The first custom workflow activity I wrote was one to select a unique value from a list of possible values placed in WorkflowData variables. I’ve now re-written this as a PowerShell script to use with the open source FIM PowerShell activity.
The script here just checks again the Portal, but it would be a simple modification to make it check against AD instead/as well.
Setting up the Workflow
First you have to get the FIM PowerShell activity installed. See here for the extra steps I did to get it working with the FIM PowerShell cmdlets.
The script expects to find one or more options in WorkflowData parameters. Here is what the Workflow definition looks like:
Â
The options are just Function Evaluators:
Then the FIM PowerShell activity calls my script:
The Script
###
### Generate Unique
###
### Called using FIMPowershell Workflow Activity.
### Parameters:
### -ObjectType The Object Type to be checked
### -AttributeName The Attribute to be checked for uniqueness
### -LogFile Verbose logging to a log file if specified
###
### WorkflowData: The FIM Workflow must provide one or more WorkflowData values to be checked in turn.
###
### The first unique option found will be written back to \\Target\AttributeName
###
PARAM($ObjectType,$AttributeName,$LogFile)
### Get FIMPowershell.ps1 from http://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx
. E:\FIM\scripts\FIMPowerShell.ps1
### The password for the account to use running the scripts must be saved to a file readable by the FIM Service account.
### Execute the following command as the FIM Service account:
### read-host -assecurestring | convertfrom-securestring | out-file encrypted.txt
$PWFile = 'E:\FIM\scripts\WF\encrypted.txt'
$AdminAccount = "fimadmin"
if ($LogFile -ne $null) {$Verbose = $true} else {$Verbose = $false}
if ($Verbose) {get-date | out-file -FilePath $logFile -encoding "Default"}
##
## Create credential to use when running commands against the FIM service
##
if ($Verbose) {"Creating credential object for account $AdminAccount" | add-content $logFile}
$password = get-content $PWFile | convertto-securestring
$UserCredential = New-Object -Typename System.Management.Automation.PSCredential -Argumentlist $AdminAccount,$password
###
### Get the Request Details
###
if (-not $fimwf)
{
$msp = "Failed to get workflow details from the FIM Request"
if ($Verbose) {"Error: " + $msg | add-content $logFile}
Throw $msg
}
$ReqGUID = $fimwf.RequestId.Guid
if ($Verbose) {"RequestID: $ReqGUID" | add-content $logFile}
$TargetGUID = $fimwf.TargetId.Guid
if ($Verbose) {"Target: $TargetGUID" | add-content $logFile}
###
### Get the WorkflowData
###
if ($Verbose) {"Getting WorkflowData" | add-content $logFile}
if ($Verbose) {$fimwf.WorkflowDictionary | Out-String -Width 100 | add-content $logFile}
$options = $fimwf.WorkflowDictionary
foreach ($option in $options.Values)
{
$filter = "/" + $ObjectType + "[" + $AttributeName + "='" + $option + "']"
$obj = Export-FimConfig -Custom ($filter) -OnlyBaseResources -Credential $UserCredential
if ($obj -eq $null)
{
$returnOption = $option
if ($Verbose) {"$option is unique" | add-content $logFile}
break
}
else
{
if ($Verbose) {"$option is not unique" | add-content $logFile}
}
}
if ($returnOption -ne $null)
{
if ($Verbose) {"Updating Target $AttributeName with value $returnOption" | add-content $logFile}
$importObject = ModifyImportObject -TargetIdentifier $TargetGUID -ObjectType $ObjectType
SetSingleValue $importObject $AttributName $returnOption
$importObject | Import-FIMConfig -Credential $UserCredential
}
else { Throw "Failed to find a unique value"}
