With an EmployeeEndDate of 05/10/2018 01:00:00

Using this expression:
IIF(IsPresent([//Target/EmployeeEndDate]), DateTimeToFileTimeUTC([//Target/EmployeeEndDate]), 9223372036854775807)

I get 131831712000000000 back, which using http://www.datetimetoticks-converter.com or http://tickstodatetime.com shows that converts back as 05/10/0418 00:00:00, so we're losing 1600 years.

Am I misunderstanding what's expected here, or could there be a bug? I thought you could convert both ways. I'm just trying to validate what will be set in AD (I can't run an export on this system ATM to confirm)

Hello Team,

I have a problem with the Request Approval Activity, when configure this activity and run the my scenario the activity log show errors about the parameters, the some errors are:

• WAL (2.17.0414.0): 12/18/2017 13:20:45.8349: The expression '[email protected]' is invalid. (The email is correct)

• WAL (2.17.0414.0): 12/18/2017 13:20:45.8974: The expression 'EmailTemplate[DisplayName='Default pending approval email template']' is invalid.

and finally the log shows:

• WorkflowInstance 'c6eab57c-88ac-410d-a945-12708440829a' could not resolve mail message in activity 'authorizationActivity1.CreateApproval.sendApprovalEmail'. Mail was not sent.

I appreciate your help on this.

Regards

Daniel Mendoza

I need help i keep getting the error while the above two work flows are triggered.

Microsoft.ResourceManagement.WorkflowDataExchangeException: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary2.get_Item(TKey key) at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes() at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString() at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly) at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime) at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, CultureInfo locale, Guid requestor, String[] attributeNames, Boolean includeInlineRights) at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, String[] attributeNames) at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.Read(Guid objectId, CultureInfo locale, Nullable1 requestor, Nullable1 resourceTime, String[] requestedAttributes, Boolean includeRights) at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessOutputRequest(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem) at Microsoft.ResourceManagement.Workflow.Activities.ReadResourceActivity.ProcessRequestResponse(Object sender, QueueEventArgs e) at System.Workflow.ComponentModel.ActivityExecutorDelegateInfo`1.ActivityExecutorDelegateOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime) at System.Workflow.Runtime.Scheduler.Run()

Hi,
We are looking for a way to Create or Update Objects with localized Settings.
Is there a possiblity to set localized Settings for SearchScopeConfiguration or NavigationBarConfiguration for example over the MIMWAL?

Hey guys, I'm creating some unit tests to maximise confidence in the solution. I'm concentrating on the evaluated functions at the moment (ExpressionFunction.cs) I suspect it'll take a bit of work to do properly so if this isn't likely to be appreciated let me know.

I'm creating a test project with files for each class being tested. I can do a small pull request with just a couple of unit tests in for a quick check or the whole class as a stopping point, whatever's preferable.

Hi!
I've got a Generate Unique Activity to generate a unique Domino CN. I've already read the closed issue #61 posted by Fredrik Melby but I think my case is similar but I don't add extra characters next to the [//Value] in the filter and I need to understand why my implementation doesn't work.

Conflict filter: /Person[(starts-with(FullNames, '[//Value]')) and (not(ObjectID = '[//Target/ObjectID]'))]
FullNames attribute is multi valued and contains all current Domino FullName values for users to check against.

Value Expressions:

1. EscapeDNComponent(Concatenate("CN=",[//Target/FirstName]," ",[//Target/LastName]))+","
2. EscapeDNComponent(Concatenate("CN=",[//Target/FirstName]," X ",[//Target/LastName]))+","
3. EscapeDNComponent(Concatenate("CN=",[//Target/FirstName]," Y ",[//Target/LastName]))+","
4. EscapeDNComponent(Concatenate("CN=",[//Target/FirstName]," ",[//Target/LastName],[//UniquenessKey]))+","

The expressions all ends with a comma (not within the EscapeDNComponent function) in order to ensure the filter doesn't catch persons with just a similar value for FullName. The filter works great using for example a temporary Search Scope however in the activity a duplicate is not found even though it exist.
Checking against the full FullName values would be to hard to handle.

