2 Way Account Expires Rules Extension


Updated 3/25/2016

The following is C# code that can be used to build a Rules Extension to be applied to the ADMA which converts the following:

1. accountExpires attribute on a user in AD to the Employee End Date attribute in the Portal

2. Employee End Date of a user in the Portal to the accountExpires attribute in AD.

Pre-Requsite

  • Create the following custom attribute in the metaverse if it does not already exist
     Name  Attribute Type
     employeeEndDate  Indexed String

The following code is pulled from the Rules Extension -MAExtension Post

 

Management Agent Attribute Flow

 

When setting the attribute flow be sure to verify that you are selecting the correct Flow Direction and Mapping Type of Advanced

Attribute Flow

accountExpires  <-  employeeEndDate           cd.user:accountExpires<-mv.person:employeeEndDate

accountExpires  -> employeeEndDate            cd.user:accountExpires->mv.person:employeeEndDate

 

To Convert the accountExpires attribute to the employeeEndDate in the metaverse to be exported to the FIM Portal add the following piece of code is required within the “void IMASynchronization.MapAttributesForImport” section

#region cd.user:accountExpires->mv.person:employeeEndDate
case “cd.user:accountExpires->mv.person:employeeEndDate”:
if (csentry[“accountExpires”].IntegerValue == 0 || csentry[“accountExpires”].IntegerValue == 9223372036854775807)
{
// This is a special condition, do not contribute and delete any current value
mventry[“employeeEndDate”].Delete();
}
else
{
DateTime dtFileTime = DateTime.FromFileTime(csentry[“accountExpires”].IntegerValue);
mventry[“employeeEndDate”].Value =
dtFileTime.ToString(“yyyy’-‘MM’-‘dd’T’HH’:’mm’:’ss’.000′”);
}
break;
#endregion // cd.user:accountExpires->mv.person:employeeEndDate

 

If you are setting the employeeEndDate in the FIM Portal and you wish to update the accountExpires attribute in Active Directory than you need to add the following code within the “void IMASynchronization.MapAttributesForExport” section

#region cd.user:accountExpires<-mv.person:employeeEndDate
case “cd.user:accountExpires<-mv.person:employeeEndDate”:
CultureInfo provider = CultureInfo.InvariantCulture;

if (mventry[“employeeEndDate”].ToString() != “”)
{
//DateTime dtFileTime = DateTime.ParseExact(mventry[“employeeEndDate”].Value, “yyyy’-‘MM’-‘dd’T’HH’:’mm’:’ss’.000′”, provider);
DateTime dtFileTime = DateTime.Parse(mventry[“employeeEndDate”].Value, provider);

csentry[“accountExpires”].IntegerValue = dtFileTime.ToFileTime();
}
break;
#endregion

 

If you wish to be able to set the accountExpires or the employeeEndDate value from either Active Directory or the FIM Portal you will need to make this bidirectional. This can be accomplished by having both pieced of the above code in place as well as setting equal precedence in the Synchronization Service for the employeeEndDate attribute for the Peron object.

equalPrecedence

## http://blogs.msdn.com/connector_space ##

DateTimeAttributes.txt

Comments (0)

Skip to main content