Scenario Generate Unique Account Name

Anthony Marsiglia edited this page Dec 19, 2015 · 4 revisions

Generate Unique Value (Account Name)

**Generate Unique Value (Account Name):**This workflow is used to create a Unique Value to be set as the value of the Account Name in the FIM Portal which will then be used to during the provisioning of the user in Active Directory. This Workflow performs a look up using an LDAP Query to AD as well as within the FIMService DB itself for all users to determine if the value that is being created is unique. When using the Generate Unique Value workflow activity you have the option to perform the LDAP Query as it is not required to create a unique value but if you are creating users or resources for an external data source. Such as AD it would be recommended to add the LDAP Query, without the query you will create an object with the value to be used for Account Name in the FIM Portal (FIMService DB) as unique but there is no guarantee that the value will be unique in the Data source that this object will be provisioned to even if all users are believed to be in the portal. Additionally I would add this workflow activity as part of a workflow that is used when creating new users, this is to ensure Workflow integrity and controlling order of operations.

Scenario Generate Unique Account Name 1 Scenario Generate Unique Account Name 2

Generate Unique Value
Activity Display Name (Type the name you wish to call this Activity) Generate Account Name
Activity Execution Condition For this example leave it this field blank)
Target for Generated Value [//Target/AccountName]
Conflict Filter /Person[AccountName'[//Value]']
Query LDAP for conflicts **This option when selected can be used to determine uniqueness of an attribute on an object that is not yet in the FIM Portal, for example if using this workflow to create a User with a unique Account Name that will be provisioned to Active Directory and not all of the users in your environment are in the FIM Portal you would want to use this to do an LDAP Lookup to Active Directory and verify that a user with the suggested Account Name (samAccountName) does not already exist.**If this option is not selected only objects with in the FIMPortal will be used to determine Uniqueness.
LDAP Queries True
Directory Entry Path LDAP://DC=Contoso,DC=com
LDAP Filter (&(Objectclass=user)(ObjectCategory=Person)(samaccountname=[//Value]))
Uniqueness Key Seed Enter a Value to be used as the starting point to generate a Unique ValueIn this Example we entered the number 2
Value Expressions
[//Target/FirstName]+"."+[//Target/LastName]
[//Target/FirstName]+"."+Left([//Target/MiddleName],1)+"."+[//Target/LastName]
[//Target/FirstName]+"."+Left([//Target/MiddleName],1)+"."+[//Target/LastName]+[//UniquenessKey]
Considerations In the Above Examples If Middlename does not exist the account would be created as such First..Last which in most cases would not be the desired result. An option to validate isPresent for Middle Name would be as foolows [//Target/FirstName]+"."+[//Target/LastName] [//Target/FirstName] + "." + IIF(IsPresent([//Target/MiddleName]), Left([//Target/MiddleName],1), "") + IIF(IsPresent([//Target/MiddleName]), ".", "") + [//Target/LastName] [//Target/FirstName] + "." + IIF(IsPresent([//Target/MiddleName]), Left([//Target/MiddleName],1), "") + IIF(IsPresent([//Target/MiddleName]), ".", "") + [//Target/LastName]+[//UniquenessKey] ** **
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.