Hi
can someone point out how to convert a string in form of "2010/31/12" in the required integer format to be able to set accountExpires attribute in Active Directory?

Thanks in advance
Henry

Sorry but for this you'll have to create a custom workflow activity and in that one you could simply use the DateTime.ToFileTime Method.
The AD accountExpire attribute is a FileTime structure (8 byte) and a not easily converted to and from without the right tools and the limited sync rule functions are not the right tools to use...

This would have been a perfect candidate (together with it's sister FromFileTime) for a custom sync rule function but since there isn't anything like that (yet) we have to fall back on workflow. If you read this and think custom sync rule functions could be nice to have, head on to Connect and give this feature request a vote!

//Henrik

Thanks a lot for your answer and explanation (as well as for the other one concerning the manager attribute).
But isn't it much simpler to go one step back and use the MIIS / ILM - style attribute export flow?
(At least until such commonly usedfeatures are not usable in the portal out of the box)

Henry

Legacy sync rules or workflow is your choice... In this case I wanted to point out that declarative provisioning isn't complete without custom functions.

//Henrik

no, no
everything is perfect. I am very happy with your answer.
Henry

But remember for your other question (Setting Manager attribute in FIM) you would have to use the Utils.FindMVEntries method to find your manager when using legacy sync rules and that's probably not a good practice because it's slooooow!

How about an example, maybe some screenshots?

 

Here is a screen
shot of setting the Account Expires Attribute in AD when the EmployeeEndDate
Attribute is set in the FIM Portal. This is done via the FIM WAL using the
Powershell Workflow

 

 

Script

 

Param($User,$Date)

Import-Module ActiveDirectory

Set-ADUser -Identity $User -AccountExpirationDate
([datetime][string]($Date))

return "Success"

• Edited by Anthony Marsiglia (FIM Devil)Microsoft employee Monday, February 25, 2013 1:18 PM

 

Here is a screen
shot of setting the Account Expires Attribute in AD when the EmployeeEndDate
Attribute is set in the FIM Portal. This is done via the FIM WAL using the
Powershell Workflow

 

 

Script

 

Param($User,$Date)

Import-Module ActiveDirectory

Set-ADUser -Identity $User -AccountExpirationDate
([datetime][string]($Date))

return "Success"

• Edited by Anthony Marsiglia (FIM Devil)Microsoft employee Monday, February 25, 2013 1:18 PM

 

Here is a screen
shot of setting the Account Expires Attribute in AD when the EmployeeEndDate
Attribute is set in the FIM Portal. This is done via the FIM WAL using the
Powershell Workflow

 

 

Script

 

Param($User,$Date)

Import-Module ActiveDirectory

Set-ADUser -Identity $User -AccountExpirationDate
([datetime][string]($Date))

return "Success"

What is the FIM WAL?

this could be done by using a custom workflow activity which is what the FIM WAL is, the FIM WAL is a Custom Workflow Activity that was built and initially deployed by Microsoft Consulting Services "MCS"

There are a number of PowerShell Workflow Activities that have been posted online which could be used to perform this same task. Although the Account Expires activity could be performed completely codeless as far as a rules extension but I would highly recommend using the Rules Extension as it is more efficient, consistent.

an example of the rules extension can be found at my Blog The Connector Space