Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  FIM 2010 R2: Creating a Custom Metaverse Object Deletion Rule Using C#

FIM 2010 R2: Creating a Custom Metaverse Object Deletion Rule Using C#

FIM 2010 R2: Creating a Custom Metaverse Object Deletion Rule Using C#

Table of Contents



I recently wanted to create a custom object deletion rule, and searched for some sample code on the Web that I could reuse. Since I could not find any pertinent code, I had to build my solution from scratch. I decided to share my knowledge so that others may benefit. You must use caution when creating custom object deletion rules; your logic should be well thought out; properly designed and thoroughly tested.

Overview

Contoso is our sample multi-forest Exchange organization. There is an Exchange forest and two user account forests. The Exchange forest is known as Contoso and it also contains user accounts. There are mailboxes for users in the Contoso forests and linked mailboxes for users in other forests. Contoso uses FIM to synch all its forests with a remote system.

Contoso would like the following requirements for the Metaverse (MV) Person Object

  1. For mailboxes of users local to Contoso forest, delete the MV object if the user is deleted in Contoso
  2. For mailboxes in Contoso forest linked to users in non-Contoso forests, delete the MV object if user is deleted in Contoso
  3. For mailboxes in Contoso forest linked to users in non-Contoso forests, DO NOT delete the MV object if user is deleted in non-Contoso
  4. For user accounts without mailboxes in Contoso or non-Contoso forest, delete the MV object if the user is deleted in the forest
  5. Deleting the MV object will delete the user in the remote system.

Solution requirement

  1. We need an attribute to identify a Contoso user and a non-Contoso user.
  2. We need an attribute to identify a linked mailbox.

Contoso synchronization information

  1. Every Contoso user synced must have a valid User Principal Name (UPN) field.
  2. Each UPN value is unique to the local forest.
  3. For linked mailboxes the UPN from the user forest will overwrite in the MV the UPN supplied by Contoso forest.
  4. Every linked mailbox will have the MsExchMasterAccountSid attribute which will also be imported into the MV (You need to create a custom person attribute to flow this into the MV).

Proposed design

  1. The UPN field will be used to identify if a user is from Contoso or non-Contoso forest
  2. The MsExchMasterAccountSid attribute will be used to identify linked accounts
  3. Check if the MV object UPN value contains ?@Contoso.com?. If it does it is a local Contoso user.
  4. Check if the Connector Space (CS) object UPN value contains ?@Contoso.com?. If it does it is a local Contoso user.
  5. Check if the MV object has MsExchMasterAccountSid attribute is present. If it is present then it is a linked mailbox.

Code logic

The MV Object deletion extension code will be triggered whenever a CS object is deleted or disconnected. Based on design above.

  1. If (3) is true and (5) is false, it is a local Contoso forest mailbox or non-mailbox user, delete the MV object.
  2. If (3) is false and (5) is false, it is a non-Contoso forest non-linked mailbox user, delete the MV object.
  3. If (4) is true and (5) is true, it is linked mailbox in Contoso, delete the MV object
  4. If (4)  is false and (5) is true, it is a user from non-Contoso forest with linked mailbox, do NOT delete the MV object

MV Extension Object deletion code

 
bool IMVSynchronization.ShouldDeleteFromMV(CSEntry csentry, MVEntry mventry)
{
    bool deleteNow = false;
    bool IsMsExchMastPresent = false;
    bool IsUPNValueContainContoso = false;
    bool IsCSUPNContainContoso = false;
 
    // Does the MVEntry have MsExchMasterAccountSid, if it doesn't then it is not a linked account 
    if (mventry["MsExchMasterAccountSid"].IsPresent)
    {
        IsMsExchMastPresent = true;
    }
    Logging.Log("IsMsExchMastPresent is " + IsMsExchMastPresent, true, 2);
 
    //Does the MVEntry UPN contain "@Contoso.com"
    int stringsearchMVforContoso = mventry["userPrincipalName"].StringValue.IndexOf("@contoso.com");
    if (stringsearchMVforContoso > 0)
    {
    IsUPNValueContainContoso = true;
    }
    Logging.Log("IsUPNValueContainContoso is " + IsUPNValueContainContoso, true, 2);
 
    //Does the CSEntry UPN contain "@contoso.com"
    //Logging.Log("csentry userPrincipalName is " + csentry["userPrincipalName"].StringValue, true, 2);
    int stringsearchCSforContoso = csentry["userPrincipalName"].StringValue.IndexOf("@contoso.com");
 
    if (stringsearchCSforContoso > 0)
    {
        IsCSUPNContainContoso = true;
    }
    Logging.Log("IsCSUPNContainContoso is " + IsCSUPNContainContoso, true, 2);
 
    // Delete it if not from Contoso and it isn't linked
    if ((IsMsExchMastPresent == false) & (IsUPNValueContainContoso == false))
    {
        deleteNow = true;
    }
    //DO NOT Delete it if linked mailbox and the disconnected CS is from non-Contoso
    else
    if ((IsMsExchMastPresent == true) & (IsCSUPNContainContoso == false))
    {
        deleteNow = false;
    }
    //Delete it if linked mailbox and the disconnected CS is from Contoso
    else
    if ((IsMsExchMastPresent == true) & (IsCSUPNContainContoso == true))
    {
        deleteNow = true;
    }
    // Delete it if from Contoso and non-linked mailbox
    else
    if ((IsMsExchMastPresent == false) & (IsUPNValueContainContoso == true))
    {
        deleteNow = true;
    }
    //return value now.
    return deleteNow
}

 

, , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 1 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 19 Sep 2013 7:21 AM

    TNJMAN edited Revision 10. Comment: Minor corrections

  • 19 Sep 2013 7:17 AM

    TNJMAN edited Revision 9. Comment: syntax and placement corrections

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 18 Aug 2013 5:09 PM

    Nice article, but may benefit from code formatting

  • Posted by
    on 11 Sep 2013 2:36 PM

    Looks like code is now formatted. Great article

  • Posted by
    on 15 Sep 2013 10:35 PM

    Congrats on winning the gold medal in the August TechNet Guru contest! blogs.technet.com/.../technet-guru-awards-august-2013.aspx

  • Posted by
    on 17 Sep 2013 8:59 PM

    We featured this article on the home page of TNWiki!

  • Posted by
    on 19 Sep 2013 6:55 AM

    Nice indeed.

  • Posted by
    on 19 Sep 2013 7:17 AM

    TNJMAN edited Revision 9. Comment: syntax and placement corrections

  • Posted by
    on 19 Sep 2013 7:21 AM

    TNJMAN edited Revision 10. Comment: Minor corrections

  • Posted by
    on 19 Sep 2013 7:22 AM

    Excellent work. Maybe put in a "See Also" section, with references to a couple of related articles.

  • Posted by
    on 19 Sep 2013 8:54 PM

    Very nice article! Thank you very much for sharing this knowledge.

Page 1 of 1 (9 items)