Created
October 2, 2018 20:31
-
-
Save jkbryan/9414b3859e66c6ac5d3250513a632cad to your computer and use it in GitHub Desktop.
mv-extension-find-odd-users.vb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If MyADADMAConnectors = 0 And HRMAConnectors > 0 Then | |
'This bit applies to ID's that are coming from HR - New users - a user should be provisioned here.... | |
'what would follow is the code to created the various attributes needed for that new user... | |
End If | |
If MyADADMAConnectors = 0 And HRMAConnectors = 0 And FIMMAConnectors > 0 Then | |
'This point looks for ID's that exist only in the portal - there shouldn't be any right now, | |
'but in the future, I want to be able to create new service accounts via the portal. | |
'So, as there shouldn't be any of these now, lets just raise an error: | |
Throw New Exception("Something odd going on here - remnant in FIM only?") | |
End If | |
If MyADADMAConnectors = 1 Then | |
adDN = mventry("adDN").Value 'this is constructed as part of the HR input sync | |
DN = ADMA.CreateDN(adDN) | |
'There is already an AD connector, so... | |
csentry = ADMA.Connectors.ByIndex(0) | |
'If the expected DN has changed change it in AD too | |
If Not csentry.DN.ToString.ToLower.Equals(DN.ToString.ToLower) Then | |
csentry.DN = DN | |
End If | |
'Check for real people who have been previously provided by HR (they have an EndDate), | |
'who have become disconnected from the HR PersonAssignment table. | |
'i.e. they have been deleted but the message has not been passed on! So, raise an | |
'error to ensure that the user is manually deleted from AD and FIM. | |
'We only care about those who have an EndDate, as all service accounts and some particular | |
'Users do not have an EndDate - for example those who have historically been added, but are no longer referenced in HR. | |
If HRMAPAConnectors = 0 Then | |
If mventry("employeeEndDate").IsPresent Then | |
Throw New Exception("User in AD, but not in HR - possible duplicate deleted but not informed!") | |
End If | |
End If | |
If MyADADMAConnectors > 1 Then | |
'There should never be anything except 0 or 1 MyADADMAConnectors, so raise an error. | |
Throw New UnexpectedDataException("Multiple MyADADMAConnectors:" + MyADADMAConnectors.ToString) | |
End If | |
End If |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment