Adding a When Modified Time Stamp to Identity Manager Resources


Unfortunately FIM/MIM does providea last modified datestamp and so this tutorial will guide a FIM/MIM customizer through the steps required to add and update a Last Modified attribute on any required object.

1) Before we begin. You will need to follow and install the following two solutions:-

The PowerShell Workflow Activity

The PowerShell Module for FIM

Note: Please ensure you add the FIM Service Account as a credential using this post. You need to consider the context running the PowerShell in the Workflow Activity and that the context has sufficient permissions via Management Policy Rules.

2) Create a new script file called user-update-lastmodified.ps1 using the Snippet Below:-

Note: You will need to point the user-update-lastmodified script at the PowerShell Module for FIM obtained above.

Note: This sample is for a User (Person) if needed for other object types change -ObjectType to what ever you need. Example:- -ObjectType Group

# Store the Workflow Object ID
$ObjectID = $fimwf.TargetID
# Import the FIM PowerShell Module
import-module C:\MIM_DATA\Workflows\FimPowerShellModule.psm1
# Format the Date
$LastModified = Get-Date 
$LastModified = $LastModified.ToUniversalTime().ToString( "yyyy-MM-ddTHH:mm:ss.fff" )
# Update the Last Modified Datstamp
New-FimImportObject -ObjectType Person -State Put -AnchorPairs @{ObjectID=$ObjectID} -Changes @(
   New-FimImportChange -Operation Replace -AttributeName 'LastModified' -AttributeValue $LastModified
) -ApplyNow

3) Create a new attribute and bind it to a resource.

Note: This example is for the User (Person) resource type. You can add this attribute to any resource type you require.

MIM - LastModified - 1

MIM - LastModified - 2

MIM - LastModified - 3

MIM - LastModified - 4

MIM - LastModified - 5

MIM - LastModified - 6

MIM - LastModified - 7

MIM - LastModified - 8

MIM - LastModified - 9

4) Create the Action Workflow using the PowerShell Activity to execute the script provided above.

Note: This workflow requires you to have installed the PowerShell Workflow Activity for FIM.

MIM - LastModified - 10

MIM - LastModified - 11

MIM - LastModified - 12

MIM - LastModified - 13

MIM - LastModified - 14

MIM - LastModified - 15

MIM - LastModified - 16

5) Create a new Management Policy Rule to execute the Action workflow

Note: The example MPR does not grant permissions. Please ensure the executing context (FIM Service Account) has permission to update the LastModified attribute. It is recommended to create a seperate permission granting MPR to do this.

MIM - LastModified - 17

MIM - LastModified - 18

MIM - LastModified - 19

MIM - LastModified - 20

Warning: Ensure that you do not select the LastModified attribute for the object! Do not select All Attributes

MIM - LastModified - 21

MIM - LastModified - 22

6) To test we modify a User attribute and see two requests complete.

MIM - LastModified - 22

After the modification we see two requests. The first is the change initiated by the user.

MIM - LastModified - 23

MIM - LastModified - 24

After the modification we see two requests. The second is the lastmodified update.

MIM - LastModified - 25

MIM - LastModified - 26

Comments are closed.