This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.
First published on MSDN on Feb 08, 2016Update 1/19/2017
When configuring your "Join Logic" via a Custom MA Extension we need to remember to try and keep it simple i know that's not always possible but the more complex the Join Logic the greater the risk of joining two objects up incorrectly, Also try not to get into the trap of trying to make a super complex join logic to cover every possible scenario, Join logic should not be a replacement for good old fashion Data Clean Up. Yes using code can and will make Data Clean up easier but if you have 2 million objects and there is one object that has no real data to be used for joining do you waste countless hours to come up with logic to allow that 1 object to join up with something or do you find that object after and just clean it up at the source.
by modifying the following section you can build a more advance Join Logic, the below code is referenced from the following post Rules Extension -MAExtension
void IMASynchronization.MapAttributesForJoin (string FlowRuleName, CSEntry csentry, ref ValueCollection values)
{
//
// TODO: write join mapping code
//
throw new EntryPointNotImplementedException();
}
If you would like to join objects from a Source Directory that has samAccountNames with the format that includes "SP_" added to the accountName from other directories.
in a Disaster Recovery Scenario where you have to rebuild the Metaverse and join objects back up.
the following piece of code would remove "SP_" from the samAccountName of the source object and than attempt to join to an object in the metaverse with the accountName that matches the sAMAccountName of the source object minus the "SP_"
Example A
void IMASynchronization.MapAttributesForJoin (string FlowRuleName, CSEntry csentry, ref ValueCollection values)
{
//
// TODO: write join mapping code
//
values.Add(csentry["samAccountName"].StringValue.Replace("SP_", ""));
//throw new EntryPointNotImplementedException();
}
The problem with the above code is, I left no room for addition Join logic. If I wanted to use the Same extension across several Management Agents each with their own unique Join Statement I would need to modify the code like the following example
Example B
void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
{
switch (FlowRuleName)
{
case "SPAccountName":
values.Add(csentry["samAccountName"].StringValue.Replace("SP_", ""));
break;
case "BuildAccountName":
if (csentry["accountName"].IsPresent)
{
values.Add(csentry["accountName"].StringValue);
}
else if (csentry["firstName"].IsPresent && csentry["lastName"].IsPresent)
{
values.Add(csentry["firstName"].StringValue + "." + csentry["lastName"].StringValue);
}
break;
}
}
Example A would require the MA Join Logic to be configured like
Example B would use the FlowRuleName making it easier to manage
Once the code has been compiled See Rules Extensions - Build and Compile
Right Click on the Management Agent that the extension is for and click on Properties
in this example we wrote an extension for Join Logic so we will click on Configure Join and Projection Rules
Select the object type you wish to configure the Join Rule for, in this example we chose group.
now Select New Join Rule,
In the Data Source attribute: section we selected sAMAccountName
for Mapping Type we selected Rules Extension
For Metaverse object type: select the object type that you wish to join to in the metaverse do not leave as ANY, unless that is what you really need.
and for Metaverse Object type: we selected accountName
Once you have that selected click on Add Condition, you may get the following message about joining non-indexed
Click on OK
Now in the next window you need to define context or function in which will be called in the rules extension that will perform the action you desire.
If you dont know what it is open up the extension again in Visual Studios
In this example we will use IMASynchronization.MapAttributesForJoin
Remove the value in the window
now add the function name in this example we will use "IMASynchronization.MapAttributesForJoin" it should look like the following
Click on OK
At this point if you click on OK you will probably receive the following message unless you have the rules extension selected under Configure Extensions
When you click on OK from this window you should be directed to the Configure Extensions Window
Click on Select next to the Rules Extension at the top
This will open up a window which will display all .dll files within the default extensions directory "C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\*.dll"
Locate the Extension you just Compiled and select and highlight it, click on OK
It should now be listed in the Rules Extension Name section.
Click on OK to complete and save the configuration.
If there are multiple functions that are using rules extensions you need to add all the functions to a single .dll.
## Additional information on "IMASynchronization.MapAttributesForJoin Method" can be located here