Writing a Rules Extension to Provision User Objects to the ADMA from Objects in the HR Database MA

Writing a Rules Extension to Provision User Objects to the ADMA from Objects in the HR Database MA


You want MIIS to provision objects to the ADMA's connector space based on objects in the HR Database MA.


There are three steps to provisioning:

  1. Writing a rules extension

  2. Configuring a run profile

  3. Executing the run profile

In this recipe you will write a Provisioning-Rules-Extension. MIIS will help you with the initial project creation. In Recipe 23.1, refer to (6) in Figure 23-2, which shows objects being provisioned from the metaverse to the AD connector space.

  1. Open Identity Manager.

  2. From the menu select Tools Options.

  3. In the Options dialog click the Create Rules Extension Project button.

  4. Ensure the Create Extension Project dialog looks like Figure.

    Dialog for creating the Metaverse Provisioning Rules Extension

  5. Click OK.

  6. In Visual Studio.NET, double-click MVExtension in the Solution Explorer.

  7. The first few lines of the code pane should look like this:

    	Imports Microsoft.MetadirectoryServices
    	Public Class MVExtensionObject
    	    Implements IMVSynchronization

  8. Navigate to the section that looks like this:

    	Public Sub Provision(ByVal mventry As MVEntry) Implements
    	        ' TODO: Remove this throw statement if you implement this method
    	        Throw New EntryPointNotImplementedException( )
    	    End Sub

  9. Modify it to contain the following code:

    	Public Sub Provision(ByVal mventry As MVEntry) Implements _
    	    Dim container As String
    	    Dim rdn As String
    	    Dim ADMA As ConnectedMA
    	    Dim numConnectors As Integer
    	    Dim myConnector As CSEntry
    	    Dim csentry As CSEntry
    	    Dim dn As ReferenceValue
    	    ' Ensure that the cn attribute is present.
    	    If Not mventry("cn").IsPresent Then
    	        Throw New UnexpectedDataException("cn attribute is not present.")
    	    End If
    	    ' Calculate the container and RDN.
    	    container = "CN=users,DC=rallencorp,DC=com"
    	    rdn = "CN=" & mventry("cn").Value
    	    ADMA = mventry.ConnectedMAs("rallencorp.com")
    	    dn = ADMA.EscapeDNComponent(rdn).Concat(container)
    	    numConnectors = ADMA.Connectors.Count
    	    ' create a new connector.
    	    If numConnectors = 0 Then
    	        csentry = ADMA.Connectors.StartNewConnector("user")
    	        csentry.DN = dn
    	       csentry("unicodePwd").Value = "Password1"
    	    ElseIf numConnectors = 1 Then
    	        ' If the connector has a different DN rename it.
    	        myConnector = ADMA.Connectors.ByIndex(0)
    	        myConnector.DN = dn
    	        Throw New UnexpectedDataException("Error: There are" + _
    	        numConnectors.ToString + " connectors")
    	    End If
    	End Sub

  10. Notice the highlighted entries "CN=users,DC=rallencorp,DC=com". You will need to enter your own domain and container information here.

  11. Notice the highlighted entry mventry.ConnectedMAs("rallencorp.com"). You will need to modify this to your own ADMA name.

  12. From the file menu select Build Build Solution.

  13. Open Identity Manager.

  14. From the menu select Tools Options.

  15. In the Options dialog, click Browse.

  16. Select MVExtension.dll, and click OK to close the Options dialog.


Because you can use any .NET programming language, MIIS is very flexible in a multiteam environment. Like many modern systems, it is not great programming skills that help you build good rules with MIIS, it is experience and familiarity with the object model. It is well worth getting to know the MIIS object model. Many novices spend hours or days coding a function only to find there is a method already on the object that already does the thing they have spent all their time on.

See Also

Recipe 23.1, Recipe 23.4 describes how the code in this recipe is triggered, and Recipe 23.13 for setting up the HR Database MA to project objects to the metaverse. Remember it is projection that triggers provisioning

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows