I’m building a custom activity to build the appropiate account name for new users. The custom activity has the following steps 1. Creates the account name based on last name and first Name. For example, Terry Adams should be have the account name “tadams” 2. Checks that the account name does not exist in FIM database. 3. If the account name exists, iterates to build a new account name that not exists (tadams1, tadams2, etc) 4. With the final account name is ok (i.e. tadams2) update the resource. The first approach was build a custom activity that catch the current request, checks that the account name exists and update the value of the AccountName field. But the problem is that the activity to read resources from FIM database (EnumarateResourceActivity) does not provide a best approuch to read resources more than once and is complicated to use and test, so the question is Can I query FIM database from custom activity without EnumerateResourceActivity? For example Creating a WS client that submit queries to the ILM Web Service? If it is possible, where I must place the client endpoint configuration to invoke web services.

Pablo,Yes you can query the FIM database from within your workflow, the best way is to check out Joe Schulman post on the Public unsupported web service client: http://blogs.msdn.com/imex/archive/2009/10/05/the-ida-guys-and-rc1-unsupported-client.aspxhttp://blogs.technet.com/idaguys/archive/2009/10/04/fim-2010-rc1-resource-management-client-sample-announcement.aspxDavid Lundell www.ilmBestPractices.com

Hi Pablo! My recommendation is to create a custom workflow or workflow activity that makes use of the EnumerateResourcesActivity because calling web services by using the non-supported web service client instead of the built in web service client requires a lot of configuration and other must be considered an ugly hack. A solution to this (as I described in our private mail conversation) could be (not tested): I would use a While activity that holds the EnumerateResourcesActivity with a code condition that enables it to run until EnumerateResourcesActivity.TotalResultsCount = 0 and keep an indexer in a local variable that you add to the accountName as suffix on each run that you also use to set the XPath with on each run. CustomActivity -WhileActivity --SequenceActivity (I think the WhileActivity requires this as well as the EnumerateResourcesActivity that could only keep a single child) ---CodeActivity (for creating and setting the XPath from the current value of the indexer variable) ---EnumerateResourcesActivity ----CodeActivity +code condition (that checks the number of results (0 or 1) returned and keeps the indexer) //Henrik Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

Just a small addition to Heinrik's answer: maybe you could configure the EnumerateResourcesActivity to search for accounts (and possibly groups as well, as those too have an account name that must be unique in the domain) that start with your base value, i.e. an xpath filter like /Person[starts-with(AccountName,'tadams')] | /Group[starts-with(AccountName,'tadams')] and ask only for the account name, something like: this.enumerateResourcesActivity.Selection = new string[] {"AccountName"}; In this way you make only one request to the web service (if tadams2 and tadams3 already exist you get them in one go) and ask only for the information you need, thus hammering the web service as little as possible. Then you collect all the returned account names and generate a unique value adding a number. P.S: I don't have time to check right now, but does someone know if the EnumerateResourcesActivity supports queries with "any" class type, i.e. /*[starts-with(AccountName,'tadams')] Paolo Tedesco - http://cern.ch/idm

Thanks Paolo! You're definitely having a point here! I don't think EnumerateResourcesActivity have any restrictions compared to using web services directly but I'm not sure. //Henrik Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

Yes Henrik, this post was previous to your private mail. I used the EnumerateResourceActivity and the Account Generation works fine, therefore there was a bit change with your suggestion, I used an "if" instead of "while", because the account must be generated with 2 options, if it fails, the account name must be blank.Thanks a lot!