Skip to content

Scheduled notifications from the FIM Portal

I was asked today to implement notification emails on changes to certain groups. Like many situations with the FIM Portal this turned out to be trickier than expected. A number of the groups are criteria-based so don’t actually have a member attribute as such. With no member-update request happening there’s nothing to actually trigger a notification workflow on.

Fortunately the customer was happy to have a daily scheduled email with a summary of changes, rather than immediate emails on every change. So I took inspiration from Bob Bradley’s Housekeeping Policy approach to solve the problem.

ROPU Workflows

The first thing to know about is the “Run on policy update” workflow.

When combined with a “Transition In” MPR this has the very useful effect of re-applying the policy to all members of the Transition In Set upon any change to the MPR. “Any change” includes enabling the MPR, so this is a simple way to force the policy to run against all the objects that are already in the set - effectively re-running any Action workflows, such as a notification.

So all I need to do is get an object in a set, make my ROPU workflow, then just toggle the Disabled switch off and on for the MPR when I want to fire the notification. Easy!

Workflow Configuration

The first thing my workflow does is call the PowerShell activity to gather the information I want to insert into the email. I format it as HTML and then pass it back to the workflow in a WorkflowData parameter.

The Email Template then simply includes the WorkflowData parameter:

 

Transition Set and MPR

Before I can create the MPR I need to create a set. It really doesn’t matter what is in the set in this example as I’m not using any values from the Target in the workflow, however I only want it to have one member so the notification only triggers once. For convenience I have the object receiving the notification as the member. (I expect I could extend this idea to include other objects needing notifications as well, though I’d need some logic matching set-members to their specific notification requirements.)

The MPR is then very simple to set up:

  • Type: Transition In
  • Disabled: True
  • Set: The set I created above
  • Action Workflow: The Notification workflow

Toggling the MPR

The final step is a simple little script that enables and then immediately disables the MPR, and which you can schedule as required.

This script uses the FIMPowerShell Function library from http://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx
 

PARAM ($MPRName)

# Enables then disables an MPR.
# Used to trigger ROPU workflow.

. E:\scripts\FIMPowerShell.ps1

$Filter = "/ManagementPolicyRule[DisplayName='{0}']" -f $MPRName

$MPRObj = export-fimconfig -CustomConfig $Filter -OnlyBaseResources

$ModifyImportObject = ModifyImportObject -TargetIdentifier $MPRObj.ResourceManagementObject.ObjectIdentifier -ObjectType "ManagementPolicyRule"
SetSingleValue -ImportObject $ModifyImportObject -AttributeName "Disabled" -NewAttributeValue "False"
$ModifyImportObject | Import-FIMConfig

$ModifyImportObject = ModifyImportObject -TargetIdentifier $MPRObj.ResourceManagementObject.ObjectIdentifier -ObjectType "ManagementPolicyRule"
SetSingleValue -ImportObject $ModifyImportObject -AttributeName "Disabled" -NewAttributeValue "True"
$ModifyImportObject | Import-FIMConfig

{ 2 } Comments

  1. Matt Scheffrahn | March 7, 2013 at 1:08 am | Permalink

    This is extremely cool. Thanks much for sharing!

    One thing that seems somewhat vague here is how you are getting that “time slice” of what has changed in the group members on criteria-based groups.

    I am fairly certain that I could get Powershell to give me the current /computedmember of criteria-based groups, but I am curious how you are getting just what has happened in the previous 24 hours.

  2. Carol | March 7, 2013 at 1:40 am | Permalink

    Hi Matt. It’s not very high tech – I keep a dump of the group list from the day before and then do a comparison. For criteria groups this means running an export-fimconfig using the group filter. At some point in the future I may get something in a reports database I can use instead.

    Also should add that I attempted to insert html in that workflow data and it didn’t work at all because FIM helpfully converted the symbols to html codes, so only basic text works. You can get round it with a custom notification activity or by sending the email direct from powershell (which kind of makes this whole process a bit pointless).

    Still the MPR toggling is a useful approach for other things as well. I’m using it so I can schedule cleanup jobs to run at night based on transition sets, instead of firing as soon as the object transitions in.

Post a Comment

Your email is never published nor shared. Required fields are marked *

Spam comments will be blocked by Akismet

*

Endep online order order buy Endep online purchase Endep online without script buy generic Endep from india buy in Endep uk where to buy Endep without a prescription Endep from canada buy 10 mg Aricept generic Aricept cost order Nizoral no visa Nizoral 200 mg buy cheap Nizoral line Nizoral on line best finpecia online pill Requip Requip free Requip uk Amitriptyline generic buy generic Amitriptyline from india where buy Lisinopril purchasing finpecia with overnight delivery Nizoral online buy saturday delivery buy Nizoral in mo finpecia online how to buy Cytotec online without a rx order Aricept pharmacy buy Aricept with no prescription buy Amitriptyline no perscription cod Online us Requip how to buy Amitriptyline without a prescription buy line Amitriptyline buy Amitriptyline money buy purchase Accutane 40 mg on line no rx Accutane 40 mg sale order 40 mg Accutane online next day delivery 40 mg Accutane online buy Lisinopril pay cod Lisinopril overnight cod buy lisinopril without prescription buy lisinopril purchase Premarin cod next day delivery where buy Premarin buy Premarin online free fedex delivery Premarin cheapest place to buy Metformin purchase Metformin online generic 20mg prednisone online finpecia online overnight buy finpecia cheap buy Metformin toronto Metformin prescription buy Metformin where online Orlistat purchase cheap online Orlistat buying Orlistat ordering Orlistat online order Metformin usa online Orlistat buy buy in Orlistat uk buy prednisone topix buy prednisone youtube Orlistat toronto buy discount Orlistat line buy cheap Orlistat without prescription buying Orlistat can i order finpecia onlinebuy finpecia cheap prednisone prescription cost lisinopril buy lisinopril