Udostępnij za pośrednictwem


Management Agent Advanced Attribute Flows

 

In this post we will discuss the Configuration of Attributes flows within a management agent to utilize an attached .dll .

The assumption is you already have a Management Agent Created of some sort and now you wish to add advanced attribute flows which utilize a custom extension that is compiled as a .dll and attached to the desired Management Agent as opposed to direct attribute flows which basically just syncs the data from the source to its destination “as is” without any major modification or scenarios such as what to do when the source data meets X criteria or is missing or any other scenario which needs to be considered to deliver the correct data to the destination.

The only requirement when configuring the Attribute flow is that the Management Agent before the configuration of the attribute flow on the Management Agent. What I mean by this is if your Attribute flow is for an custom attribute that doesn't exist exist at the source or destination you can not pre define the attribute flow, Yes I know that sounds very elementary but I have often received questions on this very topic when people are trying to get some prep work completed with the intention of completing other steps later.

I usually Have the Code written prior to to updating the Management Agent but it is not necessary but keep in mind if you update the MA prior to having the code written and attached the Management Agent will not be able to run any syncs.

So lets configure the Management Agent to use a custom dll.

Mapping the DLL to the Management Agent

On the Management Agent that you wish to configure the attribute flows to use the advanced attribute flows, Right click the Management Agent and select Properties

image

In the Properties Window click on the Configure Extensions section

image

In the Configure Extensions Section click on Select

image

In the window that pops up select the .dll file that you created, Note when the dll must be in the Extensions folder usually located at

C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions

When the correct dll has been selected click on OK to close out the window, now verify that the extension now is displayed in the text field next to Rules Extension name:

image

Click on OK to save current configuration of the Management Agent.

When you are ready to Configure the attribute flows once again go into the properties menu of the Management Agent and select Configure Attribute Flows.

image

As you can see in the above image I have some Direct Attribute flows but we will now create some “Advanced” attribute flows which will utilize a custom extension.

Now lets add a new attribute flow but first lets take a look at a previous post Rules Extensions – MapAttributesForImport and lets look at the function for objectSidString

    case “objectSidString”:

          byte[] objectSidString = csentry[“objectSid”].BinaryValue;
          mventry[“objectSidString”].StringValue = ConvertSidToString(objectSid);
    break;

when we create an advanced attribute flow we will need the following information..

Highlighted in Yellow is the Flow Rule Name: what ever is used here in quotes needs to be entered as is and is case sensitive.

Highlighted in Green is the attribute that will need to be selected for source or destination depending on the attribute flow direction.

Highlighted in Blue is another attribute that will need to be selected for source or destination depending on the attribute flow direction.

 

Now lets take a look at how this looks on the Management Agent

image

Notice that on the Data source attribute side I have selected the attribute that I had previously highlighted in Green in this example objectSid

On the Metaverse attribute side I have previously highlighted in Blue in this example objectSidString additionally this attribute is a custom attribute that was previously created in the Synchronization Service.

image

Now look at the Flow rule name: notice it matches what was highlighted in Yellow previously exactly. If this doesn't match you will find yourself wondering why an expected attribute flow was not hit.

Additionally when setting up the attribute flow and you need to reference a dll you must select Advanced for the Mapping Type. When configuring attribute flows that require multiple attributes to be selected at the “SOURCE” which are used to define the value for an attribute at the “destination”

 

 

 

Questions? Comments? Love FIM/MIM so much you can’t even stand it?

EMAIL US!

>WE WANT TO HEAR FROM YOU<

## https://blogs.msdn.microsoft.com/connector_space# #