Forefront Identity Manager (FIM) Custom Management Agent for CRM 2011 - Part 1

In this post I will share my experiences in developing a custom management agent for CRM 2011 in FIM. Since there is quite a bit to cover I have split this post into two parts, this being part 1.
Integration with FIM was quite a steep learning curve for me because I had little or not knowledge of how FIM works but after some playing around, reading articles, banging my head, i finally figured out and got something working. So to get started I will explain a little bit of what FIM does and what we are going to achieve by building a Management Agent for CRM 2011 in FIM.

FIM is the identity management solution from microsoft, but it does a whole lot of other stuff as well such as certificate management, self service password resets etc. It used to be called Identity Lifecycle manager and before that Microsoft Identity Integration server. It has four components

• FIM Syncronization Service
• FIM Service
• FIM Portal 
• FIM Certificate Management

I am not going to go into detail of all the components, I am just going to stick to what we really need for the purpose of creating a management agent for CRM 2011. You can read about the rest on MSDN and blogs etc. The FIM Synchronization Service is responsible for  passing identity information from one source to the other. This could be from a database such as Oracle  to AD, or from AD to other system such as the HR system or something else, in our case CRM 2011. FIM calls them connected data source or CDS. FIM Sync service can run by itself without the need for other components. To consume data from the CDS's FIM uses adapters which it calls Management Agents (MA). Some MA come pre packed with FIM such as for Active Directory, SQL, Flat Files, Oracle, SAP etc. What we don't have is a MA for CRM 2011, but this is quite straight forward to develop once you know how FIM works. FIM allows developers to create what it calls Extensible Connectivity Management Agent (ECMA) 2 which basically is some .net code that implements interfaces that FIM provides.

Implementation is good but understanding how FIM Sync service stores and pushes data between systems is in my mind critical to understanding how to create a Management Agent for CRM 2011. For this I refer you to these technet articles 1 , 2, 3 which explain the FIM Sync Service inner workings. After reading them you would know that FIM Sync service stores data in "Connector Space" and then pushes it to the "Metaverse". It is from the Metaverse that data is pushed to external system. In short inbound synchronization is populating authoritative data in the metaverse and outbound synchronization is populating from metaverse to external systems.
The msdn articles above also talk about FIM Service and Portal and use what is called declarative synchronization which is configured through the portal and FIM Service. I am going to show you  non-declarative synchronization in which we will be writing code.

What I wanted to achieve using FIM sync service was to automate the user creation process in CRM 2011, i.e. whenever a new user is created in Active Directory

• it is added as a user in CRM 2011
• put in appropriate business unit or team
• get appropriate security roles
• is disabled as soon as the the user is deleted in AD or account is disabled

This can be extended to whatever degree one wishes to, for example rules can be applied which can add / remove user to teams within CRM based on group membership in AD or SQL or some other system. The whole goal is automation and keeping all the systems in sync all the time without manual intervention.

Now that we have some background knowledge on FIM and our end goal, lets break down the steps that are involved.

1. Create MA for Active Directory (this is out of box)
2. Import Data (i.e. populate metaverse)
3. Create custom MA for CRM
1. Map attributes
4. Create metaverse Rules extension

The first thing we have to do is create an MA for Active Directory. This will allow us to pull data from AD into the FIM sync service data base (i.e. the metaverse). Once the data is there we will be ready to export it to our external system aka CRM 2011.
To create a MA for AD, on the MA tab click "Create", This will bring up the "Create Management Agent" box.

Next type in the active directory details, in my case it is contoso.com.

Next select the AD containers, in my case, it is ECMA2, which is an OU that I created specifically for testing purposes, you could leave it empty and that would select everything.

In the next screen, select the AD objects, ensuring that you select "user".

In the next screen, you need to select the AD attributes as shown below. It is an extensive list of attributes so you really should know which ones are needed, in my case since it was just an example, I am selecting only a few attributes such as the sAMAccountName which corresponds to your AD login.

