Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Creating a Rules Extension
Page 1 | Page 2 | Page 3 | Page 4

Note:? All references to MIIS in this article also apply to IIFP.

Introduction

In my third, and currently final, article in the setting up IIFP/MIIS series I will cover creating a rules extension to create users in the target domain.? In Part 1 I covered setting up IIFP and Part 2 covered creating MAs to sync attributes between two domains for existing users.? After creating the rules extension in Visual Studio 2003 we will modify the target domain MA created in Part 2 to allow it to create users also.

Visual Studio and MIIS

MIIS provides the framework for object and attribute flow between directories and connected data sources.? Part of this framework is the MIIS metaverse that stores a copy of objects and the attributes that are available to management agents.? Without writing or using someone else?s code, MIIS is only able to get and set attributes on existing objects and use basic rules to process those updates.? In order to create objects or use more advanced rules than those provided in the MIIS, UI code must be written.? With MIIS 2003 w/ SP1 only code written in Visual Studio .NET 2003 using VB.NET or C# is supported.? Visual Studio 2005 will work with MIIS if the update to SP1, covered in KB842531, is installed; KB884192 for IIFP.? .

Code created in Visual Studio can be used in multiple places in MIIS.? One central DLL can be used for everything, or different DLLs can be used by individual MAs.? The steps below assume IIFP, or MIIS, and Visual Studio (VS) 2003 .NET with VB.NET support have been installed on the same machine.? In a production environment, VS might be installed on a different machine and the DLL would need to be copied to the MIIS server.

Creating a Visual Studio Project for MIIS

The first step is to create a project that will store the code used by our rules extension.? In this case, we will use a central DLL that both MAs can share.

A.     Enabling a rules extension and creating a VS project

1.      Open up Identity Manager

2.      Goto Tools\Options?

3.      Click Enabled metaverse rules extension

4.      Click Enable Provisioning Rules Extension

5.      Click the Create Rules Extension Project? button

a.       Confirm the following options are shown on the Create Extension Project screen

b.      Click OK

?        This will launch Visual Studio 2003 with a template project and sub code in it.

B.     Creating a Rules Extension in Visual Studio

1.      In Visual Studio you should have the MVExtension project open. ?To the right in Solution Explorer, double click on ?MVExtension.vb?

?        This will open the code for MVExtension.vb. ?In it you will see three subroutines and one function.?

2.      Overview of MVExtension

a.       Sub Initialize
This sub is called whenever the rules extension is loaded, normally by a MA during a run.

b.      Sub Terminate
This sub is called before the rules extension is unloaded, normally after 5 minutes of non-use.

c.       Sub Provision
This sub is called when an object changes in the metaverse.? It is passed the object currently being processed by the MA.? This is the sub that we will be modifying.

d.      Function ShouldDeleteFromMV
This function is called when a connector is disconnected in the metaverse during an import operation.? This function can be used to delete or change objects by using code. ?This requires that the MA has its deprovisioning option set to ?Determine with a rules extension.?

e.       Addition Subs can be added that are called when Join or Projection rules are evaluated

3.      Adding support to Sub Provision to create users in the AD

a.       Delete the following lines

' TODO: Remove this throw statement if you implement this method

Throw New EntryPointNotImplementedException()

b.      Copy the code below into the Sub Provision between ?Public Sub Provision?? and ?End Sub?

?        This code was based on code in a whitepaper by Oxford Computer Group that includes multiple scenarios on using MIIS with a text file, SQL, and AD.? For more details, see their whitepaper ?Provisioning with Microsoft Identity Integration Server 2003", available at: http://www.oxfordcomputergroup.com/ocg_/images/resources/Provisioning%20with%20MIIS%201.0.pdf

If mventry("cn").IsPresent Then

? Dim csentry As CSEntry

? Dim dn As ReferenceValue

? Dim rdn As String

? Dim ParentContainer As String = "OU=Users,OU=CTU,DC=domainC,DC=izzy,DC=org"

? Dim Connected_AD_MA As ConnectedMA

 

? Connected_AD_MA = mventry.ConnectedMAs("Target Domain")

? 'Construct the dn

? rdn = "CN=" + mventry("cn").Value

? dn = Connected_AD_MA.EscapeDNComponent(rdn).Concat(ParentContainer)

 

? If Connected_AD_MA.Connectors.Count = 0 Then

??? csentry = Connected_AD_MA.Connectors.StartNewConnector("user")

??? csentry.DN = dn

??? csentry("unicodepwd").Values.Add("Passw0rd!")

??? csentry("userAccountControl").Values.Add("512")

??? csentry.CommitNewConnector()

 

? ElseIf Connected_AD_MA.Connectors.Count = 1 Then

??? 'Grab the existing connector and reset the dn (it might have changed)

??? csentry = Connected_AD_MA.Connectors.ByIndex(0)

??? csentry.DN = dn

? End If

End If

Creating a Rules Extension
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008