FIM Functions Updated, Bitwise Functions

April 12, 2013

In addition to the official reference for functions I thought I would update my examples from back in the ILM 2 Beta days

Function Name

BitAnd

Parameters

  1. mask Type: Integer

  2. flag Type: Integer

Description

BitAnd is a bitwise operation anding mask and flag. So if Flag is the UserAccountControl Attribute in AD and mask is **-3
**(the 64-bit two’s complement of 2) Then the result is that the disable bit (bit 2) is turned off leaving all of the other bits unchanged.

To figure out what mask to use to turn off a bit multiply that number by negative 1 and then subtract one. To turn off bit 2 and the userAccountControl with -3. To turn off bit 16 – account is locked out and it with a -17.

Examples

BitAnd(-3, userAccountControl) 

Turn off the disable bit Flow the result into userAccountControl in AD to enable a user.

 

BitAnd(-3, 514) =512

if userAccountControl is 514 then the example gives us 512, which reactivates an account

 

BitAnd(-3, 512) =512

if it is 512 then it remains unchanged. The account was already active

 

BitAnd(-17, 528) =512
A locked out account (the bit in the 16’s place was on) was unlocked

 

BitAnd(-17, 512) =512
An account that was already unlocked was guaranteed to be unlocked

 

Eq( BitAnd(2,userAccountControl),2)
This is a test to see if an account in AD is currently disabled.  If so it will return a true otherwise it will return a false.

Function Name

BitOr

Parameters

  1. mask Type: Integer

  2. flag Type: Integer

Description

BitOr is a bitwise operation ORing mask and flag. So if Flag is the UserAccountControl Attribute in AD and mask is 2 Then the result is that the disable bit is turned on

Examples

BitOr(2, userAccountControl)
Turn on the disable bit. Flow the result into userAccountControl in AD to disable a user.

 

BitOr(2, 512) = 514
if userAccountControl is 512 then the example gives us 514.

 

BitOr(2, 514) = 514
if it is 514 then it remains unchanged.

Hopefully this helps you in your codeless provisioning quest.

Remember there are limitations like the output of IIF can’t feed into a function parameter expecting an Integer like the mask or the flag in BitAND or BitOR – and no, I am not BitOr about it. Without casting and conversion functions that is an obstacle that can’t be overcome using the FIM functions for that you may need to turn to custom workflows.

http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices