In January of 2016 Microsoft made the MIMWAL publically available. The MIMWAL is a Workflow Activity Library (WAL) for building complex workflows in the Microsoft Identity Manager (MIM) 2016 and Forefront Identity Manager (FIM) 2010 R2 solution. For more information about the MIMWAL to include project source code, releases and documentation, and discussion forums visit http://microsoft.github.io/MIMWAL/.
As a Microsoft Partner, we have had access to the MIMWAL prior to it being released to the public. We have utilized the MIMWAL in every customer deployment that we have been a part of. It simply makes things possible that otherwise would not without having to write very complex code. In this blog posting, I will show you some of the benefits to using the MIMWAL when defining workflows for provisioning users from FIM to Active Directory.
The MIMWAL provides additional activities that can be selected during the creation of an action workflow. The first screen shot is the Activity Picker with default MIM while the second screen shot shows the Activity Picker with the installation of the MIMWAL.
Default MIM Action Workflow Activity Picker
MIMWAL Action Workflow Activity Picker
In this blog posting we utilize the “Generate Unique Value” and “Update Resources” activities in the workflow that we utilize for account provisioning.
Create Unique Account Name
This activity below was configured to generate a unique Account Name based on the first character of the first name plus the last name. A user named Joe Smith would be assigned the Account Name JSmith. The nice feature of this workflow activity is that if a second user is created with the name Joe Smith, the activity will apply a uniqueness key which will result in the user being assigned the Account Name of JSmith1. If there is already a JSmith1, it will append the number 2 and so on.
Lets take a look at how this “Create Unique Account Name” workflow activity works. In the screen shot above you will see the Target for Generated Value. This is simply the attribute that we are generating a value for using this workflow which in this case is AccountName. The field below that is Conflict Filter which is the value being evaluated for uniqueness; AccountName for a Person object type. Next, you will see Uniqueness Key Seed which is the first number that will be included in the value when you have a conflict. We have selected the number “1” which would mean that “1” would be the first number used to ensure uniqueness; JSmith1 for example. And at the bottom you will see Value Expressions where the first expression will apply if no conflict exists and the second expression applies if there is a conflict and will increment the Uniqueness Key Seed until there is no conflict. The expressions are leveraging the “Left” function so that the formatting of AccountName will be the first letter of the first name followed by the Last Name.
For more information about functions that can be used for modifying attributes prior to flowing them to a target, go to the FIM Functions Reference here: https://technet.microsoft.com/en-us/library/ff800820(v=ws.10).aspx
For more information about XPATH syntax, go to the FIM XPath Filter Dialect reference here: https://msdn.microsoft.com/en-us/library/windows/desktop/ee652287(v=vs.100).aspx
Make MailNickname the same as AccountName
The following screen shot is the same workflow using the Update Resources activity to copy the newly created AccountName attribute to the MailNickname attribute.
Display Name Update
The following screen shot is the same workflow using the Update Resources activity to build a Display Name based on the first and last name of the user.