Scenario Generate Unique Account Name
Generate Unique Value (Account Name)
**Generate Unique Value (Account Name):**This workflow is used to create a Unique Value to be set as the value of the Account Name in the FIM Portal which will then be used to during the provisioning of the user in Active Directory. This Workflow performs a look up using an LDAP Query to AD as well as within the FIMService DB itself for all users to determine if the value that is being created is unique. When using the Generate Unique Value workflow activity you have the option to perform the LDAP Query as it is not required to create a unique value but if you are creating users or resources for an external data source. Such as AD it would be recommended to add the LDAP Query, without the query you will create an object with the value to be used for Account Name in the FIM Portal (FIMService DB) as unique but there is no guarantee that the value will be unique in the Data source that this object will be provisioned to even if all users are believed to be in the portal. Additionally I would add this workflow activity as part of a workflow that is used when creating new users, this is to ensure Workflow integrity and controlling order of operations.
| Generate Unique Value | |
|---|---|
| Activity Display Name | (Type the name you wish to call this Activity) Generate Account Name |
| Activity Execution Condition | For this example leave it this field blank) |
| Target for Generated Value | [//Target/AccountName] |
| Conflict Filter | /Person[AccountName'[//Value]'] |
| Query LDAP for conflicts | **This option when selected can be used to determine uniqueness of an attribute on an object that is not yet in the FIM Portal, for example if using this workflow to create a User with a unique Account Name that will be provisioned to Active Directory and not all of the users in your environment are in the FIM Portal you would want to use this to do an LDAP Lookup to Active Directory and verify that a user with the suggested Account Name (samAccountName) does not already exist.**If this option is not selected only objects with in the FIMPortal will be used to determine Uniqueness. |
| LDAP Queries | True |
| Directory Entry Path | LDAP://DC=Contoso,DC=com |
| LDAP Filter | (&(Objectclass=user)(ObjectCategory=Person)(samaccountname=[//Value])) |
| Uniqueness Key Seed | Enter a Value to be used as the starting point to generate a Unique ValueIn this Example we entered the number 2 |
| Value Expressions | |
| [//Target/FirstName]+"."+[//Target/LastName] | |
| [//Target/FirstName]+"."+Left([//Target/MiddleName],1)+"."+[//Target/LastName] | |
| [//Target/FirstName]+"."+Left([//Target/MiddleName],1)+"."+[//Target/LastName]+[//UniquenessKey] | |
| Considerations | In the Above Examples If Middlename does not exist the account would be created as such First..Last which in most cases would not be the desired result. An option to validate isPresent for Middle Name would be as foolows [//Target/FirstName]+"."+[//Target/LastName] [//Target/FirstName] + "." + IIF(IsPresent([//Target/MiddleName]), Left([//Target/MiddleName],1), "") + IIF(IsPresent([//Target/MiddleName]), ".", "") + [//Target/LastName] [//Target/FirstName] + "." + IIF(IsPresent([//Target/MiddleName]), Left([//Target/MiddleName],1), "") + IIF(IsPresent([//Target/MiddleName]), ".", "") + [//Target/LastName]+[//UniquenessKey] ** ** |