I want to create a set for all users that have the Manager field filled in. Sounds simply enough, except that FIM Portal does not allow filtering on reference fields in a general context for Sets and Groups. You can put “If Manager = ‘Tom Brown'” but you can’t put “If Manager = /Person”. Here is a work around solution
1. Create a new User attribute called “IsManagerPresent”. Add the attribute to the MPR – Admin can Update Users. Add it to the Admin Filter Permission.
2. Create a workflow called “All Users with Manager”. Check ROPU. Workflow Activity, add the function Evaluator to check if Manager is present, if it is then set value to “True” else “False”.
Activity Name: Set Manager is Present
Custom Expression: IIF(IsPresent(Manager),”True”,”False”)
3. Create an MPR called “All Users with Manager”. Type:Set-Transition. Set is “All People”, Attach the workflow “All Users with Manager”. Once MPR is created the workflow will run and update all Users in the Portal.
Now what about when someone’s Manager is deleted in the Portal so the manager field is blank, Or if someone who is a member of the All people set, has the Manager field filled in but the IsManagerPresent field says false. We need some control to do maintenance on the process.
4. Create a Powershell script that will do an XPath filter, “/Person[Manager != /Person and IsManagerPresent = ‘True’]”. It will update the IsManagerPresent field for users that had a Manager and no longer have the manager field filled. In the same script, another XPath filter, “/Person[Manager = /Person and IsManagerPresent = ‘False’]”. It will also update the IsManagerPresent field for users that had the IsManagerPresent field set to false and the Manager is added. This script can run nightly or any frequency you like.
So you can now do filters for your groups and sets on the IsManagerPresent field.