Generate Unique AccountName in FIM Portal 2010 R2.

Hi,

As User AccountName  is a fairly common attribute that needs to be generated Unique, I want to create/generate a unique AccountName in the FIM Portal. Specifically, take a LastName and a FirstName, generate a AccountName in the format of<LastName><FirstName> and check whether it exists in the FIM Portal. If it does, FirstName first one character will be added to the end,if it is also exists in fim portal then FirstName first two character will be added to the end  and so on  checked until a unique value is discovered.if any one have any idea or any solution or code for developing this logics on this please share with me.

Regards

Anil Kumar


November 17th, 2014 5:50am

Hi Anil,

There are two approaches to achieve this, both of them require to register an extra activity.

And here you have two possible paths as well:

  1. Create your custom activity that checks if value is already used in FIM Portal
  2. Implement PowerShell activity and check if your calculated value is unique against FIMService (with FIMService query). Bad thing here is that you would have to create FIMService's user in Portal. But this approach is easier to manage.
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2014 6:52am

Hi Dominik,

Thank's for response.

Please share the steps and code for creating custom activity that checks if value is already used in FIM Portal because i did never develop  custom activity in fim 2010 r2.

please share the two possible solution as you mention in your reply.

  • How to Create your custom activity that checks if value is already used in FIM Portal
  • How to Implement PowerShell activity and check if your calculated value is unique against FIMService (with FIMService query). Bad thing here is that you would have to create FIMService's user in Portal. But this approach is easier to manage

Regards

Anil Kumar 

November 18th, 2014 5:24am

As you have never developed an activity, PowerShell would be easier for you.

$i = 0;$j=0;$ary = 0..99;

Add-PSSnapin FIMAutomation do { # Generate number $PostNameNumber = "{0:d2}" -F $ary[$i] # Creating real name to try: $NameTry=$AccountName+$PostNameNumber; $entry = Export-FimConfig -Custom ("/Person[AccountName='{0}']" -F $NameTry) | Convert-FimExportToPSObject if ($entry -eq $null) {} else { $j = 1; $ReadyAccountName = $NameTry } $i++ } while ($j -eq 0) $fimWF.WorkflowDictionary.Add('ReadyAccountName',$ReadyAccountName)

The code would be something like here. It checks if an Person with selected account name is in FIM and if not, it generates new account name by adding numbers at the end. Just pass the account name to this. How to install FIM Powershell Workflow Activity is described here:

https://fimpowershellwf.codeplex.com/

Free Windows Admin Tool Kit Click here and download it now
November 18th, 2014 7:10am

Hi,

I am using below code for generating Unique AccountName but it is not working proper for me,it is working for existing Users but not work for New Users.and giving below Error please help on this.

Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "firstName" is not present.
   at Microsoft.MetadirectoryServices.Impl.AttributeImpl.get_Value()
   at Mms_ManagementAgent_SQLMAExtension.MAExtensionObject.GetCheckedMailNickName(String AccountName, MVEntry mventry) in C:\Users\Administrator\Desktop\SQLMAExtension\SQLMAExtension.cs:line 129
   at Mms_ManagementAgent_SQLMAExtension.MAExtensionObject.Microsoft.MetadirectoryServices.IMASynchronization.MapAttributesForImport(String FlowRuleName, CSEntry csentry, MVEntry mventry) in C:\Users\Administrator\Desktop\SQLMAExtension\SQLMAExtension.cs:line 88


using System;
using Microsoft.MetadirectoryServices;
using System.IO;

namespace Mms_ManagementAgent_SQLMAExtension
{
    /// <summary>
    /// Summary description for MAExtensionObject.
    /// </summary>
    public class MAExtensionObject : IMASynchronization
    {
        public MAExtensionObject()
        {
            //
            // TODO: Add constructor logic here
            //
        }
        void IMASynchronization.Initialize()
        {
            //
            // TODO: write initialization code
            //
        }

        void IMASynchronization.Terminate()
        {
            //
            // TODO: write termination code
            //
        }

        bool IMASynchronization.ShouldProjectToMV(CSEntry csentry, out string MVObjectType)
        {
            //
            // TODO: Remove this throw statement if you implement this method
            //
            throw new EntryPointNotImplementedException();
        }

