I would like to ensure that if someone creates an account with an already used mail nickname or Unix user id, the account creation fails. Is it possible to configure an uniqueness validation for an attribute, like the built-in validation for the AccountName attribute? I know that it's possible to configure the portal so that it checks for the uniqueness of an attribute upon creation, but if I understood correctly it's a portal feature, and I need to make sure that the attribute is unique even if the user is not created through the portal (e.g. with a PowerShell script). Thanks, Paolo Paolo Tedesco - http://cern.ch/idm

If you make creation using powershell, you can check for uniqueness before make the creation like this (part of Markus script) : $exportObject = export-fimconfig -uri $URI ` –onlyBaseResources ` -customconfig "/Person[DisplayName='$PersonName']" If($exportObject) {Throw "L:Person already exists: $PersonName"}

Hi Franck, thanks for your answer, but that's not the same thing: if I run twice the script with the same parameters, it might happen that script #1 and #2 run the query, they both find out that the value is not used, and both create a person with the same display name. What I would like is FIM to enforce the attribute uniqueness in the same way it does with the account name.Paolo Tedesco - http://cern.ch/idm

You can try to create a custom activity that act during Authorization and do the check here. However, this is just a reporting problem since the workflow execute in parallel, may be the 2 requests can check at the same time the target attribute.