MIM 2016/FIM 2010 R2: Attribute flow rules, extensions and reference values


Let me talk briefly about a reference value. Take a reference value as a pointer or a hologram. Lets say I was doing a conference call where the computer is projecting my image from my current location to the people in the conference room, it’s not really me, but it’s a pointer to me. So just like with my hologram image, there is a limit to what you can do, for example you cannot push me out of the room if I start going off point (ha-ha). Similarly, with a reference value, you cannot really treat it like a “real” value. Enough said, lets dive in.

Here are the extension rules for Reference attributes in MIM

What you cannot do

  • Inbound into the Metaverse:
    You cannot use an extension to flow a value into a Metaverse reference attribute.
  • Outbound from the Metaverse:
    You cannot use a Metaverse reference as a source for an extension rule.

What you can do

  • Inbound into the Metaverse:
    You can use an extension to flow a reference attribute to a non-reference attribute.
  • Outbound into the Metaverse: You can use an extension to flow a non-reference attribute to a reference attribute.

The scenario

I have an HR feed which has the manager employeeid. In the HR Feed, I have declared the manager attribute as a reference attribute. I have made HR.Manager to be authoritative for AD.Manager. Here are my requirements

  1. If employeestatus is Active, flow the HR.Manager value to AD.
  2. If employeestatus is Terminated, delete the value in the MV and AD. HR does not remove the manager value in its own records on termination.

Proposed solution

  1. Create a new MV.Person string attribute called “HRFeedManager”.
  2. In the HR feed MA use import rules extension and flow the HR.employeestatus, HR.Manager to the MV.Person.HRFeedManager. In your code do an Ldap search and get the Samaccountname of the manager if employee status is “Active”. If employeestatus is “Terminated” delete the MV.Person.HRFeedManager (mventry[“HRFeedManager”].Delete).
  3. In the AD Feed MA, use export rules extensions and flow MV.employeestatus, MV.HRFeedManager to AD.Manager. In your code if employeestatus is “Active”, use this method and convert the MV.HRManager to a reference value and flow that to the AD.Manager. If employeestatus is “Terminated”, delete the AD.Manager (csentry[“Manager”].Delete)