Friday, October 21, 2011

Reference membership of a set in FIM Portal

Sometimes you may want to have a group or set in the FIM portal be calculated from another group or set.

Unfortunately, the source can’t be a group, so stop there.  But if it’s a set then you’re OK.  The great thing about sets is that you can have both criteria based and manual users in it. Once you have it in a group export it to AD.  Now you have a solution a group with criteria based and manual users that can be administered from the FIM Portal.


  At this point create your target group (or set), go to members tab and do the following:


By choosing ResourceID ‘in’ <source set> it’ll do the trick.

Of course you could always go back the XPath filter, something like this:  /Person[ObjectID = /Group[DisplayName = 'sourceSet']/ComputedMember, but why when you can use the GUI.

Thursday, October 20, 2011

How to export AD LDS schema

Working for a client I needed to stand up an LDAP client and create a new class and attributes.  It was about 35 new attributes and take take a while when you have to do each one manually.  Now it’s time to move it to QA.  There ain’t a whole lot out there for exporting LDAP schema and of course the old LDIFE was giving me grief.  So after more searching I stumbled on a TechNet article and there it was.

It’s already installed if you set up ADLDS.  Look in \windows\ADAM it’s called ADSchemaAnalyzer.  I think it’s purpose is to compare different schema, but it also exports them to LDIF – Sweet!

First ‘load target schema’, then ‘load base schema’  I don’t know why, I didn’t have time to find out.  Then walk the tree and you’ll see all the object classes and attributes.  Now if you created an object class and new attributes just for that object, just select the new object class and the attributes will come along automatically.


Now Create LDIF file and away you go.  Very awesome!