//Henrik Nilsson

The documentation is generally good but it would be far easier to understand if your examples showed the value(s) before it's processed by MIMWAL and the value(s) returned after it's processed by MIMWAL.
Cheers.

Hi everybody,

for a couple of weeks we struggling over a little problem with the Update Resource Activity.
In the Activity was a value expression like [//Target/ReferenceAttribut/MultiValueAttribute] and in the Target Expression [//Target/MultiValueAttribut] with the option Allow Null.
So we want to copy the Values of a MultiValueAttribut from one object to an other object.
If we look at the generated Requests we see, that the Attribut was updated with the Operation Type Modify instead of Add and Remove.
So the problem was, that based on this requests that subprocess (R-MPR) wasn't triggered.
Why? The MPR is configured for Add and Remove only on the Target Attribut (because it is a multivalue attribut).
So when we modify the R-MPR to Operation Type Modify, everything works well, but in the RCDC of the MPR is the following error message visible:
Policy mis-configuration: Your selection of Modify operation requires specification of single-valued attributes.

If you use the WAL-Function InsertValues or RemoveValues the OperationType of the Request will be ok (like Add or Remove).
But in our case we can't use the InsertValues or RemoveValues, because we want a complete copy of this attribut and have no updates on the value of the Source Attribut itself.

need to support to run two synchronous workflows or sequential ones.

Hello, i have action workflow that contains "Add Delay" activity,
when [//WorkflowData/Value] is used in "Timeout Duration" field, all workflow activities are executed but main request stays in PostProcessing status.

Main request ends with "Completed" status if string value (for example "00:00:30") instead of [//WorkflowData/Value] is used.

On the verify request WIKI under match conflicting request condition the //ComparedRequest lookup is improperly stated as //Target

The bad reference exist in two places. One is the screen capture and the second one is the text example below the screen capture.

I'm calling a PowerShell 3.0 script to workaround some limitations of 2.0
The workflow runs (and the script runs fine) but still results in an Error (Event ID 40403) -see content below.

WAL (2.16.0710.0): 12/03/2016 10:21:01.6126: <>c : b__68_0: The argument 'c:\set-rds.v3.ps1' to the -File parameter does not exist. Provide the path to an existing '.ps1' file as an argument to the -File parameter.

At line:11 char:15

• powershell.exe <<<< -version 3.0 -File $script -AccountName $AccountName -domain $domain

It should be Conflict Filter /Person[AccountName] = '[//Value]']

Please, clarify in the documentation that the .Net Random object is used and that the max value (end:int) never will be returned and instead max value -1 is what will be returned as max value.

Just realized this was how the Random.Next function works when home directories wasn't created in some shares.

Hi, i have a problem with the "Conflict Filter" expression when developing a workflow to generate unique email aliases. Im trying to get MIMWAL to validate the output value against existing users proxy addresses to ensure it's a unique value (ProxyAddressCollection attribute in MIM).

The server is running MIMWAL version 2.18.0318 and MIM build 4.4.1749.

The workflow is configured as this:

Value Expression 1:
RegexReplace(RegexReplace(TitleCase(NormalizeString(LowerCase(Trim([//Target/FirstName]) + " " + Trim([//Target/LastName])),"æ:a|ø:o|å:a")),"[.]\s|\s+","."),"[^a-zA-Z0-9-.]","")

Value Expression 2:
RegexReplace(RegexReplace(TitleCase(NormalizeString(LowerCase(Trim([//Target/FirstName]) + " " + Trim([//Target/LastName])),"æ:a|ø:o|å:a")),"[.]\s|\s+","."),"[^a-zA-Z0-9-.]","")+[//UniquenessKey]

Target Attribute:
[//Target/MailNickname]

I have tried different formats when configuring the Conflict Filter - but get the same error every time I trigger the workflow agains a user:

Event Log:

Conflict Filters I have tried so far:

/Person[starts-with(ProxyAddressCollection,"smtp:[//Value]@")]
/Person[starts-with(ProxyAddressCollection,"smtp:[//Value]")]
/Person[starts-with(ProxyAddressCollection,'smtp:[//Value]@')]
/Person[starts-with(ProxyAddressCollection,'smtp:[//Value]')]

