Skip to content

Scheduled notifications from the FIM Portal

I was asked today to implement notification emails on changes to certain groups. Like many situations with the FIM Portal this turned out to be trickier than expected. A number of the groups are criteria-based so don’t actually have a member attribute as such. With no member-update request happening there’s nothing to actually trigger a notification workflow on.

Fortunately the customer was happy to have a daily scheduled email with a summary of changes, rather than immediate emails on every change. So I took inspiration from Bob Bradley’s Housekeeping Policy approach to solve the problem.

ROPU Workflows

The first thing to know about is the “Run on policy update” workflow.

When combined with a “Transition In” MPR this has the very useful effect of re-applying the policy to all members of the Transition In Set upon any change to the MPR. “Any change” includes enabling the MPR, so this is a simple way to force the policy to run against all the objects that are already in the set - effectively re-running any Action workflows, such as a notification.

So all I need to do is get an object in a set, make my ROPU workflow, then just toggle the Disabled switch off and on for the MPR when I want to fire the notification. Easy!

Workflow Configuration

The first thing my workflow does is call the PowerShell activity to gather the information I want to insert into the email. I format it as HTML and then pass it back to the workflow in a WorkflowData parameter.

The Email Template then simply includes the WorkflowData parameter:

 

Transition Set and MPR

Before I can create the MPR I need to create a set. It really doesn’t matter what is in the set in this example as I’m not using any values from the Target in the workflow, however I only want it to have one member so the notification only triggers once. For convenience I have the object receiving the notification as the member. (I expect I could extend this idea to include other objects needing notifications as well, though I’d need some logic matching set-members to their specific notification requirements.)

The MPR is then very simple to set up:

  • Type: Transition In
  • Disabled: True
  • Set: The set I created above
  • Action Workflow: The Notification workflow

Toggling the MPR

The final step is a simple little script that enables and then immediately disables the MPR, and which you can schedule as required.

This script uses the FIMPowerShell Function library from http://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx
 

PARAM ($MPRName)

# Enables then disables an MPR.
# Used to trigger ROPU workflow.

. E:\scripts\FIMPowerShell.ps1

$Filter = "/ManagementPolicyRule[DisplayName='{0}']" -f $MPRName

$MPRObj = export-fimconfig -CustomConfig $Filter -OnlyBaseResources

$ModifyImportObject = ModifyImportObject -TargetIdentifier $MPRObj.ResourceManagementObject.ObjectIdentifier -ObjectType "ManagementPolicyRule"
SetSingleValue -ImportObject $ModifyImportObject -AttributeName "Disabled" -NewAttributeValue "False"
$ModifyImportObject | Import-FIMConfig

$ModifyImportObject = ModifyImportObject -TargetIdentifier $MPRObj.ResourceManagementObject.ObjectIdentifier -ObjectType "ManagementPolicyRule"
SetSingleValue -ImportObject $ModifyImportObject -AttributeName "Disabled" -NewAttributeValue "True"
$ModifyImportObject | Import-FIMConfig

{ 2 } Comments

  1. Matt Scheffrahn | March 7, 2013 at 1:08 am | Permalink

    This is extremely cool. Thanks much for sharing!

    One thing that seems somewhat vague here is how you are getting that “time slice” of what has changed in the group members on criteria-based groups.

    I am fairly certain that I could get Powershell to give me the current /computedmember of criteria-based groups, but I am curious how you are getting just what has happened in the previous 24 hours.

  2. Carol | March 7, 2013 at 1:40 am | Permalink

    Hi Matt. It’s not very high tech – I keep a dump of the group list from the day before and then do a comparison. For criteria groups this means running an export-fimconfig using the group filter. At some point in the future I may get something in a reports database I can use instead.

    Also should add that I attempted to insert html in that workflow data and it didn’t work at all because FIM helpfully converted the symbols to html codes, so only basic text works. You can get round it with a custom notification activity or by sending the email direct from powershell (which kind of makes this whole process a bit pointless).

    Still the MPR toggling is a useful approach for other things as well. I’m using it so I can schedule cleanup jobs to run at night based on transition sets, instead of firing as soon as the object transitions in.

Post a Comment

Your email is never published nor shared. Required fields are marked *

Spam comments will be blocked by Akismet

*

Prednisone on line buy Prednisone overnight buy cheap Prednisone online free consult buy Prednisone on line amex uk buy Prednisone buy cod Prednisone order overnight Prednisone medikament Prednisone Prednisone order online buy Prednisone no scams buy Prednisone mastercard online purchase Prednisone buy cheap Prednisone no prescription buy Prednisone amex online without rx buy Prednisone canada purchasing Prednisone without a script where to buy generic Prednisone online without a prescription Prednisone drug non rx cheap Prednisone order Prednisone cheap overnight fedex Prednisone overnight without a prescription buy Prednisone 20 mg buy Prednisone where Prednisone without prescription overnight shipping purchasing Prednisone without a script Prednisone without rx overnight shipping where to purchase Prednisone no prescription no fees Prednisone online overnight delivery cod Prednisone prescription order order Prednisone without rx from us pharmacy buy Prednisone pills in toronto buy Prednisone online online pharmacies Prednisone buy Prednisone no prescriptions buy Prednisone once a day order Prednisone pay pal online without rx buy Prednisone where buy line Prednisone best finpecia online pill buy Maxalt us pharmacy Maxalt buy Maxalt with visa Cytotec purchase overnight delivery where buy Lisinopril purchasing finpecia with overnight delivery no prescription requip buy requip over the counter where can i order requip online how to get arimidex arimidex cheap online Lisinopril overnight cod cheap order rx metformin prednisone 40 mg cheapest place to buy Metformin purchase Metformin online Maxalt no prescription needed 10mg Maxalt 10mg canada where to buy Maxalt uk buy generic Maxalt canada buy metformin cod ordering Requip online non prescription Requip Requip without script Requip with no rx where to buy Requip Requip online no prescription buy generic Requip australia canadian pharmacy no prescription Requip Requip no rx buy generic Requip online no prescription buy cheap Maxalt under without rx buy on line Maxalt where can i buy Maxalt buy pharmacy Maxalt waterview buy maxalt online no prescription buy Maxalt visa buy Maxalt pills online maxalt buy buy Maxalt pills buy Maxalt shipped cod buy Maxalt cod Maxalt purchase online Maxalt purchase online where to buy generic maxalt online without a rx buy Maxalt with no prescription Lisinopril no prescription buy cheap Lisinopril buy cheap generic Lisinopril how to buy Metformin without a prescription Metformin price buy Alli without prescription