Monday, October 7, 2013

Quick tip on using the Lookup Value activity

In a current project, I'm using FIM 2010 to manage local administrator permissions (see more in this post).

I always turn to my trusted workflow library to speed up deployment and this time I'm making heavy use of the Lookup Value activity. Below you can see a screenshot of a real life workflow that is making use of this activity and running at the FIM installation.

This workflow runs whenever the username (coming in as text from a CMDB) on a computer object is changed. It then does a lookup to find the ObjectID of a user matching the accountname specified on the computer object as the primary username. Finally, it updates the attribute ComputerPrimaryUser (a reference attribute) with the reference ID of the user - effectively linking the computer to the user.

Subsequently, this reference attribute is sync'ed all the way through to Active Directory and ends up in the member attribute of an Active Directory group that is used to give a user local administrator access on a specific computer. Also, I've changed the RCDC for user editing and viewing to list all linked computers.

Hopefully after finishing up this project, I'll update the CodePlex library with a few more generic workflows.

No comments: