Multiple Groups for an User
Hi Everyone I´ve been create multiple security and distribution groups from AD to FIM, now I´m setting the criteria-set for the new users get a membership in these groups. The only attribute for this filter is call group (string) in it is content just a string with the name of all the groups wich the user should be member (sales;marketing,accounting,IT, finance, etc). John Smith Group attribute = sales; marketing The criteria set for the groups "SALES" is: Group is sales The criteria set for the groups "marketing" is: Group is marketing but as we now FIM in not capable to accept this kind of filter, somebody can help out. I´ve been lookig for similar issues in the blog but so far I think tha the solution is create lots of MV attribute for all the groups that my AD has and then create the criteria-set with all this new attributes. cheers
September 8th, 2010 8:49pm

I was a little confused by your question - are you asking if you can create a Set which mirrors the membership of the Security Group? You can modify the Set filter in the Advanced View so it refers to one or more security groups by resourceID, eg., ObjectID = /Group[ObjectID = 'c4cff4fd-116b-4a5c-a544-5d76bb901181']/ComputedMember The resourceID here is for a security group in my portal, and the members of the set are indeed the same as for the security group. http://www.wapshere.com/missmiis
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2010 9:25pm

Hi Carol I create all distribution and security groups in FIM from AD, and they came into FIM with all its members now I want to create a criteria filter for all the new users. The new users come from HR. HR just send me an attribute call group with a big string (Sales;IT;FInance;Accounting,etc) so in FIM I´m not able to use this attribute (group) to populate the membership for this user. I have a sync rule for gruop IN/OUT it brings all the groups into FIM and sen back the member attribute to AD AD --> DG and SG --> FIM member ---> FIM ---> AD
September 8th, 2010 9:36pm

So HR send you this string, and using that you want to add these people into existing groups? Yes that is trickier. I can think of a number of ways to go about it but it really depends on your environemnt. You may be right that IAFs to different metaverse attributes os the way to go. How many groups are you talking about and how often will they change?http://www.wapshere.com/missmiis
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2010 10:51pm

Hi Carol There are about 80 and the changes frecuency is add 3 groups a year. And they move around 30 users from a group to another monthly. My enviroment is: ---->AD HR --> FIM ---> ERP ---> CRM ---> Exchange 2007 ---> META4 All the changes are controlled by HR and I´d like to match the HR filters for groups to FIM and make this administration easier. Regards
September 8th, 2010 10:59pm

If you've got that many groups then I think you'd be better off passing the data via an AVP file or a SQL multi-value tabe. That way you can import the groups into the metaverse as proper groups. This will require some kind of external process, like a script or a SQL SSIS package, to break down those group fileds and present the data to FIM Sync in a way it can use. It should also be possible to write a custom workflow that made the group allocations directly in the portal. You would need to use a Request type MPR with the WF, so it fired on any changes to the group field. Your WF would loop through the items in the group field, checking and correcting memberships. I think the first method above would be a lot faster however, and involve less programming/scripting, though some is inevitable here. http://www.wapshere.com/missmiis
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2010 9:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics