Generate Unique Attribute Activity

When I first started out with MIIS I found the coding heavy going – but soon realised that the same few extension-writing methods are used for pretty much everything, and the fun bit was just how much I could achieve with them!

Now on to FIM and I have struggled every bit as much with learning how to write workflow activities, not particularly helped by the official documentation which I can only assume is computer generated, it is so completely unhelpful. But after a recent obsessive spate I’m finally starting to get the hang of it, and this has brought me to the next fantasy activity on my list – something to generate a unique attribute, such as an AccountName.

10th May 2011: I have just uploaded a new version of the activity. It has some more error checking and extra options for character-replacement and regular expression pattern matching. You will find the Download link further down this page.

11th August 2012: Just want the dll? A version compiled for FIM R2 is here with NO WARRANTY and NO SUPPORT: http://www.wapshere.com/missmiis/wp-content/uploads/2012/08/FIM.CustomWorkflowsActivityLibrary.zip. AIC config details are below in this post.

The idea

What I want is a way to generate an attibute based on a series of rules. If I don’t get a unique value with the first (ideal) rule, then I move to the second, then the third, then if completely desperate the fourth… Hopefully I’d have found something good by then.

In an effort to reduce effort (if you can have that) this activity relies on the OOB Function activity to generate the possible strings in order of preference. So here’s what the workflow looks like configured with three possible choices:

And here is one of the Function activties, which generates a string and puts it in a WorkflowData parameter (note I updated the pic above and now the functions below say “AccountName Option 1” instead of just “Option 1” – but they’re doing the same thing):

Developing the Activity

This activity is complicated compared to my powershell one, so I’ll just summarise the steps.

  1. A CurrentRequestActivity grabs the workflow details from FIM,
  2. A ReadTargetActivity gets the details of the object we’re trying to modify,
  3. A WHILE loop goes through the possible options until a unique value is found (or we run out of options),
  4. Within the WHILE loop, the EnumerateResourcesActivity does the actual looking up of the proposed attribute value, to see if it’s already taken,
  5. We then have an IfElse statement to handle the lookup results:
    • If we found a good match we write it to the target resource using an UpdateResourceActivity,
    • If we didn’t find a match an error is thrown – this leads to a PostProcessingError in FIM. Of course you could do something else like send an email here.

As well there are a bunch of code activities which smooth the way, setting up parameters and passing variables around.

The Code

Here is the most recent copy of the solution. You will have to compile it yourself. Make sure you understand what it is doing and adapt the code for your own purposes.

Offered as an example only with NO WARRANTY and NO SUPPORT: Download Code

AIC Configuration

Activity Name: FIM.CustomWorkflowsActivityLibrary.GenerateUnique
Assembly Name: FIM.CustomWorkflowsActivityLibrary, version=1.0.0.0, Culture=Neutral, PublicKeyToken=abd0a8713d768ea1
Is Action: yes
Ttype Name: FIM.CustomWorkflowsActivityLibrary.GenerateUniqueUI

Logging

This activity logs to the Application Event Log, but only if you first register the source liek this:

new-eventlog -LogName “Application” -Source “FIM Custom Workflow”

Other Reading

If, like me, you’re doing this WWF development stuff for the first time, I did find this short tutorial very helpful. Despite my rubbishing the MSDN FIM documentation above, there is lots of good stuff there too, of course.

Update for FIM R2

This activity seems to be working fine on R2.

If you are recompiling remember to first update the dlls in the “lib” folder to the versions that came with your current version of FIM.

Also I notice I don’t have a Windows SDK folder or gacutil on my new lab server. I copied gacutil.exe from somewhere else and it works fine – only it didn’t work from Build Events where I’ve put it in this solution. I had to open a command prompt “as administrator” and run gacutil from there.

About: Carol

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.


23 thoughts on “Generate Unique Attribute Activity”

  1. Carol-

    A ResolveGrammarActivity will convert those [//WorkflowData/] values (as well as //Target and //Requestor) in to actual values. Assign the XPath expression to GrammarExpression and you can get the output from ResolvedExpression.

  2. Hi Brian,

    yes everyone seems very keen on this ResolveGrammarActivity, but while the official documentation says “for internal FIM use only” and “not supported” I will be avoiding it. I think it would only have saved me a few lines of code anyway.

  3. I followed the example I entered the following values in the FIM Portal

    Activity Name: FIM.CustomWorkflowsActivityLibrary.GenerateUnique

    Assembly Name: GenerateUnique, version=1.0.0.0, Culture=Neutral, PublicKeyToken=abd0a8713d768ea1

    Type Name: FIM.CustomWorkflowsActivityLibrary.WebUIs.GenerateUniqueUI

    but the Activity is not showing up in the FIM Portal

  4. Did you iisreset? If so, and it’s still not there, double check your actual class names by using the Object Browser in Visual Studio.

  5. Hi Carol,

    I’m not sure if this is still monitored but i am struggling to compile the code in visual studio, im using visual studio 2010.

    When ever i try to build the solution i get:

    Compilaton failed. Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.

    Any ideas please??
    Ash

  6. I compiled in is VS2010 myself just the other day so I know it’s possible. Have you looked for that LoaderExceptions property? Also I did compile it on a FIM server (R2) – possibly made a difference in terms of having the right things available in the GAC.

  7. Ok then I will have to give it another try, forgive me im very new to visual studio, how/where do I need to look for that LoaderExceptions property? Yes im trying to do it for FIM 2010 R2 also.

    Do you have to run VS on the FIM server itself?

    Thanks and sorry for my basic knowledge!

  8. I usually do development on my dev server, which is a hangover from writing rules extensions where you want to have VS on the same server as the Sync service so you can attach the debugger. Otherwise I’m not much of a developer myself either so can’t help you any further than that. I’m sure google will turn something up! Good luck, and btw congrats on just posting the 500th comment on my blog 😉

  9. Thanks 🙂

    So I got it into FIM and have been able to create the workflow as mentioned above but dont seem to be getting the AccountName populated in the FIM portal?!

    Should it create the AccountName as users are provisioned in the portal?

  10. You need to trigger the WF. A MPR that fires on Transition In to the All People set is one way to do it. Or make a Request MPR that applies to “Create” “All People”.

  11. Hi sorry me again! I have got the workflow configured now as described above with all my account name options as functions and created a transition in MPR however it is not creating the account name attribute 🙁

    Am i missing something obvious?

  12. Start with the Search Requests page and look for any errors. Also when you look at the Request object used to create the new person you can see which MPRs applied. Make sure the MPR that runs your workflow is listed. Also I think this activity does some logging to the event log – make sure you create the log as described above and enable the logging.

  13. I’m getting an error:

    WorkflowManager could not deserialize XOML definition

    Thats in the Forefront Identity Manager even log, looks like my dll isnt working as it should after importing into the gac, maybe i hadn’t compiled it properly

  14. That one normally means there’s something wrong with the values enetred in the WF in the portal. I updated the picture because I realised I had the slashes the wrong way in the old one. Also you need to delete the comments that come up on the boxes by default – so there’s either a value there or blank.

  15. Im trying to recompile it now with the R2 DLL’s by putting them into the lib directory.

    I found the Microsoft.ResourceManagement.dll however the other two Microsoft.IdentityManagement.WFExtensionsInterfaces.dll
    Microsoft.IdentityManagement.WebUI.Controls.dll
    I cant find on my FIM server to replace in the folder to recompile, where are they stored?
    Thanks again!
    Ash

  16. Ahhh thank you, I actually did manage to build it in the end and get it all working on my own (promise!) but I appreciate your help thank you!

    Would it be possible to introduce more options in the workflow if necessary?

  17. Yes of course – I’m sure you’ll be able to work out what to do in the WF and UI code – you seem to be doing fine!

  18. Hi Carol me again!

    So I managed to get it all working fine but now want to add more options into the workflow.
    I modified the WF and UI code as I thought I needed to and installed the new dll into the gac, I can see the extra option in the workflow activity so the UI code seems to be fine but I am getting serialization errors when the workflow activity runs so think I have messed something up in the WF code!
    Would it be possible to send the dll I built with the extra code to you to see if you can see where I have gone wrong and then hopefully I will be able to extend it further?

  19. Sorry ignore the last comment I have got around that now however I do have another question.
    Is it possible to in some way remove spaces from a generate attribute? For example if u sue the format in your example above and someones name is:
    Phil de Rossi
    It would generate a unique attribute called pde r which is obviouslt not ideal for user account names :p

Comments are closed.