Where do I get the Domain name from?
Ok, for a single domain, I cheated and hard coded the domain name from the sync. I put together the following sheet to track the relationship between AD/Metaverse and ILM
Active Directory Object Names
Metaverse Names
ILM Directory Names
sAMAccountName
AccountName
AccountName
AD_UserCannotChangePassword
AD_UserCannotChangePassword
streetAddress
Address
Address
assistant
Assistant
Assistant
AuthNWFLockedOut
AuthNWFLockedOut
AuthNWFRegistered
AuthNWFRegistered
l
City
City
company
Company
Company
CostCenter
CostCenter
CostCenterName
CostCenterName
co
Country
Country
Creator
Creator
DeletedTime
DeletedTime
department
Department
Department
description
Description
Description
DetectedRulesList
DetectedRulesList
displayName
DisplayName
DisplayName
Domain
Domain
mail
Email
Email
EmployeeEndDate
EmployeeEndDate
employeeID
EmployeeID
EmployeeID
EmployeeStartDate
EmployeeStartDate
employeeType
EmployeeType
EmployeeType
ExpirationTime
ExpirationTime
givenName
FirstName
FirstName
IsRASEnabled
IsRASEnabled
title
JobTitle
JobTitle
sn
LastName
LastName
LastResetAttemptTime
LastResetAttemptTime
LoginName
LoginName
mailNickname
MailNickname
MailNickname
Manager
Manager
MiddleName
MiddleName
MobilePhone
MobilePhone
objectSid
ObjectID
ObjectID
ObjectSID
ObjectSID
ObjectType
ObjectType
facsimileTelephoneNumber
OfficeFax
OfficeFax
OfficeLocation
OfficeLocation
telephoneNumber
OfficePhone
OfficePhone
Owner
photo
Photo
Photo
postalCode
PostalCode
PostalCode
ProxyAddressCollection
ProxyAddressCollection
Register
Register
RegistrationRequired
RegistrationRequired
ResetPassword
ResetPassword
sIDHistory
SIDHistory
SIDHistory
objectsid
objectSidString
objectsidstring
What I COULDN'T see in A/D (or at least maybe overlooked it) was where the domain name was in the particular objects? OR is it presumed and hard coded? IE: In a Forest with multiple child domains, how do I obtain the Domain name from a synchronized object FROM Active Directory naturally?Missing the "obvious" I am guessing :)
August 4th, 2009 8:42pm
I extract itfrom the dn.
Anu
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2009 12:14am
You did not miss the obvious you raised a very good point!The NetBIOS domain name is not tied to an object in form an attribute so, you can stop looking for it :o)Some folks calculate the attribute value from the DN value. If an object belongs to DC=fabrikam,DC=com, the assumption is made, that the object must belong to the fabrikam domain.However, this is a pretty risky assumption since there is no technical requirement for the NetBIOS domain name to be the same as the related component in the DN.In other words, these two attribute values CAN be different!You shouldexamine your environment before running into surprises.Unfortunately, I have no silver bullet for you.You should at least run a script against AD to check whether both values are the same. If so, you can use the DN to extract the domain name.However, as mentioned before, you should at least not assume that they must be the same.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
August 5th, 2009 12:18am
The customer I'm working with defines the domain on the HR side. Therefore we simply flow this as a string. In a multi-domain forest or multi-forest envrionment there's a process of some kind, somewhere, that defines which people go into which domain. This is what needs to be understood and implemented. Another option is to write the domain attribute using the function evaluator based on some criteria within FIM. Again, this is completely dependent on the business processes around selecting the domain.
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2009 10:37am
Netbios domain name can be pulled from the LDAP with simple query but if this will have to be determined in synchronization during attribute flow this might be a bit costly operation. Also you can think about bringing into metaverse crossRef objects from configuration partition and then use FindMVEntry to lookup proper partition and read its nETBIOSName attribute but again ... question about the need and cost of such operation. I wrote that just to explore all options :)
August 6th, 2009 12:45am
I quite like the FindMVEntry option. Taking that a step further you could also push the crossRef objects into the FIM store and utilise a WF activity against crossRef objects within the store instead of going out against a DC too. I'm playing with something similar at the moment with OUs...
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2009 6:22pm