Monday, July 23, 2012

Chasing References in FIM

Polyarchy has been one of my favourite tools that never shipped from MMS 3.0.  I was happy to see it mentioned by Kim Cameron in a really neat post lately:

Yes to SCIM.  Yes to Graph

Kim talks of the value of references in the data, mainly to show us the importance of the new Graph API but it also pertains to FIM 2010.  Today in FIM 2010 we can query the web service using XPath as the filter dialect.  It turns out to be pretty powerful in its ability to traverse references.  When the schema is designed correctly, the references in the objects can make easy work of rather sophisticated queries.  Unfortunately some of that sophistication is tamed for performance reasons in FIM Set definitions – but otherwise you can still issue some pretty useful queries.

For example, suppose a Request was submitted to create a Group object.  FIM gets busy creating objects to track the workflow and approvals.  On completion, we can use the relationships to easily get detail about the actors, such as this query to get the approver of the request:

$XPathFilter = @"









Export-FIMConfig -only -CustomConfig $XPathFilter | Convert-FimExportToPSObject

The output of the above command is the Person object that approved the Request.

ObjectID    : urn:uuid:d51a311e-ehaa-eheh-98c3-c788b4b55154

AccountName : hoofHearted

CreatedTime : 7/23/2012 6:09:24 PM

Creator     : urn:uuid:306f4a58-ec2c-4a6b-aa9a-6b34ee7588d3

DisplayName : Hoof Hearted?

Domain      : IceMelted

Email       :


ObjectType  : Person

As much as I’ve enjoyed learning about XPath, I can’t believe it has an enduring future in the product.  If FIM follows AD then I believe the time spent with WS.* will be short lived as the Graph API is all about OData/REST.  It seems the journey has been LDAP –> XPath/WS.* –> OData/REST.

No comments: