Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2011-01-23) Searching For Objects When Populating Reference Attributes In FIM (Part 3)

Posted by Jorge on 2011-01-23

This post explains the option to search for objects when using the " UsageKeyword Linking To A Search Scope ". Part 2 can be found here.

[Ad.2] "UsageKeyword Linking To A Search Scope"

In the screen below you see the "Computer Used By" attribute with the UocIdentityPicker control in the RCDC. You can also see that it’s value is pointing to another person object.


With this attribute, and of course any other similar attribute, you may want to make sure that only certain person objects (for example in specific location) are referenced. The next thing you need to think about is how are you going to mark an object so that you can define your filter? However, in this case any PERSON object was eligeable to be selected and it was not as important as with option 1 to be very precise. You should also be able to specify different search criteria (filters).

The only correct way to do this is by using the "UsageKeyword Linking To A Search Scope". Its configuration can be seen below.


First let’s explain the yellow marked options.

  • Attribute Name: "computerUsedBy"
  • Control Type: "UocIdentityPicker" –> enables you to select other objects to be specified as a value for the attribute;
  • ColumnsToDisplay: "DisplayName,AccountName,Department " –> this is a list of attributes (specified by systemName) separated by a comma (,) that are shown when browsing for objects (after clicking the Browse button). However, this would only apply when using the "Filter Property" method and it is not used in this case;
  • AttributesToSearch: "DisplayName,AccountName" –> this is a list of attributes (specified by systemName) separated by a comma (,) that are searched with the value that was specified by you (after clicking the Validate And Resolve button);
  • UsageKeywords: "AllUsers,AllEmployees,AllContractors" –> this is a list of UsageKeywords separated by a comma (,) that are used in specific Search Scopes. In this case three Search Scopes exist and each have one of the UsageKeywords defined so that it is linked to this Identity Picker (also see picture below);
  • ObjectTypes: "Person" –> when just specifying a value in the Identity Picker and resolving it, it would only be resolved against PERSON objects. This can be a list of objectTypes to search against and those are separated by a comma (,);
  • Mode: "SingleResult" –> at all times the attribute can only have one single value. To be able to specify multiple value it should have had the value MultipleResult;
  • ResultObjectType: "Person" –> The resource type is used to render objects matching the filter in the pop-up dialog-box list.

REMARK: In addition, additional filtering might be in effect because of configured permissions. For example, if you have people in Amsterdam and Seattle and you are only allowed to view person objects in the Seattle, then in your case as the person performing the query will be only to match PERSON objects in Seattle.


  • When clicking the Browse button it does not return results right away (as shown in the picture below). If the list of quite large, it enables you to search based upon the selected Search Scope


  • The only filters here are the objectType defined and the permissions to be able to query (view) the objects of the same objectType. If this option is used in the previous scenario you are able to select objects that should not be specified.


More information about controls in RCDCs: Resource Control Display Configuration XML Reference

* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
############### Jorge’s Quest For Knowledge #############
######### ########

2 Responses to “(2011-01-23) Searching For Objects When Populating Reference Attributes In FIM (Part 3)”

  1. […] Part 3 can be found here. […]

  2. […] Searching For Objects When Populating Reference Attributes In FIM – Available Options (Part 3) […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: