Monday, February 28, 2011

Debug information in Management Agents and Workflows

When I write custom workflows or XMA's for ILM 2007 and FIM 2010, I like to include a lot of logging to enable customers to debug if something happens - and of course for debugging when I'm testing the code.

I usually use System.Diagnostics.Debug.WriteLine to write to the attached debugger, i.e. Mark Russinovich's DbgView or similar. The nice thing about System.Diagnostics.Debug.WriteLine is that the code will be ignored once you compile a Release build. However, recently a customer of mine would like to have this debug information stay in and be processed even in the Release build.

So how do you go about this without rewriting the logging code entirely?

Tadada, System.Diagnostics.Trace.WriteLine to the rescue. Using Trace.WriteLine instead of Debug.WriteLine make sure that the code is processed no matter the build type.

Friday, February 4, 2011

Lookup value in FIM 2010

This workflow is now part of the FIM 2010 Granfeldt Workflow Activity Library

UPDATE: Just updated this to support other target attribute types than strings. Get the latest version. Also, you can use my PowerShell script instead of GACUTIL to put assemblies in the cache.

I'm pleased to announce that my custom workflow for looking value in the FIM portal has now been tested and released for public use.

I find this workflow interesting because you often have to populate values on users based on some other attribute. This workflow has many interesting features, i.e. you could lookup a OU for the user based on the department and have the list of OU's be maintained in the FIM Portal it self - or as the example shows below, you could have a list of "pretty names" for your cost centers and populate the CostCenter attribute based on a CostCenterId flowed from i.e. the HR system.

Parameters are -

XPathFilter: The Lookup filter for getting the value, i.e. /Person[starts-with(AccountName, 'D')]; if your query returns more than one result, the value from the first result will be used
Attribute Name: The name of the attribute that you want to get the value from (for now only single-value attributes is supported (and tested); go ahead and try with multi values if you dare...
Destination: This is where you want to put the found/extracted value (workflow has been tested with target attributes of string and numbers).

You should note that the look up is done as the Built-in Synchronization Account (so make sure that that guy can read the objects in question (in the XPath filter) and the update of the target attribute is done as the requester, so again make sure that the correct permissions are present there. Future version may include options to specify context.

To add the workflow to the portal, you'll need this information about the Activity information configuration

Display name: Lookup Attribute Value
Activity Name: Inceptio.FIM.Activities.LookupAttributeValueActivity
Description: Using XPath query looks up value in FIM
Assembly Name: Inceptio.FIM.Activities, Version=, Culture=neutral, PublicKeyToken=fbba0d5fa1bd8867
Authentication, Action, Authorization: <anyone>
Type Name: Inceptio.FIM.Activities.WebUIs.LookupAttributeValueActivitySettingsPart

So how do I get the software? There are two .DLL's to put in your GAC and they can be downloaded here. Please let me know, if you have any problems with the workflow or any feature request.

Wednesday, February 2, 2011

FIM 2010 Rollup Hotfix package (build 4.0.3573.2).

The Forefront Identity Manager team has released a new rollup hotfix package (build 4.0.3573.2). The Knowledge Base article ( describes the changes.
Long awaited is the fix for the casing problem, which is included and most interesting is the asynchronous export option for the FIM MA to enable performance boost.

Looking forward to testing this rollup hotfix.

Also remember to check up these hotfixes, if you haven't done so already -