Microsoft Identity Manager documentation for ProxyAddressCollection management with a MIMWAL update resources workflow activity. The workflow is split into 4 steps and should be triggered by a MPR as soon as a ProxyAddressCollection relevant attribute is changed (e.g. MailNickName or MailDomain).
This process is highly dependent on the requirements and varies from company to company. Please see this only as a basis for development. Daniel Malmgren has also published an example: https://social.technet.microsoft.com/wiki/contents/articles/37997.mim2016-mimwal-create-workflow-for-changing-e-mail-address.aspx which served as a basis for me. The main difference in my solution is the better error handling should new values already be in the ProxyAddressCollection and the inclusion of another mail domain and SIP address.
- Adds the old primary SMTP as secondary SMTP
- Removes the new primary SMPT if it's already in ProxyAddressCollection as secondary SMTP
- Checks if updates are truly required
- Manages mail addresses for two mail domains (both whith the same MailNickName)
- Error handling for differences between upper and lower case letters
- Build new values (mail addresses, sip address, UPN) - Save to WorkflowData
- Get current values from ProxyAddressCollection via iteration - Save to WorkflowData
- Determine required updates - Save to WorkflowData
- Update attributes on user
Selected Option | Value |
---|---|
ActivityExecutionCondition | |
ActorString | |
ActorType | Service |
Advanced | False |
ApplyAuthorizationPolicy | False |
Iteration | |
QueryResources | False |
ResolveDynamicGrammar | False |
Source Expression | Target | Allow Null |
---|---|---|
[//Target/MailNickname] |
$MailNickname |
false |
[//Target/MailDomain] |
$MailDomain |
false |
[//Target/SecondaryMailDomain] |
$SecondaryMailDomain |
false |
IIF(IsPresent($MailDomain),$MailNickname + "@" + $MailDomain,Null()) |
$NewUPN |
false |
$NewUPN |
[//WorkflowData/NewUPN] |
false |
IIF(IsPresent($NewUPN),"SMTP:" + $NewUPN,Null()) |
[//WorkflowData/NewPrimarySMTP] |
false |
IIF(IsPresent($NewUPN),"SIP" + ":" + $NewUPN,Null()) |
[//WorkflowData/NewPrimarySIP] |
false |
IIF(IsPresent($SecondaryMailDomain),"smtp:" + $MailNickname + "@" + $SecondaryMailDomain,Null()) |
[//WorkflowData/NewSecondarySMTP] |
false |
[//Target/MailNickname] |
$MailNickname |
false |
Selected Option | Value |
---|---|
ActivityExecutionCondition | |
ActorString | |
ActorType | Service |
Advanced | True |
ApplyAuthorizationPolicy | False |
Iteration | [//Target/ProxyAddressCollection] |
QueryResources | False |
ResolveDynamicGrammar | False |
Source Expression | Target | Allow Null |
---|---|---|
IIF(Eq(Left([//Value],5),"SMTP:",true),[//Value],Null()) |
[//WorkflowData/OldPrimarySMTP] |
false |
IIF(Eq(Left([//Value],4),"SIP:",true),[//Value],Null()) |
[//WorkflowData/OldPrimarySIP] |
false |
IIF(Eq([//WorkflowData/NewPrimarySMTP],[//Value]),[//Value],Null()) |
[//WorkflowData/PrimarySmtpToRemove] |
false |
IIF(Eq([//WorkflowData/NewPrimarySIP],[//Value]),[//Value],Null()) |
[//WorkflowData/PrimarySipToRemove] |
false |
- Iteration over ProxyAddressCollection
- The search for old primary values is case sensitive
- The search if the new values are already in the ProxyAddressCollection is case insensitive
Selected Option | Value |
---|---|
ActivityExecutionCondition | |
ActorString | |
ActorType | Service |
Advanced | False |
ApplyAuthorizationPolicy | False |
Iteration | |
QueryResources | False |
ResolveDynamicGrammar | False |
Source Expression | Target | Allow Null |
---|---|---|
Not(Eq("SMTP:"+[//WorkflowData/NewUPN],[//WorkflowData/OldPrimarySMTP])) |
[//WorkflowData/UpdatePrimarySMTP] |
false |
Not(Eq("SIP:"+[//WorkflowData/NewUPN],[//WorkflowData/OldPrimarySIP])) |
[//WorkflowData/UpdatePrimarySIP] |
false |
Not(Contains([//Target/ProxyAddressCollection],[//WorkflowData/NewSecondarySMTP])) |
[//WorkflowData/UpdateSecondarySMTP] |
false |
You will notice I build the new primary SMTP and SIP again instead of using my already populated value in WorkflowData. I have seen issues during testing where the case sensitive was not maintained in WorkflowData
Selected Option | Value |
---|---|
ActivityExecutionCondition | |
ActorString | |
ActorType | Service |
Advanced | False |
ApplyAuthorizationPolicy | False |
Iteration | |
QueryResources | False |
ResolveDynamicGrammar | False |
Source Expression | Target | Allow Null |
---|---|---|
[//WorkflowData/NewUPN] |
[//Target/Upn] |
false |
[//WorkflowData/NewUPN] |
[//Target/Email] |
false |
IIF([//WorkflowData/UpdatePrimarySMTP],RemoveValues([//WorkflowData/OldPrimarySMTP]),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdatePrimarySMTP],RemoveValues([//WorkflowData/PrimarySmtpToRemove]),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdatePrimarySMTP],InsertValues("SMTP:"+[//WorkflowData/NewUPN]),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdatePrimarySMTP],InsertValues(ReplaceString([//WorkflowData/OldPrimarySMTP],"SMTP:","smtp:")),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdatePrimarySIP],RemoveValues([//WorkflowData/OldPrimarySIP]),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdatePrimarySIP],RemoveValues([//WorkflowData/PrimarySipToRemove]),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdatePrimarySIP],InsertValues("SIP:"+[//WorkflowData/NewUPN]),Null()) |
[//Target/ProxyAddressCollection] |
false |
IIF([//WorkflowData/UpdateSecondarySMTP],InsertValues([//WorkflowData/NewSecondarySMTP]),Null()) |
[//Target/ProxyAddressCollection] |
false |