is it possible to create a link between different MV objects, like between person and computer in FIM 2010? i have users data source with "computer name" as one of the attributes of the user objects, and another data source for computers with "computer name" and "computer SN" as attributes, mapping computer data source to computer object, and user data source to person object. person object already extended with new two attributes for person which are "computer name" and "computer serial". I need to connect between person object and computer object using computer name as a link. thus exporting the following data: computer serial computer name user name1 user name2 do you have any idea? Thank you for your help. Please Note: for single computer, there might be different users. in other words, in users list there are many users with the same computer name

This should give you an idea hao to solve the issue. /Matthias/Matthias

You can't manipulate Reference attributes in Flow Rules. Your choice is either to set them in a FIM Workflow or to export them to SQL and them build the relationships in a view that you import in another MA. I've done both ways. What are you attempting to do with them?Eric

thanks for your replies. i know we need to use ref. attributes, but they should be in the same connector space, or, ref. attributes to the same type of objects. in case i used a workflow, how to get the ref. values of another objects? my question was just an example, my problem is to provision users based on attributes from different resources.

You may be able to get away with using Utils.FindMVEntries, but on the whole I prefer to move such complexity outside of the Sync Service itself. So you could either use the Portal, or you could use a seperate database where you aggregate the relavant data and then use an SSIS package to churn the data and set one or more flags which your prov code then uses in provisioning decisions. I like this approach because it is very easy to see if the flags are set correctly outside of the sync service, and you won't be trying to debug your extension code to track down problems. Also you can change your provisioning rules later without changing the provisioning code. See this for more on this subject: http://www.wapshere.com/missmiis/keeping-provisioning-logic-out-of-the-provisioning-codehttp://www.wapshere.com/missmiis

I'm trying not write code, and using the portal, yet I need some help in this. HOW to use the Ref. attributes in FIM 2010 Portal? any help is appreciated

I have chosen this approach export them to SQL and them build the relationships in a view that you import in another MA and it worked perfectly! Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------------------ "Eric Huebner" wrote in message news:794a5b49-f980-46f0-8a1a-28c5869e7621... You can't manipulate Reference attributes in Flow Rules. Your choice is either to set them in a FIM Workflow or to export them to SQL and them build the relationships in a view that you import in another MA. I've done both ways. What are you attempting to do with them? Eric Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)

another SQL server is not an option for me.

just an additional SQL DB using views against the MV is enough. No need for extra SQL server Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------------------ "knowledgeSeeker01" wrote in message news:73f2692c-0dce-4cea-8cd4-f2235952ea45... another SQL server is not an option for me. Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)

and how I will fill the DB?

create a DB and make sure it has the same COLLATION as the DB for the SYnc Engine Create a VIEW with the correct query to the MV. Make sure to use WITH (nolock) For example: SELECT DISTINCT FIMSynchronizationService.dbo.mms_metaverse.object_id AS uniqueID, FIMSynchronizationService.dbo.mms_metaverse.object_type AS objectType, FIMSynchronizationService.dbo.mms_metaverse.displayName, FIMSynchronizationService.dbo.mms_metaverse.accountName, FIMSynchronizationService.dbo.mms_metaverse.employeeID,FIMSynchronizationService.dbo.mms_metaverse.domain FROM FIMSynchronizationService.dbo.mms_metaverse WITH (nolock) INNER JOIN FIMSynchronizationService.dbo.mms_lineage_cross_reference WITH (nolock) ON FIMSynchronizationService.dbo.mms_metaverse.object_type_lineage_id = FIMSynchronizationService.dbo.mms_lineage_cross_reference.lineage_id INNER JOIN FIMSynchronizationService.dbo.mms_management_agent WITH (nolock) ON FIMSynchronizationService.dbo.mms_lineage_cross_reference.ma_id = FIMSynchronizationService.dbo.mms_management_agent.ma_id WHERE (FIMSynchronizationService.dbo.mms_metaverse.object_type = N'person') AND (FIMSynchronizationService.dbo.mms_metaverse.domain = N'MY-AD-DOMAIN') AND (FIMSynchronizationService.dbo.mms_metaverse.employeeID <> N'') this is just an example of a SQL query. You have to create your own SQL query so that you get the data you would like to see Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------------------ "knowledgeSeeker01" wrote in message news:a03b81c5-9bec-4ccc-b941-5695f9c4362a... and how I will fill the DB? Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)

Thank you, it seems a good option, but I think doing this through portal will give me more flexibility. there should be a stright forward way to do it through portal, right? how to do it through portal?

it depends on your requirement I had to do this during initial load when transferring data from AD to the FIM portal. My customer had normal user accounts and application accounts. Application accounts specified the user account in some string attribute that owned the application account. Because you cannot use advanced flows for reference attributes I just flowed everything one-to-one to the MV. Then with a SQL DB and SQL Views I created real references between the objects and flowed everything to the FIM portal. This was only needed during initial load as AFTER that the FIM portal was authoritative and thats where it was done Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------------------ "knowledgeSeeker01" wrote in message news:48afb23d-80c7-4e50-a769-816c42129c00... Thank you, it seems a good option, but I think doing this through portal will give me more flexibility. there should be a stright forward way to do it through portal, right? how to do it through portal? Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)

in my case, the input data sources are authoritative all the time. there are updates in all of them. for example, user names are from one source, and department from another one, this valid for every new user.

how I can do it in the portal?

HOw I can do this in a workflow?

this is a link between the same object type, I'm looking for a link between different types of objects. in many places in the forum, they said this can be done through a workflow, but I didn't see in anyplace how it can be done through workflows? unless they mean custom workflow.

the problem with approch it is static, and when you change anything you need to change the view. I need a solution that dpeneds enirly on FIM or FIM portal without coding.

As I understand your problem you want to create a link between a user and some other custom object class, but you only have the name that uniquely identifies that object as a string type attribute of your user schema ... you want to detect whenever this string attribute changes, and update a "shadow" user attribute of type reference. Right? OK - if you have to do this in the portal then the approach I would use requires just one generic custom activity to perform a FIM db look up (FIM Query dialect) of a custom FIM object class by a unique string name (e.g. DisplayName). This then writes the ObjectID of the returned FIM object to the WorkflowData collection (e.g. MyCustomObjectID). Once I have this activity I would use would then go about the job as follows: Create a metaverse schema object for your referenced custom object type (e.g. Computer) Create a matching FIM schema object class Give the sync engine full rights to this new object class Add all necessary admin filters for attributes of your new object class Define import sync rules to for each object attribute, and direct export attribute flows in your FIM MA Define a workflow which requires two activities in sequence: (a) your custom (generic) lookup activity to perform any valid xpath query dialect expression and write the result to //WorkflowData/MyCustomObjectID (b) the FIM Function Evaluator to write //WorkflowData/MyCustomObjectID to //Target/MyCustomReferenceID Define an MPR which fires your workflow whenever there is a change to the string attribute made by the Sync Engine Of course you could perform step 6 in a single custom activity, but then you might have trouble making it generic ... I have found the above approach works for me (always writing to WorkflowData in the first step). I know you're not going to like having to write any code, but short of finding someone else to do this bit for you, there isn't an alternative that I can think of which does this OOTB (out of the box).Bob Bradley, www.unifysolutions.net (FIMBob?)

it seems it can't be done without writing some code. if this is true, I think this is one of the lacks of FIM 2010 that you can't use the reference attributes between objects natively.