User Management

Chapter 5 – User management – in the FIM 2010 R2 book

In this chapter, we will look at:

  • How user management is set up in FIM Service and FIM Synchronization Service
  • How to manage users in:
    • Active Directory
    • Microsoft Exchange
    • A phone system
  • How to enable users to do some self-service

12 Replies to “User Management”

  1. Rafal Grzybowski

    Hi,

    I cannot figure out HRGUID attribute from your FIM book on page 167. When this attribute is populated on FIM?

    I””””m trying to implement some outbound sync policy for custom resource types from FIM to SQL and I don””””t have any unique column other than FIM ObjectID. And this doesn””””t flow into SQL uniqueidentifier column because of type mismatch. That””””s why I””””m trying to understand your examples from the book but I””””m stuck with this HRGUID attribute.

    BTW: Your book about FIM 2010 R2 is the best on the market.

    Thank you.

    Best regards
    Rafal Grzybowski

    Reply
    • Kent Post author

      I realize a piece of information is missing around this. A GUID in FIM is not the same thing as a GUID in SQL. If you would like to export a GUID in FIM to a SQL you need to add the curly brackets ending up with something like { + FIM_GUID + } -> SQL_GUID in your synchronization rule. This is because the datatype in SQL is not present as datatype in FIM. In the MV it is stored as a String. Hope this helps and glad you like the book!

      Reply
      • Rafal Grzybowski

        Ok, I could try to concatenate it for attribute flow. But what about relationship criteria? I cannot create relationship based on expressions only simple column names. Are there any design guidelines for exporting such simple custom resource types into SQL Server if there is no unique attribute other than ObjectID.

        Reply
        • Kent Post author

          That”s is indeed a problem. Since the datatypes are different you cannot use them in declarative relationship criteria. You would need to use classic code based join rules to solve this.

          Reply
    • Kent Post author

      Regarding the HRGUID value, this is not fully explained, but I have added this “new” attribute in the MV Schema of Type string and imports the objectID from the HR system to that value.

      Reply
        • Kent Post author

          Apart from the small notes in chapter 4 on schema managment I do not touch MV schema changes. Basically because it is quite simple. Just go into MV designer and add the attributes you feel you are missing.

          Reply
  2. Kent Post author

    I got this question from a user via another channel but would like to share it with you all…:
    I bought your book FIM 2010 R2 handbook and had a question. In the sync rule for new user you create a custom expression for userAccountControl using itself in the function. How is that possible (UAC is a AD attribute, not MV). But the function itself looks useful.

    Reply
    • Kent Post author

      What has happend is that I have added a new attribute “userAccountControl” to the MV. The rule I use looks to see it that attribute has been set (import from AD) and if so only change the 2 bit. If not set I configure it to use the default values.

      Hope this explains it.

      Reply
  3. Sachin

    Hi Kent, In your version of homefolder script, you use objectguid as the anchor attribute. FIM stores this as a binary value and passing it to powershell MA doesn”t work with an error like:
    The parameter for the function is of an unknown type: ”174; 236; 146; 235; 76; 37; 2; 71; 191; 81; 152; 190; 67; 103; 229; 163; ”. System.FormatException: Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
    Can you explain how should I flow the attribute from ADMA-MV-PowerShellMA?

    Reply
    • Kent Post author

      You never pass the Guid to the MA. The MA does not support provisioning in this case. The anchor is only used internally in this MA. Hope you understand.

      Reply

Leave a Reply to Kevin M Cancel reply

Your email address will not be published. Required fields are marked *