The only expression that I have managed to run successfully is this where i don't start the "starts-with" operator with the "smtp:" string:
/Person[starts-with(ProxyAddressCollection,'[//Value]')]

Complete XOML of current workflow:

<ns0:SequentialWorkflow ActorId="00000000-0000-0000-0000-000000000000" RequestId="00000000-0000-0000-0000-000000000000" x:Name="SequentialWorkflow" TargetId="00000000-0000-0000-0000-000000000000" WorkflowDefinitionId="00000000-0000-0000-0000-000000000000" xmlns:ns1="clr-namespace:MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.Activities;Assembly=MicrosoftServices.IdentityManagement.WorkflowActivityLibrary, Version=2.18.318.0, Culture=neutral, PublicKeyToken=d4c6b0a02014cd86" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/workflow" xmlns:ns2="clr-namespace:MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.ComponentActivities;Assembly=MicrosoftServices.IdentityManagement.WorkflowActivityLibrary, Version=2.18.318.0, Culture=neutral, PublicKeyToken=d4c6b0a02014cd86" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:ns0="clr-namespace:Microsoft.ResourceManagement.Workflow.Activities;Assembly=Microsoft.ResourceManagement, Version=4.4.1749.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
	<ns1:GenerateUniqueValue ActivityExecutionCondition="" ActivityDisplayName="Generate unique alias" PublicationTarget="[//Target/MailNickname]" ConflictFilter="/Person[starts-with(ProxyAddressCollection,'[//Value]')]" UniquenessSeed="2" QueryLdap="False" x:Name="actionActivity1">
		<ns1:GenerateUniqueValue.ValueExpressions>
			<ns3:ArrayList xmlns:ns3="clr-namespace:System.Collections;Assembly=mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<ns4:String xmlns:ns4="clr-namespace:System;Assembly=mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">RegexReplace(RegexReplace(TitleCase(NormalizeString(LowerCase(Trim([//Target/FirstName]) + " " + Trim([//Target/LastName])),"æ:a|ø:o|å:a")),"[.]\s|\s+","."),"[^a-zA-Z0-9-.]","")</ns4:String>
				<ns4:String xmlns:ns4="clr-namespace:System;Assembly=mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">RegexReplace(RegexReplace(TitleCase(NormalizeString(LowerCase(Trim([//Target/FirstName]) + " " + Trim([//Target/LastName])),"æ:a|ø:o|å:a")),"[.]\s|\s+","."),"[^a-zA-Z0-9-.]","")+[//UniquenessKey]</ns4:String>
			</ns3:ArrayList>
		</ns1:GenerateUniqueValue.ValueExpressions>
		<ns1:GenerateUniqueValue.LdapQueriesTable>
			<ns3:Hashtable xmlns:ns3="clr-namespace:System.Collections;Assembly=mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<ns4:Int32 xmlns:ns4="clr-namespace:System;Assembly=mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">0<x:Key><ns4:String>Count</ns4:String></x:Key></ns4:Int32>
			</ns3:Hashtable>
		</ns1:GenerateUniqueValue.LdapQueriesTable>
	</ns1:GenerateUniqueValue>
</ns0:SequentialWorkflow>

It is a high chance/risk that the function RandomNumber will return the same value if it runs several times in a row in a workflow, and also if it runs at about the same time in different treads.
It would be nice if a seed was used when the class is instantiated (maybe based on thread id), and also using the same Random object within a tread if it is possible, and not recreating it for each function call.
https://msdn.microsoft.com/en-us/library/system.random(v=vs.110).aspx#ThreadSafety
Cheers

When deleting a single value expression it seems that that and all the following gets deleted.
In the example 2 and 3 gets deleted if i select to delete 2

1. NormalizeString(Left([//Target/FirstName], 3) + Left([//Target/LastName], 3))
2. NormalizeString(Left([//Target/FirstName], 3) + Left([//Target/LastName], 3))
3. NormalizeString(Left([//Target/FirstName], 3) + Left([//Target/LastName], 2)) + [//UniquenessKey]

I want to build a hash table with multiple values both single value and multi-value but when i add the multi-value in the hash it's failing when i want to do. Also tried to iterate the return value wit same result.

:Second activity
InsertValues([//WorkflowData/AddEntitlements]) -> [//Target/ActiveEntitlements]

======== Works ============
PARAM(
$AssignedEntitlements = @("+test","-av","+mv")
)

$Result = @{}
$AddEntitlements = @()
Foreach($item in $AssignedEntitlements) {
If($item.StartsWith('+')) { $AddEntitlements += $item }
}
Return $AddEntitlements

======== Failes =============
$Result = @{}
$AddEntitlements = @()
$RemoveEntitlements = @()

....Populating arrays.....

$Result.Add('AddEntitlements',$AddEntitlements)
$Result.Add('RemoveEntitlements',$RemoveEntitlements)

Return $Result

System.InvalidOperationException: There was an error generating the XML document. ---> System.InvalidOperationException: The type System.Object[] may not be used in this context. at System.Xml.Serialization.XmlSerializationWriter.WriteTypedPrimitive(String name, String ns, Object o, Boolean xsiType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterRequestParameter.Write1_Object(String n, String ns, Object o, Boolean isNullable, Boolean needType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterRequestParameter.Write8_UpdateRequestParameter(String n, String ns, UpdateRequestParameter o, Boolean isNullable, Boolean needType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterRequestParameter.Write11_RequestParameter(Object o) --- End of inner exception stack trace --- at System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String id) at System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter xmlWriter, Object o) at Microsoft.ResourceManagement.WebServices.WSResourceManagement.RequestType.AddParameter(RequestParameter parameter) at Microsoft.ResourceManagement.WebServices.WSResourceManagement.RequestType.SetRequestParameters(OperationType operation, UniqueIdentifier targetObject, List1 requestParameters) at Microsoft.ResourceManagement.WebServices.WSResourceManagement.RequestType..ctor(UniqueIdentifier creator, UniqueIdentifier targetIdentifier, OperationType operation, List1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean maintenanceMode, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable1 serviceId, Nullable1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier objectId, OperationType operation, List`1 requestParameters, Guid parentRequest) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessPutWorkItem(UpdateRequestWorkItem updateWorkItem) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)

I am using the DateTimeFromFileTimeUTC function to get the AD attribute PWD Last Set into the portal and I did something like:
[//WorkflowData/ADPWLastSet] <---- DateTimeFromFileTimeUTC([//Target/LongADPWLastSet])
[//Target/ADPWLastSet] <---- [//WorkflowData/ADPWLastSet]

Where LongADPWLastSet is defined as an integer and is CORRECTLY valued in the Portal but I get the below error when publishing the time to ADPWLastSet; ASPWLastSet is defined as a DateTime attribute.
Has anyone used that function successfully? Any idea what I am doing wrong???

Exception occurred while attempting to 'resolve' function 'System.ArgumentOutOfRangeException: Not a valid Win32 FileTime. Parameter name: fileTime at System.DateTime.FromFileTimeUtc(Int64 fileTime) at MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.Common.ExpressionFunction.DateTimeFromFileTimeUtc() at MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.Common.ExpressionFunction.Run()': 'DateTimeFromFileTimeUTC'

When performing a search, for example a query in a Update Resource s activity I would like a new function that ‘escapes’ the XPath query.

For example I have a query: [/Department[DisplayName=’[//Target/Department]’]

If the department has a single quote in its name then nothing is returned (but I don’t see an error), but the following query would work (changing the type of quote): [/Department[DisplayName=”[//Target/Department]”]

And vice-versa if the department contained a double-quote.

(I don’t know what you need to do if the value contains both a single and double quote.)

I spotted a few errors in the wiki (simple minor stuff) and want to fix it but when I fork the repository it is just the code. The guidelines for contributing say to fork the MIM WAL wiki repo. But when I go to the link https://github.com/Microsoft/MIMWAL/wiki and then click fork, I just get the same result code but no wiki.

