Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2016-10-09) How To Clear A Value (NULLing It) From An Attribute On An Object In The FIM/MIM Portal?

Posted by Jorge on 2016-10-09


It might be the case you want to flow a NULL value into some attribute, or in other words clearing an attribute value, when meeting some condition.

In the sync rules a "Null()" function exists, which might give you the idea that it flows a NULL value. Au contraire, mon ami! The "Null()" function basically means "do nothing". One of the examples of using that function is in combination with the "IIF()" function. The "IIF()" function translates into "If…Then…Else". Sometimes, you just want to have "If…Then" and you do not care about the “Else”, and that’s when you use the "Null()" function when using the “IIF()” function.

For example:

IIF(Eq(X,"1"),Y,Null()) ==> Z

means…..

If X=1 then Z=Y

So, how do you clear a value in the FIM/MIM Portal? It is not possible by default, therefore you need a custom workflow activity to do that for you.

On codeplex you will find Soren Granfeldt’s "FIM 2010 Granfeldt Workflow Activity Library". This Activity Library is a collection of generic custom workflows for use with FIM 2010 R1/R2 and MIM 2016. The purpose of this collection of workflow activities is to have activities that can solve the most common tasks in a traditional FIM installation – in one library.

As you can read in the documentation, it now supports an activity to clear an attribute value from the specified attribute. However, when downloading the activity, the old activity that does support this is still targeted for download. A workaround for this is to use the Code Run activity.

After adding the “Code Run” activity to the workflow:

  • Enter something in the “Title” field explaining what it does
  • In the “References (DLL’s)” field enter: System.dll
  • No need to specify anything in the “Parameters” field
  • In the “Code” field specify the following code:

using System;
public class FIMDynamicClass
{
            public static object FIMDynamicFunction()
            {
                    return null;
            }
}

  • In the “Destination” field specify the targeted attribute for which its value must be cleared using the format: [//Target/<Attribute>] where <Attribute> is replaced with the attribute you need to be cleared

image

Figure 1: Clearing An Attribute Using The Code Run Activity In Soren Granfeldt’s "FIM 2010 Granfeldt Workflow Activity Library"

You can also use the MIM WAL activity to do the same which is available on Github. The MIMWAL is a Workflow Activity Library (WAL) solution for configuring complex Workflows in the Microsoft Identity Manager (MIM) 2016 and Forefront Identity Manager (FIM) 2010 R2 solution.

After adding the “Update Resources” activity to the workflow:

  • Enter something in the “Activity Display Name” field explaining what it does
  • No need to use the advanced features of the activity
  • In the “Value Exprssion” field specify 2 quotes ""
  • In the “Target” field specify the targeted attribute for which its value must be cleared using the format: [//Target/<Attribute>] where <Attribute> is replaced with the attribute you need to be cleared
  • Make sure to check “Allow Null”

image

Figure 2: Clearing An Attribute Using The Update Resources Activity In The MIMWAL (MIM Workflow Activity Library)

Have fun!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: