This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.First published on MSDN on Feb 03, 2017
In this post we will discuss the Configuration of Attributes flows within a management agent to utilize an attached .dll .
The assumption is you already have a Management Agent Created of some sort and now you wish to add advanced attribute flows which utilize a custom extension that is compiled as a .dll and attached to the desired Management Agent as opposed to direct attribute flows which basically just syncs the data from the source to its destination “as is” without any major modification or scenarios such as what to do when the source data meets X criteria or is missing or any other scenario which needs to be considered to deliver the correct data to the destination.
The only requirement when configuring the Attribute flow is that the Management Agent before the configuration of the attribute flow on the Management Agent. What I mean by this is if your Attribute flow is for an custom attribute that doesn't exist exist at the source or destination you can not pre define the attribute flow, Yes I know that sounds very elementary but I have often received questions on this very topic when people are trying to get some prep work completed with the intention of completing other steps later.
I usually Have the Code written prior to to updating the Management Agent but it is not necessary but keep in mind if you update the MA prior to having the code written and attached the Management Agent will not be able to run any syncs.
So lets configure the Management Agent to use a custom dll.
Mapping the DLL to the Management Agent
On the Management Agent that you wish to configure the attribute flows to use the advanced attribute flows, Right click the Management Agent and select Properties
In the Properties Window click on the Configure Extensions section
In the Configure Extensions Section click on Select
In the window that pops up select the .dll file that you created, Note when the dll must be in the Extensions folder usually located at
C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions
When the correct dll has been selected click on OK to close out the window, now verify that the extension now is displayed in the text field next to Rules Extension name:
Click on OK to save current configuration of the Management Agent.
When you are ready to Configure the attribute flows once again go into the properties menu of the Management Agent and select Configure Attribute Flows.
As you can see in the above image I have some Direct Attribute flows but we will now create some “Advanced” attribute flows which will utilize a custom extension.
Now lets add a new attribute flow but first lets take a look at a previous post Rules Extensions – MapAttributesForImport and lets look at the function for objectSidString
case “ objectSidString ”:
byte objectSidString = csentry[“
mventry[“ objectSidString ”].StringValue = ConvertSidToString(objectSid);
when we create an advanced attribute flow we will need the following information..
Highlighted in Yellow is the Flow Rule Name: what ever is used here in quotes needs to be entered as is and is case sensitive.
Highlighted in Green is the attribute that will need to be selected for source or destination depending on the attribute flow direction.
Highlighted in Blue is another attribute that will need to be selected for source or destination depending on the attribute flow direction.
Now lets take a look at how this looks on the Management Agent
Notice that on the Data source attribute side I have selected the attribute that I had previously highlighted in Green in this example objectSid
On the Metaverse attribute side I have previously highlighted in Blue in this example objectSidString additionally this attribute is a custom attribute that was previously created in the Synchronization Service.
Now look at the Flow rule name: notice it matches what was highlighted in Yellow previously exactly. If this doesn't match you will find yourself wondering why an expected attribute flow was not hit.
Additionally when setting up the attribute flow and you need to reference a dll you must select Advanced for the Mapping Type. When configuring attribute flows that require multiple attributes to be selected at the “SOURCE” which are used to define the value for an attribute at the “destination”
Questions? Comments? Love FIM/MIM so much you can’t even stand it?
>WE WANT TO HEAR FROM YOU<