Fabrikam has a policy that ensures all groups have unique aliases. A database in an external system keeps track of all the aliases that have been assigned to groups in Fabrikam. Whenever a new group is created, or has its alias modified, the group’s alias is verified against the external system for uniqueness. After the group is created, the new alias for the group is added to the external system.
In the middle of one typical weekday, the FIM Services servicing group management requests lose connectivity to the external system tracking the group aliases. This connectivity issue results in several outcomes:
Ichiro, the administrator for the FIM Service, does not immediately become aware of the connectivity issue. By the time the connectivity issue is resolved, Ichiro realizes there may be a large number of requests affected by the issue. Ichiro first identifies the requests that were denied because of the connectivity issue.
From his previous step, Ichiro discovers that a large number of users were affected by the connectivity issue. Since there is no way for Ichiro to restart these failed authorization workflows, these users need to resubmit their requests. Ichiro decides that he wants to notify the users that they may need to resubmit their requests, due to the temporary connectivity issue. In order to notify the users, Ichiro needs the ability to either extract the list of users from the FIM Portal and paste them as the recipients of an email message in Outlook, or he needs to create a new set with the users as members so that he can create a new retroactive policy to send an email notification to these users.
Ichiro’s next step is to identify the requests whose alias reservation action workflow failed because of the connectivity issue.
From his previous step, Ichiro discovers that a large number of groups have not had their alias reserved. The alias reservation workflow does not need any information from the Request that triggered it, since it reads the alias to reserve from the group itself. Ichiro uses the “run on policy update” feature to retroactively apply a policy that reserves the alias for all the groups identified in his previous step.
To re-run the failed action workflows, Ichiro has developed the following script.