-
Notifications
You must be signed in to change notification settings - Fork 4
Pre operation events
ACMA provides the ability to send events to objects in the database prior to an full import, delta import, or export operation.
Pre-operation events allow you to define a database query that searches for objects matching your criteria, and sends them an event. Event rules can be used to trigger constructors to execute in response to these events. Once all events have been processed, ACMA resumes the FIM import or export operation.
ACMA isn't running at all times, it is only active when invoked by the FIM synchronization service. Due to this aspect of the design, ACMA can't natively respond to temporal changes. While most constructors have execution rules that depend on the changing state of an object, (which is directly driven by FIM), rules that compare a DateTime value need to be evaluated outside of the object change process.
A temporal rule, such as expiryDate greater than today requires a trigger at the time the expiry date becomes greater than the current date. Neither the FIM synchronization service or ACMA have any temporal evaluation capability built in. Pre-operation events provide a way around this limitation. They perform a database query before each FIM operation and send events to objects that match the query.
For example, if we had a pre-operation event that search for all objects with an expiryDate greater than today, ACMA can find these objects and send an expiryDateLapsed event to them. This allows you to define constructors that look for this event (using an event rule), and perform the appropriate actions, such as disabling the account.
With appropriate indexing, pre-operation events execute very quickly, and do not significantly increase the start-up time of the MA.
The alternative to using pre-operation events, is to use the ACMA powershell cmdlets, and run a scheduled task once a day to find expired objects and either send the expiryDateLapsed event from there, or modify the appropriate attribute values yourself.
The correct solution depends on your environment. If you require only daily temporal updates, you can use the script method. If you want more frequent updates, pre-operation events provide the best way to do this.