MIMWAL: Add new users to default groups


I recently started to have a look on the Microsoft Workflow Activity Library (WAL or MIM/FIM WAL) that was given to public some time ago.

In my current projects I used the PowerShell activity in a lot of time to do things that can’t be done with OOB functions that comes with FIM/MIM.

One of those things is doing a one-time member add to default groups for new users. I’ve done this with PowerShell but you have to make use of the FIMAutomation cmdlets that do updates through FIM/MIM WebService and as everyone knows this is not the fastest way. I could get some performance enhancements using the Lithnet PowerShell Module.

So I took a look on how to do that with MIMWAL and here are the results:

First I get the binaries from http://aka.ms/MIMWAL and compiled it. It’s not that easy and you need some older specific DLL files in order to get it complied. Best way to do this is reading the default documentation and complete it with the hint’s of Ike’s blog post on installing MIMWAL. He has also the files as a package you need.

You need to use the Update Resource activity in a new workflow and configure it like this:

MIMWAL default groups1

The Queries part is used to do an lookup of the groups you want to add the user to. Key is a handle for the returned objects you will use to update those later on.

Since you need to modify the ExplicitMember attribute which is multivalue you must use the InsertValues function. The Target are the searched groups in the Queries part and you can reference them by using the [//Queries/Key/Attribute] xpath expression.

Thats nearly all, you can now use that workflow as an action workflow in an MPR that triggers on Create Resource of ObjectType Person.

 

Advertisements

About Peter Stapf
Senior Consultant Identity and Access MVP (Enterprise Mobility)

8 Responses to MIMWAL: Add new users to default groups

  1. shashi says:

    Thanks for Great Articles.
    I have a query, how can i remove users from Static Groups?

  2. Scott Heath says:

    RemoveValues() isn’t working for me for some reason. It just adds it back in.

  3. Anvil says:

    Hi , How to Pass the Account Name as a Parameter , or extract it from the current set

  4. Peter Stapf says:

    Which accountname are you referring to ?
    For this solution you dont need the AccountName as you put the current user object to the defined groups in the workflow activity.

  5. Anvil says:

    Hi , I have got this setup on a Set transition In & Out – Linked with separate workflows , which works perfectly. What I am after is since i will be managing many groups , I want to know how to make Group name (/Group[AccountName=’xxxxxxx’]) as a parameter. This will enable me to keep one workflow for Insert & one for remove , but will be generic enough to be used with many groups.

    Thanks
    Anvil

  6. Peter Stapf says:

    Understood.
    you can maybe have an attribute of all your default groups like isDefaultGroup and do the query on that. At least this is only a query to find the groups you want to put the user in.

    Somethink like /Group[isDefaultGroup=’true’] or similar query

    /Peter

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: