So, you want to set the groupType attribute on an AD group but all you have to work with are the scope and type attributes on the ILM 2 group object. To make matters worse, they are both String types and the groupType attribute wants an Integer. To solve this problem you need to assemble the value based on the values present in scope and type. To understand what you need to assemble you should review the schema definition for groupType. We need to create a mapping in our Sync Rule that transforms the data on the fly, so let us see if Codeless Provisioning is up to the task.
Now this approach might seem like the logical way to approach this:
IIF(CustomExpression(Eq(scope,"Global")),2,0)
+
IIF(CustomExpression(Eq(scope,"DomainLocal")),4,0)
+
IIF(CustomExpression(Eq(scope,"Universal")),8,0)
+
IIF(CustomExpression(Eq(type,"Distribution")),0,2147483648)
…but it doesn’t work. When you concatenate values together they are always concatenated as strings. What we need to do then is to nest the IIF statement like so:
IIF(Eq(type,"Distribution"),IIF(Eq(scope,"Universal"),8,IIF(Eq(scope,"DomainLocal"),4,IIF(Eq(scope,"Global"),2,0))),IIF(Eq(scope,"Universal"),-2147483640,IIF(Eq(scope,"DomainLocal"),-2147483644,IIF(Eq(scope,"Global"),-2147483646,0))))
…but it’s not exactly intuitive. There are currently no arithmetic functions for adding two Number values, nor are there any functions to add date values; both of which are major oversights for the current release. Below is an example of the Outbound Sync Rule; however the groupType value is not displayed accurately. 
You should be able to copy and paste the above rule directly into the flow definition once you choose CustomExpression:
Voila – now you no longer need two separate Sync Rules to flow one attribute. Thanks go to David Lundell and Andreas Kjellman for helping to puzzle this one out.
0 comments:
Post a Comment