FIM 2010 Portal: Set Account Expiration to Never

Lets talk once more about the “cannot flow a null value to the MV”. So I have Account Expiration set as attribute flow from the Portal to MV to AD. Works well when you update a date or enter a new data, but what about when you want to set the date to “Never”? That means clearing the existing value. That is when you run into the null value flow rule. AD contributes to the MV field as well as FIM Portal, so if FIM Portal has nothing to contribute it defaults to the next contributor who has a value, which is AD, so nothing new flows to AD. Its really an interesting rule and some people have gotten around this by writing code for an advanced flow export for such a field. Of which I will not go into details and I have no interest in writing an advanced flow rule and especially on the outbound track. So the other option is to use workflow and set the value to Never via PowerShell.

  1. How do you capture when the AccountExpiration or ExpirationTime (which is the Portal field we are using) is cleared? Create a set of all users with ExpirationTime value, criteria prior to 1 day from today or after today
  2. Create a PowerShell script to clear the AccountExpires field
  3. Create a Workflow to run the PowerShell script
  4. Create a transition-out MPR to trigger the workflow anytime a user leaves the AccountExpires set that you created in step one.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s