        DeprovisionAction IMASynchronization.Deprovision(CSEntry csentry)
        {
            //
            // TODO: Remove this throw statement if you implement this method
            //
            throw new EntryPointNotImplementedException();
        }

        bool IMASynchronization.FilterForDisconnection(CSEntry csentry)
        {
            //
            // TODO: write connector filter code
            //
            throw new EntryPointNotImplementedException();
        }

        void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
        {
            //
            // TODO: write join mapping code
            //
            throw new EntryPointNotImplementedException();
        }

        bool IMASynchronization.ResolveJoinSearch(string joinCriteriaName, CSEntry csentry, MVEntry[] rgmventry, out int imventry, ref string MVObjectType)
        {
            //
            // TODO: write join resolution code
            //
            throw new EntryPointNotImplementedException();
        }

        void IMASynchronization.MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
        {
            //
            // TODO: write your import attribute flow code
            //
            switch (FlowRuleName)
            {
                case "UniqueID":
                    if (csentry["AccountName"].IsPresent)
                    {
                        // The value for the mailnickname attribute should be unique on every
                        // <tla rid="fim_syncdb_short" /> entry. To create a unique value, call a function that
                        // calculates a unique name based upon the connector space entry.
                        // Use this calculated value as the attribute value for the <tla rid="fim_syncdb_short" />
                        // entry.
                        string newMailNickname = GetCheckedMailNickName(csentry["AccountName"].Value, mventry);
                        //Logger(newMailNickname);
                        // If a unique nickname could not be created, throw an exception.
                        if (newMailNickname.Equals(""))
                        {
                            throw new TerminateRunException("A unique mailNickname could not be found");
                        }

                        mventry["AccountName"].Value = newMailNickname;
                        //Logger(newMailNickname);
                    }
                    else
                    {
                        mventry["AccountName"].Delete();
                    }
                    break;

                default:
                    break;
            }
        }

        void IMASynchronization.MapAttributesForExport(string FlowRuleName, MVEntry mventry, CSEntry csentry)
        {
            //
            // TODO: write your export attribute flow code
            //
            throw new EntryPointNotImplementedException();
        }
        // This function creates a unique mailNickname for use in a <tla rid="fim_syncdb_short" /> entry.
        string GetCheckedMailNickName(string AccountName, MVEntry mventry)
        {
            MVEntry[] findResultList = null;
            //string checkedMailNickname = AccountName;

            // Create a unique naming attribute by adding a number to
            // the existing mailNickname value.
            for (int nameSuffix = 1; nameSuffix < 100; nameSuffix++)
            {
                // Check if the mailNickname value exists in the <tla rid="fim_syncdb_short" /> by
                // using the Utils.FindMVEntries method.
                AccountName = mventry["firstName"].Value + mventry["lastName"].Value.Substring(0, nameSuffix);
                string checkedMailNickname = AccountName;
                findResultList = Utils.FindMVEntries("AccountName", checkedMailNickname, 1);
                if (findResultList.Length == 0)
                {
                    // The current mailNickname is not in use.
                    return (checkedMailNickname);
                }

                // If a <tla rid="fim_syncdb_short" /> entry was found with the specified mailNickname,
                // see if this is the entry specified.
                MVEntry mvEntryFound = findResultList[0];

                if (mvEntryFound.Equals(mventry))
                {
                    return (checkedMailNickname);
                }

                // If the passed nickname is already in use by another <tla rid="fim_syncdb_short" />
                // entry, concatenate the counter number to the passed value and
                // verify this new value exists. Repeat this step until a unique
                // value is created.
                //checkedMailNickname = AccountName + nameSuffix.ToString();
                //Logger(checkedMailNickname);
            }

            // Return an empty string if no unique nickname could be created.
            return "";
        }

    }
}

Regards

Anil Kumar


  • Edited by AnilKumarIDM Tuesday, November 18, 2014 10:48 AM
November 18th, 2014 10:47am

Make sure firstName attribute is filled in metaverse.
Free Windows Admin Tool Kit Click here and download it now
November 18th, 2014 1:59pm

Hi Dominik,

Thank's for response,

I want to know how to  firstName attribute is filled in metaverse,as i mention in previous code if it is possible in my code please modify above code so i could modify my logic,or please tell me where i am doing mistake in my code.

Regards

Anil KUMAR

November 20th, 2014 6:10am

Anil, I am not sure we understand each other.

I have given you an activity description before - not extension. So this powershell part is a part of activity, which can be used as a part of FIMService configuration.

As I see now you are trying to modify extension code for FIMSync.

In the first post you have written:

I want to create/generate a unique AccountName in the FIM Portal. Specifically, take a LastName and a FirstName, generate a AccountName in the format of<LastName><FirstName> and check whether it exists in the FIM Portal.

So it pointed to FIMService mechanics that allows to do the same. But later you have pasted some of your code which is extension to FIMSync.

There is no simple way to check if AccountName in Portal is or isn't taken - you would have to query FIMService for it. Easier would be to calculate such value in FIMService/FIMPortal and then just flow it back to FIMSynch.

Free Windows Admin Tool Kit Click here and download it now
November 20th, 2014 6:59am

Hi Dominik,

Thank's for reply.

My problem has been resolved by Management extension rule using c#.

Regards

Anil Kumar

November 21st, 2014 11:41am

Hi Anil,

Is it possible to share the code that worked?

Peace,

Sylvester

Free Windows Admin Tool Kit Click here and download it now
August 6th, 2015 3:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics