This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Business Problem: It is very common for educational facilities to have employees with multiple job roles or to work in multiple locations. In terms of MIIS this implies that job description and job location attributes have to be multi-valued. This paper demonstrates how use Group Populator in a situation where an organization wants to define groups based on job description and job location, and those attributes may be multi-valued. Based on my experience typically HR systems deal with this scenario by defining one single-valued attribute for the primary job and another multi-valued attribute for the secondary jobs. For locations the same logic is followed.
Solution Walkthrough
Assumption: Group Provisioning environment is already established in accordance with
Microsoft Identity Integration Server 2003 Group Creation and Provisioning Walkthrough
http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/grpcreateprov.mspx
1. Within HR database we will need to define a view of the following format
This view may contain multiple records per employee since it is possible to have multiple secondary jobs and work at multiple locations.
2. Extend MIIS schema to add two additional multi-value attributes SecondaryJobTitle and SecondaryJobLocation to the Person Object
3. Modify HR Connection Agent property by specifying a view which was created in step 1 in the mult-ivalue table field (this paper assumes that HR database is using SQL Server, but this scenario could be adjusted to work with any relational database that MIIS supports)
4. Switch to the Configure Columns section of the HR connector and click on Multi-value
5. Fill-in the multi-value form according to the screen-shot below
6. Switch to the Configure Attribute Flow section of the HR and two additional direct import mappings for secondaryJobTitle and secondaryOfficeLocation
7. Save changes to the HR connector
8. Run Full Sync Profile for the HR connector
9. Validate that new attributes got propagated into Metaverse by conducting a search
10. In order to simplify future group definitions create a view in MIIS database that links mms_metaverse and mms_metaverse_multivalue tables on the object_id field. Since MIIS stores multi-valued values in a different table, this step will allow for simpler group definitions (no need to define join statements in the where clause).
11. Define a group in the MIIS group definition database
For the purposes of this example let’s assume that we want to define a group “Admin Leads in
The select clause for this group definition would look something like this
select object_id, displayname from mms_metaverse where title = 'Lead Administrative' and location = '
union
select object_id, displayname from mulToMeta_VW where string_value_indexable = 'Lead Administrative'
AND
object_id in (select distinct object_id from mulToMeta_VW where string_value_indexable = '
The first part of the query will get all employees whose primary job title is Admin Leads and job location is
Open SQL Enterprise Manager and navigate to MIIS_Group_Populator database. Open table GroupDefinitions and define a group Admin Leads in
For the clause paste only the part of the query after the first where, in our example:
title = 'Lead Administrative' and location = '
union
select object_id, displayname from mulToMeta_VW where string_value_indexable = 'Lead Administrative'
AND
object_id in (select distinct object_id from mulToMeta_VW where string_value_indexable = '
12. Run GroupPopulatorSync.cmd
13. Validate that the group was created in the Metaverse
14. Run export profile for the Active Directory Connector
15. Validate that a new group with the appropriate members got created in AD
