次の方法で共有


(WAL) - Workflow Example - Generate Unique Value

Using the latest WAL (Workflow Activity Library) which can be located from a link on the following Blog Post - The MIMWAL (Custom Workflow Activity Library)

Generate Unique Value: This workflow can be used to create is used to create a Unique Value to be set for almost any attribute within the FIM Portal (FIMService Database) that you wish to be unique to the environment, additionally it is possible to add LDAP Queries perform a look up against an LDAP Directory such as Active Directory and verify that the value being generated is also unique to that source as well. I would recommend using this activity to generate attributes such as:

  • Account Name
  • Mail Nickname
  • Mail
  • CN

Technically you would not need to create a workflow for each of the above attributes and in a lot of scenarios 1 of the attribute values would be used for the others as well.

In this example we will use this activity to generate an Account Name for a new user that is created, this type of activity is recommended not only to verify Uniqueness but to verify a specific standard is met as well. For example the company policy may state that the account name is to be generated using the following format.

Option 1

  • Lower Case
  • First 2 letters of First Name
  • Followed by a “.”
  • Last Name

Option 2 If not Unique and if Middle Name Exist

  • Lower Case
  • First 2 letters of First Name
  • Followed By a “.”
  • First Initial of Middle Name
  • Followed by a “.”
  • Last Name

Option 3 If Not Unique and If No Middle Name Exist

  • Lower Case
  • First 2 letters of First Name
  • Followed by a “.”
  • Last Name
  • Next sequential seed Number

Option 4 If Not Unique and Middle Name Exist

  • Lower Case
  • First 2 letters of First Name
  • Followed By a “.”
  • First Initial of Middle Name
  • Followed by a “.”
  • Last Name
  • Next sequential seed Number

In the FIM / MIM Portal navigate to the Workflow page

Click on New

For Workflow Name type in something that reflects the purpose of the overall workflow that you are creating and keep in mind that some workflows that you build will require multiple activities so the name of the Workflow should represent the workflow as a whole.

I generally Start the name of all my workflows with an underscore so it looks like “_WorkflowNameExample” This pushes all my custom workflows to the top of the list of all my workflows and separates my custom workflows from my default workflows and provides a level of understanding for the next person who has to take over your awesome environment that you are building

For Description it may be helpful to type in a detail of what the Workflow is for, this may help prevent others from creating duplicate workflows.

For Workflow Type select Action for additional information about the other Workflow Actions check out the following Blog Post Understanding Workflows

For Run on Policy Update, well leave this unchecked

 

Click on Next

You are now presented with a list of activities to choose from, to generate a Unique Value

Click on WAL: Generate Unique Value

Click on Select

You are now presented with the Generate Unique Value Activity Template

  • Activity Display Name Type something that represents the purpose of this activity. In this Example I used Generate Unique Account Name. Notice I did not add an Underscore or other characters because the name of the workflow already uses that to identify as custom.

Note: The Following Statements are Case Sensitive

  • Activity Execution Condition – For this example we will leave this blank
  • Target for Generated Value – [//Target/AccountName]
  • /Person[AccountName'[//Value]']
  • Conflict Filter - /Person[AccountName = '[//Value]']
  • Query LDAP for Conflicts – Checked
  • LDAP Queries
    • Directory Entry Path – LDAP://DC=Contoso,DC=com
    • LDAP Filter - (&(Objectclass=user)(ObjectCategory=Person)(sAMAccountName=[//Value]))

 

  • Uniqueness Key Seed – Enter a number I usually start with 2
  • Value Expressions –
    • LowerCase(Left([//Target/FirstName],2)+"."+[//Target/LastName])
    • LowerCase(Left([//Target/FirstName],2) + "." + IIF(IsPresent([//Target/MiddleName]), Left([//Target/MiddleName],1), "") + IIF(IsPresent([//Target/MiddleName]), ".", "") + [//Target/LastName])
    • LowerCase(Left([//Target/FirstName],2) + "." + IIF(IsPresent([//Target/MiddleName]), Left([//Target/MiddleName],1), "")+ IIF(IsPresent([//Target/MiddleName]), ".", "") + [//Target/LastName])+[//UniquenessKey]

Click on Save

Click on Finish

Now create the MPR that will trigger this workflow when a new user is created.

Comments

  • Anonymous
    October 27, 2016
    Nice post looking forward to testing this out!One question - is it possible to have a list of terms to NOT use for account name? For example if the naming standard is First initial + 3 characters of lastname the account name for Sam Hiton...then the Sam will likely not have a good experience with his accountName.Thanks,D
    • Anonymous
      October 31, 2016
      Figured a simple way to address my issue.I create a temp accountname property with the PowerShell workflow action in step a prior to the Generate Unique Value.