM

What are the problems you are experiencing exactly? LastLogon in AD is a fileTime format (I think) so needs to be cast into something more readable for most people. I know how to do this using classic ILM advanced import attribute flow.Dave Nesbitt | Architect | Oxford Computer Group

Thanks Dave for your reply, my full scenario is this: in FIM portal we are allowing users to input logon hours through a drop down menu. that is they select "full time (8am-5pm)", "weekends", "till 11pm" for the user logon hours options since we allow only certain shifts. then based on the selected value, i have done an advanced export flow using code to copy the logon hours from a template user (template user in AD has same username as shift name) that is created for each shift to the user in question. here is the code for this: string templateaccountname = mventry["LogonHours"].Value; System.DirectoryServices. DirectorySearcher DESearch = new System.DirectoryServices.DirectorySearcher(DE); DESearch.Filter = "(& (samaccountname=" + templateaccountname + ") (objectClass=user))"; DESearch.PropertiesToLoad.Add( "DN"); DESearch.SearchScope = System.DirectoryServices. SearchScope.Subtree; System.DirectoryServices. SearchResult results = DESearch.FindOne(); string templateuserdn = results.Path; DirectoryEntry templateuserDSE = new DirectoryEntry(templateuserdn); byte[] arrHours = (byte[])templateuserDSE.Properties["logonHours"].Value; csentry[ "LogonHours"].Values.Add(arrHours);what i want now is the reverse, for users already created in AD (before we implemented FIM), we need to import their logon hours to FIM to represent one of the shifts. If you have a method using advanced import flow or any other method it would be great. i would like to note that if you have any other method than the one I used to import and export the "logon hours" attributes, I appreciate your help. but I was unable to set the logon hours for a user other than using the copy from another user method. Thanks a lot for your help!MM

I think you have to write an advanced import flow rule for this. The functions provided in Inbound synchronization rules may not help you to transform the logonHours byte array in a readable format.I used a vbs-script in the past to read the logonHours of a given AD user. This script may give you an idea how write the advanced import flow. Here's the vbs-code' List Allowed User Logon HoursOn Error Resume NextDim arrLogonHoursBytes(20)Dim arrLogonHoursBits(167)arrDayOfWeek = Array("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat") Set objUser = GetObject("LDAP://CN=Richards.Keith,OU=myOU,DC=myDomain,DC=net")arrLogonHours = objUser.Get("logonHours") For i = 1 To LenB(arrLogonHours) arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1)) WScript.Echo "MidB returns: " & MidB(arrLogonHours, i, 1) WScript.Echo "arrLogonHoursBytes: " & arrLogonHoursBytes(i-1) wscript.echo vbcrlfNext intCounter = 0intLoopCounter = 0WScript.echo "Day Byte 1 Byte 2 Byte 3"For Each LogonHourByte In arrLogonHoursBytes arrLogonHourBits = GetLogonHourBits(LogonHourByte) If intCounter = 0 Then WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2) intLoopCounter = intLoopCounter + 1 End If For Each LogonHourBit In arrLogonHourBits WScript.STDOUT.Write LogonHourBit intCounter = 1 + intCounter If intCounter = 8 or intCounter = 16 Then Wscript.STDOUT.Write Space(1) End If If intCounter = 24 Then WScript.echo vbCr intCounter = 0 End If NextNext Function GetLogonHourBits(x) Dim arrBits(7) For i = 7 to 0 Step -1 If x And 2^i Then arrBits(i) = 1 Else arrBits(i) = 0 End If Next GetLogonHourBits = arrBitsEnd Function Don't forget to start the script with csript.exe instead of wscript.exe, when you're testing the sampleBTW: When developing the advanced import flow you should never call a external system (as done in the vbScript with "Set objUser = GetObject(LDAP://CN=Richa... or in youradvanced export code with "DirectorySearcher DESearch = new System.DirectoryServices.DirectorySearcher(DE); ") from your code. You should rely on the csentry("LogonHours") attribute in your AD connector space.Hope this helpsMatthias