Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-12-10) Checking Uniqueness Of An Attribute In FIM 2010 During The CREATE Process

Posted by Jorge on 2009-12-10


At the time of writing Update 2 has been released for FIM 2010 RC1. This update introduces a new feature for RCDCs which leverages XPATH.

In short, when you CREATE a new object in the FIM Portal you can configure an attribute in the RCDC (a.k.a. OVC) to check if the value that was entered manually already exists in the database. If it does not, you can continue. If it does already exist, it will tell you right away! Unfortunately this does NOT work when EDITING an object as the check is not made.

From my personal experience I can say that administering RCDC XML files in XML Notepad is friendlier than editing the text under the hood. Others like to do it in Visual Studio as that also performs additional checks.

Now let’s say you do not use an activity to generate a unique AccountName for a person object in the FIM Portal. Instead you need to do it manually and you would like to know right away if it’s possible to use that value or not.

In the RCDC for user creation you may have a similar section for the AccountName attribute.

In some editor, it would look like:

image

In XML Notepad, it would look like:

image

After you have edited the RCDC, you need to load it into the FIM Portal and finish it with an IISERESET. For the IISRESET, make sure to do that with elevated permissions (otherwise it will fail).

When creating a user manually and entering the AccountName, you will see the following if the attribute value already exists as soon as you click NEXT:

image

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/cc51ca7a-908c-40bf-ae10-f47711dd321b

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

4 Responses to “(2009-12-10) Checking Uniqueness Of An Attribute In FIM 2010 During The CREATE Process”

  1. […] Read more here: https://jorgequestforknowledge.wordpress.com/2009/12/10/checking-uniqueness-of-an-attribute-in-fim-20… […]

  2. […] this post I explained how to check for uniqueness of an attributevalue that was entered manually in the RCDC […]

  3. Anthony said

    How about verifing uniqueness or 2 attributes for example lets say i my DisplayName is Alpha and i will have several accounts but i want a unique account based on displayname and account type so there can only be 1 admin account that has a display name of Alpha and 1 Contractor account with the displayname of Alpha

    • Jorge said

      basically you want the combination of multiple attribute values (in your case 2 values) to be unique.

      I never tried it myself through the RCDC to check uniqueness of multiple combined attributes, but you could try the following for the XPATH Validation filter (/Person[(AccountType=’%VALUE%’) and (DisplayName=’%VALUE%’) and not(ObjectID=’%ObjectID%’)]). However, I’m almost certain that will not work because you need to already know the value for AccountType and the question is how to express that value.

      That aside I would not use this approach to achieve what you want. Instead I would use a workflow activity that is triggered to generate a unique value base upon specific already known values. That way you can define a convention for the targeted attribute.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: