ShouldProjectToMV and boolean flag setting Example
Another thing that I messed about with while “making FIM fit”…
I wanted to manage certain non-real people accounts. I did not need them to be present in the portal, as the code would manage the accounts alone. Therefore I needed to project them to the MV for the code to take effect.
To do this, I created a copy of the person object, trimmed a few unnecessary attributes – the new object was called “functionalID”
Now, after bringing those ID’s in as functionalID’s, I realised that some of the administrative accounts needed access to the portal to manage the real user accounts. So, I exported all functionalID’s to the portal, they were not visible, as the portal did not know what to do with them. After fiddling about, extending the portal schema and creating MPR’s etc. I was able to view and manage those ID’s. However, I wanted the administrative ID’s to be able to log into the portal to do their day to day work.
Trying to login with an Administrative ID did not work! I made sure that all of the required attributes were present in the portal for those accounts (https://social.technet.microsoft.com/Forums/en-US/04ea0c9d-0e31-4027-b035-fc20b9501a46/enabling-fim-portal-access-for-a-regular-ad-user-account), but still the accounts could not login to the portal.
Now annoyingly I can’t find the link, but to summarise it stated that only person type objects could login to the portal! Thus, my copy of person type would never be able to login! Arrhhh!
So, a little rethink….. treat all functionalID’s as functional’s except those that were in the OU containing the Administrative ID’s that I wanted to have access to the portal – treat them as person objects – as shown below:
However, after all this I decided that it was far simpler to just treat all ID’s as person objects, and then flag those that were functional’s (with a boolean flag). That flag is then used to manage the accounts in code and can be used to exclude those accounts from view in the portal. Flag setting is done on the import from AD, using specific strings within the DN as the criteria: