Hi all,
I've implemented a sync rule for groups according to this article http://technet.microsoft.com/en-us/library/ff686936%28v=ws.10%29.aspx
The article describes the following:
"When you import unmanaged group information from AD DS into FIM, you need to initialize the membershipLocked attribute. The best practice recommendation is to set this attribute to false.
The next attribute that you need to initialize is the membershipAddWorkflow attribute that should be set to Owner Approval."
I've configured to constant flows for the attributes membershipAddWorkflow=OwnerApproval and membershipLocked=false.
I now would like to create some dynamic criteria based groups in the FIM portal. Creation and export to AD works fine as long as I don't reimport them because they are changed due to the inbound sync rule to manually managed groups.
Standard manually managed groups will still be created in AD directly, not in FIM.
How can I achive that criteria based groups stay criteria based groups even after an import run from AD.
A custom expressions like
IIF(Eq(membershiplocked,Null()),“false“, membershiplocked)
IIF(Eq(membershipAddWorkflow,Null()),“ownerapproval“, membershipAddWorkflow)
does not help because membershipLocked and membershipAddWorkflow are of course no AD attributes.
Thanks for you help
Best regards
Chris