Dear nilesh
We use the ConvertToString Function really often. In most cases to save ObjectID's in a string attribut.
On a direct mapping (of a reference attribut as Source to an string attribut as Target) MIMWAL doesn't recognize that the both field's are exactly the same. This ends up that everytime the workflow is triggered the values are generating a new request to update the string Attribut. But there is no update, because the values are the same.
This szenario can be fixed with the function ConvertToString. In this case MIMWAL recognize that both values are equal and no futher request will be committed.
The problem is, if the value are null() (because the reference attribut is not set) an exception will be throw. The same is when we set up an IIF(IsPresent()) before. MIMWAL want to try to resolve the complete statement and of course then an exception will be throw.
Does something speak against that the function ConvertToString() will not throw an exception on null valued parameter? In this case it should return null.

Best regards,
Thomas

I accidentally reset my RCDC for Workflow Edit. Does anyone have an XML that actually lets you edit the Workflow activities? The default one does not seem to allow that.

I have a use case where I need to create a new attribute dynamically. So I started out by creating an attribute and a binding via a create resources WAL activity. So far so good.

Now I would like to add this new attribute to the rcdc. I have already a function to manipulate an existing configuration data object and insert an xml element (see https://github.com/wim-beck/is4u-fim-powershell/wiki/Add-ElementToRcdc), but I cannot find a way to do this (in a simple way) with a powershell activity.
The way I would like to do this, is via a combination of a powershell script (local to the activity) manipulating the configuration data and an update resources activity to upload the data to the rcdc object.

Is running an external script my only option here?

Hi all. Jef asked if I could do some doco review - very happy to help. I've only got through the Activities section so far but wanted to post these comments - hopefully this is an ok place to do it.

Build and Deployment

Note: If you get any access denied errors from FIM Service during the creation of AIC's, you may have forgotten to correct the typo "IsAuthoriztionActivity" to "IsAuthorizationActivity" in the built-in MPR called "Administration: Administrators control configuration related resources".

I didn’t know myself that such a typo existed and I just create my own AIC policy. Is there a link to a technote about this? Rather than “You may have forgotten” instead link to the technote. (I’m surprised a patch would not have fixed this.)

Create Resource Activity

Iteration
Optional. This is a lookup or function expression returning a collection of values to iterate over. use of iteration disables publication of created resource Id ("Target for Created Resource ID") and conflicting resource Id ("Target for Conflicting Resource ID").

In the “Delete Resource” activity there is a link to the Iteration page from this sub-section.

While the activity supports iteration, it is best to refrain from creating more than one resources in a single activity.

Should be “resource” not “resources”.

Why is it best? I only ever used this activity to create single resources myself, but the functionality must be there for some reason. Would be good to add a bit more explanation about why it is recommended – the main things I can think of right now is it’s much easier to track what’s going on, and there is no chance of accidentally spawning creation of thousands of objects. Or alternatively add a comment about whatever specific use case this feature was added for and state you wouldn’t use it otherwise.

BTW this group creation example is a really good one – I’ve recently been finding out just how difficult(/impossible) something like this is for certain competitor products.

Generate Unique Value Activity

Noticed one instance of “FIMServive” on the page.

It’s good you talk about bulk updates – I got into a terrible mess trying to generate a lot of AccountNames using this activity. I think it was made even worse by SQL doing an extra uniqueness lookup for that specific attribute.

Run PowerShell Script Activity

Powershell Script User: Worth mentioning that the FIMService service account is what is used to run the script by default.

Impersonation: there were problems with that and Craig’s PowerShell activity. The end result was a reg change was needed on each FIM Service server – if you didn’t make the reg change you could only impersonate members of the local Administrators group. The fact that a logon type has to be specified makes me think this might be the same. If so it would be worth expanding on the pre-reqs for the users that can be impersonated. It’s pretty common to want to say “any”, especially when it’s the original requestor we want to impersonate.

It would be really good to have a script template as a starting point, which shows how to send parameters to the script, and how to get information back from it.

I don’t agree with the comment about not using it in productions environments – in fact sometimes you have to (like when performing Exchange activities). Sounding a note of caution about spawning lots of sessions is worthwhile however.

