FIM 2010 R2 Portal: Filtering the Manager Field

I want to create a set for all users that have the Manager field filled in. Sounds simply enough, except that FIM Portal does not allow filtering on reference fields in a general context for Sets and Groups. You can put “If Manager = ‘Tom Brown'” but you can’t put “If Manager = /Person”. Here is a work around solution

1.    Create a new User attribute called “IsManagerPresent”. Add the attribute to the MPR – Admin can Update Users. Add it to the Admin Filter Permission.
2.    Create a workflow called “All Users with Manager”. Check ROPU. Workflow Activity, add the function Evaluator to check if Manager is present, if it is then set value to “True” else “False”.
Activity Name: Set Manager is Present
Custom Expression: IIF(IsPresent(Manager),”True”,”False”)
3.    Create an MPR called “All Users with Manager”. Type:Set-Transition. Set is “All People”, Attach the workflow “All Users with Manager”. Once MPR is created the workflow will run and update all Users in the Portal.

Now what about when someone’s Manager is deleted in the Portal so the manager field is blank, Or if someone who is a member of the All people set, has the Manager field filled in but the IsManagerPresent field says false. We need some control to do maintenance on the process.
4.    Create a Powershell script that will do an XPath filter, “/Person[Manager != /Person and IsManagerPresent = ‘True’]”. It will update the IsManagerPresent field for users that had a Manager and no longer have the manager field filled. In the same script, another XPath filter, “/Person[Manager = /Person and IsManagerPresent = ‘False’]”. It will also update the IsManagerPresent field for users that had the IsManagerPresent field set to false and the Manager is added.  This script can run nightly or any frequency you like.

So you can now do filters for your groups and sets on the IsManagerPresent field.

Advertisements

One thought on “FIM 2010 R2 Portal: Filtering the Manager Field

  1. Pingback: FIM Portal 2010: Filtering on a Date Time Field | tlktechidentitythoughts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s