An interesting take on the Replay MA idea came to me that I want to share today.
So far the published use cases for this idea have been restricted to the ‘replaying’ of the FIM Service MA alone – such as dealing with ‘skipped-not-precedent’ issues and the like. This post is about a different more topical scenario – specifically the need to manage Office 365 licence allocations based on AD group membership. In this case, the customer wants to manage allocations based on group membership managed through a (non-FIM) 3rd party tool … and FIM Synchronisation (via the AAD connector) is being tasked the job of translating membership changes to license allocation changes for Office 365.
The problem with this is two-fold:
- The API for assigning licenses works on the basis of what licenses do you NOT want a user to get (a topic for another day); and
- The delta is on the GROUP object when you actually need a delta on the USER (member) objects.
Solution? Simple … replay the delta import of your source ADDS MA, and map the member user objects to your FIM Metaverse to ‘touch’ these MV objects and trigger your export attribute flow to AAD/Office 365. There you have it … a kind of freebie version of the traditional ‘Auxiliary MA’ idea from MIIS/ILM days.