On the comment about things failing – I use a lot of Invoke-Expression so I can set up the command I’m going to run, log the exact command, then run it, and capture the results. Try…Catch followed by testing we got a result is very helpful too. Anything to stop the script bombing out but returning a valid status. (Another thing to include – how to return a Failed status to the workflow – I normally just Throw the error message I want the request to store – that’s with Craig’s activity.)

I don’t see anything about the changes that need to be made to be able to run the FIMAutomation cmdlets. It’s possible that the config file changes are made as part of the setup, but we also need a person object for the FIMService service account that can login to the Portal and has the appropriate rights.

Finally – something on error reporting from the scripts would be good. Eg write to log fie, write the Event Log, return RequestStatusDetail to request.

Activity Advanced Features Iteration

Supported Activities does not mention Delete Resource.

Hi Nilesh

We struggling over an issue in the last days, where the actual release not resolve [//Request/Target]. In older Versions in case of a PostProcessing Request after a Object Deletion the Target Object ID could be resolved over the Request (Attribute Target).
This is only in a constellation of a CompositeRequest, and there it is the same if it is a PostProcessing after deletion or modify.
We tried [//Request/Target], [//Request/RequestParameter/Target] and of course [//Target] but in case of a PostProcessing after a Deletion that can't be used successfully.

We haven't yet invest time to look into the Source Code. But do you know, if this is an result of the investment from Version v2.16.0320.0?

We want to know your opinion before we invest many hours in this.

Thanks a lot for you answer
Thomas

I tried to check mailNickname and userPrincipal name. The MIMWAL just ignores the mailNickname. The userPrincipalName is causing an error: "The expression 'Objectclass=user)(ObjectCategory=Person)(userprincipalname='[email protected]'' is invalid."

The LDP filter works fine with Get-AdUser.

Hello,
I just tried installing MIMWAL on MIM installed separately - portal in machine A, MIMService on machine B.
Started from MIMService on machine B and installation went successfully posting error regarding not installed portal. OK so far.
Went to Portal machine A where register.ps1 failed attempting loading FIMAutomation. (WHY?)
Added one, ran again, pile of errors appeared, but MIMWAL looks to get installed correctly :)
I feel that some ordering of operation within the script and loading FIMAutomation only if really needed may help to get clean install on both machines.

Hi,
the example on the wiki page https://github.com/Microsoft/MIMWAL/wiki/DateTimeFormat-Function

should be
DateTimeFormat(DateTimeNow(),"dd/MM/yyyy HH:mm:ss.ffff")

instead of
DateTimeFormat(DateTimeNow(),"dd/MM/YYYY HH:mm:ss.ffff")

I used FIMWAL2 for years for all workflows and upgraded to MIMWAL 2.17.0927.0
Now I recognised very slow MIM WAL Workflows and no parallel processing
The workflows in essence are using the UpdateResource activity to:

• Lookup DomainConfiguration object to set Domain and DomainConfiguration for users and groups
• Do some regex to get parts of a string attribute to set other string attributes
• Do a BitOr operation on an integer value to set a Boolean attribute in the portal

There are approximately 50.000 objects to to be changed in bulk by two different workflows.
I tested it on a machine with the following specs:

• 8 cores and 8 GB RAM
• 16 cores and 16 GB RAM
• 64 cores and 64 GB RAM
  SQL is installed on a different machine.
  It made no difference. The processor load on the MIM server was immediatly up to 100%.

The problem is, that we reach nearly 100% processor usage while just 2-4 workflows run per minute. No significant network or SQL load.
For me it seems like I do something in the workflows that locks SQL or runs through a single thread in the request processor.

The only way I found to reduce the processor load and to get a bit more workflows per minute was to set the max… values in the Microsoft.ResourceManagement.Service.exe.config

We do not have any Authentication workflows in this scenario. We also do not have any parts of Authorization in the action workflows hit by the problem.

Thanks in advance
Henry

It might be nice to update the https://github.com/Microsoft/MIMWAL/wiki/build-and-deployment page to tell the newbies where to find the dlls that they need to copy.
Go to server with FIM Service Installed
Go to c:\Windows\Assembly\ to find
Microsoft.IdentityManagement.WebUI.Controls.dll
Microsoft.IdentityManagement.WFExtensionInterfaces.dll
Go to Program Files\Microsoft Forefront Identity Manager\2010\Service to find
Microsoft.ResourceManagement.dll
Microsoft.ResourceManagement.WorkflowContract.dll

Hello,

We are trying to create a get a unique AccountName by following the informations in :
https://github.com/Microsoft/MIMWAL/wiki/Scenario---Generate-Unique-Account-Name
and we use Values Expression below:
Left([//Target/LastName],19)+Left([//Target/FirstName],1)
Left([//Target/LastName],18)+Left([//Target/FirstName],1)+[//UniquenessKey]
with different Substr argument (19, 18) we have an generated exception with executed MPR related to our WF:

System.Collections.Generic.KeyNotFoundException: La clé donnée était absente du dictionnaire. à System.ThrowHelper.ThrowKeyNotFoundException() à System.Collections.Generic.Dictionary2.get_Item(TKey key) à Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes() à Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString() à Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly) à Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime) à Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Boolean& endOfSequence) à Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, CultureInfo locale, Guid requestor, String[] attributeNames, Boolean includeInlineRights) à Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, String[] attributeNames) à Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.Read(Guid objectId, CultureInfo locale, Nullable1 requestor, Nullable1 resourceTime, String[] requestedAttributes, Boolean includeRights) à Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessOutputRequest(RequestType request) à Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request) à Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request) à Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request) à Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch) à Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request) à Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy) à Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem) à Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)

The akward thing is that when we use the same argument in the two value expression we donn't have this error, thanks for cheking this.

Regards

when running a workflow for a set of users to generate unique account name value , it is getting erros?
so how can i generate account names for a number of users in a set in MIM?

In the Eq function, I'm assuming that the compareCase parameter has a default value of False? It might be good to state this in the documentation.

https://github.com/Microsoft/MIMWAL/wiki/Eq-Function

DeleteResources activity wiki page indicates it can be used in an AuthZ workflow, but it is not marked as such (IsAuthorizationActivity=false on AIC).

The FIM R2 build 4.1.3496 (KB2906832) which you recommend for the MIMWAL compile has been been removed from Microsoft.
Is the next build as good, or can you provide a download link?

Is it possible to create unique Account Names for Security Groups via the WAL? I do not want my users entering the Account Name for Security Groups and would rather have the Account name generated by either a unique 20 character string or the group name provided (all spaces and special characters would be replaced with an underscore).

When using the Send Email Notification Activity in the workflow either with OOB email template or with custom template, the following error is logged in the event viewer and no email is sent by MIM:

WAL (2.17.0414.0): 07/03/2017 13:32:35.5210: The expression '/EmailTemplate[DisplayName = 'Service Account Created']' is invalid.

I have tried the suggested workaround using the ObjectID mentioned at https://social.technet.microsoft.com/Forums/en-US/730297fd-59f5-4676-90d4-3d04ef60cbbe/the-expression-emailtemplatedisplaynamedefault-timed-out-request-email-template-is-invalid?forum=Mimwal but it does not solve the issue and same error appears in event viewer. If using an incorrect display name of the email template, then a different error is logged which is certainly correct as it says that the template cannot be found.

hello , any help in the update from fimwal2 to mimwal!!
also im nt finding the folder of fimwal2 on the server although fimwal is installed

The https://github.com/Microsoft/MIMWAL/wiki/build-and-deployment page states that Visual Studio 2017 cannot be used to build the project. However I seem to been able to use the project fine with VS 2017 after installing .net 3.5 on the computer and following the instructions at: https://code-coverage.net/windows-workflow-foundation-build-errors-in-visual-studio-2017/.

We are using ExecuteSqlNonQuery to write workflow results to SQL. Additionally, when errors occur, we send emails (send email activity)

As far as i can tell, when the send email activity is called, the workflow seems to get serialized. Serialization fails if there are SqlParameters present in the workflow.

The following error is logged in the request and in eventlog:
Type 'System.Data.SqlClient.SqlParameter' in Assembly 'System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' is not marked as serializable
We can work around the issue by setting all the parameters to Null():

Can we add this to the documentation or fix it? Did cost us some time in debugging...

