Today I want to announce a small GitHub project for a MIM workflow activity that allows taking control over Active Directory logonhours attribute and moving it to MIM.
LogonHoursActivity takes Allowed Logon Time value from a WorkflowData parameter (this value should be in a specific format), parse it, and converts it into a binary. The resulting binary value could be passed to Active Directory as is. Important point here is that during the conversion the activity honors person’s time zone as well.
- Download/compile LogonHoursActivity and add it to your MIM installation.
- Add several attributes (AllowedLogonTime(string), PermittedWorkHoursTemplate(string), ADLogonHours(binary)) and bind them to Person resource type.
- Add a couple of workflows and MPRs.
- Set AllowedLogonTime attribute for your keeping in mind special syntax (example of a valid value: Mo:8:20|Tue:7:23|We:8:20|Th:0:24|Fri:8:20|Sa:-|Su:-)
- In addition, you can use an optional attribute (like PermittedWorkHoursTemplate) to allow assignment of some pre-defined logon hours through selecting from a drop-down list. This will allow you to simplify the logon hours management process.
The main workflow “Calculate Logon Hours” will look like the following (it’s simplified here – in real cases you would need to take care about possible empty values for TimeZone etc.):
- Prepare parameters
- Run AD logonhours calculation (here’s the LogonHoursActivity placed)
- Store logon hours to a MIM binary attributes for further transferring it to Active Directory through outbound synchronization
You can download and evaluate MIMLogonHoursActivity from here: