What? No State…?
Something that I’ve always found peculiar is that “State/province” is not a default attribute in the MIM Portal. One of the main Directory Services systems that we synchronize with is Active Directory (AD). AD has “State/Province” because it’s useful information to include with a user’s identity. And when deploying MIM to an organization, one of the objectives is to provision users from the MIM Portal. In this blog post, I will detail the steps required to add State/province to the MIM Portal to make this possible.
Note: We are assuming that you have already configured user provisioning from the MIM Portal to AD and simply need to add the State attribute to the MIM Portal and synchronize the new State attribute to AD.
Create new Attribute/Binding in the MIM Portal
- From the MIM Portal, select Administration –> Schema Management –> All Attributes
- From the Schema Management – All Attributes menu, select New
- Create a new attribute with the following properties:
System name: State
Display Name: State/province
Data Type: Indexed string
- Select Administration –> Schema Management –> All Bindings
- From the Schema Management – All Bindings menu, select New
Resource Type: User
Attribute Type: State
Ensure that the MIM Sync Service is evaluating the “st” attribute
- Open the MIM Sync Tool and select the properties of the AD Management Agent
- Navigate to Select Attributes
- Ensure that “st” is checked
Configure attribute mappings
- Using the MIM Sync Tool, select the properties of the MIM MA
- Click on Configure Attribute Flow and Select Object Type: Person
- Add attribute Import mappings as follows:
Data source attribute: State
Metaverse attribute: st
Update your AD User Outbound Portal Sync Rule
- Using the MIM Portal, edit the AD User Outbound Synchronization Rule.
- On the Outbound Attribute Flow tabe, add the following:
Update MPR to allow for synchronization of the new attribute
- Open the MIM Portal and navigate to Administration –> Management Policy Rules
- Search for “Synchronization: Synchronization account controls users it synchronizes”
- Open the properties of the MPR and select the Target Resources tab
- Add “State” to the list of specific attributes
Edit RCDC for User Create and Edit to add State
Showing you how to edit the RCDC so that the new State attribute shows up in the User create and User Edit forms is out of scope for this blog posting. There are plenty of “How to” articles on the internet that can be followed.