I have a PowerShell workflow that is failing to run even with the simplest of PowerShell scripts. Every run returns:

Error Invoking PowerShell script. Error: 'Cannot find the type for custom attribute 'Parameter '. Make sure that the assembly that contains this type is loaded.'

The named parameter being provided is "input" with the expression [//Target/DisplayName]
The script being run is:

Param(
    [Parameter (Mandatory=$true)]$input
)

"Test File" | Out-File c:\temp\testfile.txt
$input | Out-File c:\temp\testfile.txt

Referencing to this thread:
https://social.technet.microsoft.com/Forums/en-US/708bd498-2085-4503-9f02-88cea2464303/mimwal-send-individual-mail-for-every-member-added-to-a-group?forum=Mimwal

Little bit more detailed info:

So we have a case where we want to send email for a user added to a security group. The email should contain user specifig info about the user itself for example like a username. Also there might be a need for send that email for example an manager or some other person but not the user added to the group.

All those things could be done currently when we are adding one user. But when we are adding more than one user, it is inpossible to send an individual email with any personal info.

Hi, As PowerShell version 2 is now deprecated is MIM and MIMWAL going to be updated so that can utilise a later version of the .NET framework so that it can support powershell v3.0 and later?

https://blogs.msdn.microsoft.com/powershell/2017/08/24/windows-powershell-2-0-deprecation/

https://github.com/Microsoft/MIMWAL/wiki/Lookups references CreatedDate. The correct name of the attribute is CreatedTime
https://msdn.microsoft.com/en-us/library/windows/desktop/ee652451(v=vs.100).aspx

Here is a bit from the page:
Examples
• [//Request]
• [//Request/CreatedDate]

I've noticed that it's possible to convert a datetime to its string value but not the other way around.
I'm trying to fill an attribute with a default date (epoche time) so i can compare it later with a recent one.

Thanks

Hi,
While using the powershell activity, when importing explicitly or just using get-aduser this event is thrown:

WAL (2.16.0320.0): 06/14/2016 12:57:12.9461: <>c : b__68_0: The 'C:\Windows\system32\WindowsPowerShell\v1.0\Modules\activedirectory\activedirectory.psd1' module cannot be imported because its manifest contains one or more members that are not valid. The valid manifest members are ('ModuleToProcess', 'NestedModules', 'GUID', 'Author', 'CompanyName', 'Copyright', 'ModuleVersion', 'Description', 'PowerShellVersion', 'PowerShellHostName', 'PowerShellHostVersion', 'CLRVersion', 'DotNetFrameworkVersion', 'ProcessorArchitecture', 'RequiredModules', 'TypesToProcess', 'FormatsToProcess', 'ScriptsToProcess', 'PrivateData', 'RequiredAssemblies', 'ModuleList', 'FileList', 'FunctionsToExport', 'VariablesToExport', 'AliasesToExport', 'CmdletsToExport'). Remove the members that are not valid ('HelpInfoUri'), then try to import the module again.

At line:139 char:22

•     Import-Module <<<<  activedirectory
  

Hi All,

I have tried to use Delete Resources Activity to update linked resources (not by explicit reference, but logically linked by some attributes). So I used Target Lookup to get a DisplayName of deleting Resource and got PostPrecessingError during Activity execution. After I had tried to lookup different attributes of deleted resources and use it in Notification message to see values and I got very interesting results:

• [//Target] returns an ObjectID of deleted resource;
• [//Target/ObjectID] returns nothing;
• [//Target/DisplayName] returns nothing;
• etc, all other attributes of target returns nothing :(

I found workaround using of DisplayName of Request - this attribute contains information about deleted Resource and it is possible to get this information by simple text operations.

Maybe it is significant: Resources that I tried to delete was a custom resources.

The link the the .NET Framework 3.5 SDK takes you to a Microsoft page that says the download is no longer available.

The issue is the PS Credential username format should be able to be specified using DOMAIN\USERNAME or UPN (USER@DNSDOMAIN) format.