I was recently helping someone new to FIM come to grips with the multivalued attribute (MVA) table. The MVA table can be used to populate a multi-valued attribute—in a common scenario, this would be the member attributes of a group object.
Although there are good write ups on how to do this for those familiar with FIM, step by step instructions seemed helpful for those just learning.
Create the data source tables in SQL
1. Create a tblGroup table. This table serves as the data source for the objects that have a multivalued attribute.
GroupName (varchar)
ObjectType (varchar)
values are:
Group1Name | Group
Group2Name | Group
2. Create a tblGroupMVA table. This table holds values that should go into the multivalued attribute on the objects in tblGroup above. The idea is to have the object id, the name of the multivalued attribute and one value for the multivalued attribute in each row. So, a group with three members would have one row in tblGroup and three rows in tblGroupMVA.
GroupName (varchar)
AttributeName (varchar)
AttributeValue (varchar)
values are:
Group1Name | member | User1
Group1Name | member | User2
Group1Name | member | User3
Group2Name | member | User1
You will want the values in the GroupName column to match as they will serve as the anchor attributes later on.
3. Create the SQL MA.
tblGroup is the main table
tblGroupMVA is the Multivalue table
Set Anchor: GroupName
Specify object type: group
Configure multi-value:
– Attribute name column: AttributeName
– String attribute column: AttributeValue
Click New and enter:
– Name: member
– Type: string
– Reference (DN) selected
Configure Join and Projection Rules: Add a Projection Rule and a join rule on GroupName = accountName
Configure Attribute Flow: Select a group object and added these flows:
GroupName => accountName
member => member
Once you run a sync, you should be able to see the multivalued attribute on the group object. It will look like this if it has more than one value:
Clicking the button with the ellipse will show you the values in the multivalued attribute:
In your real implementation, you may have many more attribute flows or have another MA completely for the rest of the attributes, reserving this MA to only process the multivalued attributes you need (there are some indications that performance is better that way). For the next steps, there’s a good walk through on creating the groups in AD here: https://technet.microsoft.com/en-us/library/ff686261(WS.10).aspx It explains in detail how the group membership gets provisioned in AD from FIM.