In the screen "Connector Filter" just hit next as we are not going to specify any filters. In the "Join and Projection Rules" project "user" as shown below.

In the "Configure Attribute flow" map the attributes, here you will be mapping the AD attributes to the metaverse attributes. Since we are only interested in users we will be mapping "user" attributes to metaverse's "person" attributes as shown below.

Click next and in the Deprovisioning just select "make them disconnectors". Finally click okay.

This will create your AD MA. Now we will move onto creating the custom (aka ECMA 2) MA for CRM 2011.

To create the CRM MA we need to create a c# project, assuming that you have installed the FIM syncronization service, all you need to do is, go to  "Actions" -> Create Extension Projects ->  Extensible Connectivity 2.0 Extension

This will bring up a box to provide name of the project and select the type of project and Visual Studio version that you want to use, just select 2010.  The project created will contain a class with all the interfaces commented out as shown below:

using System;
using System.IO;
using System.Xml;
using System.Text;
using System.Collections.Specialized;
using Microsoft.MetadirectoryServices;

namespace FimSync_Ezma
{
    public class EzmaExtension :
    //IMAExtensible2CallExport,
    //IMAExtensible2CallImport,
    //IMAExtensible2FileImport,
    //IMAExtensible2FileExport,
    //IMAExtensible2GetHierarchy,
    //IMAExtensible2GetSchema,
    //IMAExtensible2GetCapabilities,
    //IMAExtensible2GetParameters,
    //IMAExtensible2GetPartitions
    {
        //
        // Constructor
        //
        public EzmaExtension()
        {
            //
            // TODO: Add constructor logic here
            //
        }
    };
}

We will need to uncomment IMAExtensible2CallExport, IMAExtensible2GetSchema, IMAExtensible2GetCapabilities, IMAExtensible2GetParameters, next we will have to right click and get Visual Studio to implement these interfaces for us.
The remainder will be covered in part 2 where we will writing the acutal code to create users and also implement the metaverse rules extension to populate the metaverse.
Till next time, Happy CRMing!

Embedding images in email, Dynamics CRM 2011 - Part 1

Today I am going to show you a way you can send emails with embedded images in CRM 2011 /2013 and for that matter Crm 4.0.
This is nothing new, you might say... images can be added by just copying the image which is available on a public URL and pasting it in the CRM email form and the image will appear.
If you thought this then you are definitely correct. However what if you had a requirement where the images could not be put on a public URL ( or CDN), how would you allow images then.
Well as a smart CRM developer you would say, mail merge? or have the email contain a document as attachment with the image, etc. etc. There are many ways it can be done.

Okay enough of the daddy talk, let me tell you another way which many of you probably already knew. Lets revisit emails and more importantly the MIME content disposition specification which details how email attachments are constructed and which governs how the email clients deal with your email. Essentially what this will tell you is that you can embed images inside the email if you create the attachment as "inline" and reference it is your email body.
To achieve in CRM, we will somehow need to interact with our outgoing email just before it is submitted to the SMTP server for delivery. We will have to convert our images to "inline" attachments and reference them in the email body so that on the other side they come out as email which contain images.

Now the fun part, To implement this we won't be doing adding anything extra to our CRM email form, we will still put the image in the email body as described above - copy -paste, but this time our image is no longer required to be on the a public URL or CDN, it can remain in our internal network. Our code will grab it form our internal network, convert it into a MIME inline attachment and reference it in the email body.

But where and how will we do this you ask? Well the plain old router, yes its the same router that we are all too used to, this time we will be extending the SMTP provider, specifically we will be creating a class that implements  SmtpPollingSendEmailProvider. We have to do this inorder to construct the email ourselves, replace the img tag with the equivalent mime attachment reference and also convert the image to an inline mime attachment.
We will override the Run method, grab the email that needs to be sent and use System.Net.Mail to construct an email, along with the attachment which we will read from the <img src=url>  and then send it through our configured smtp server.

That's it voila! email with embedded image.
In the next part I will share the code along with steps to extend the router to achieve this.

Happy CRMing.

Disclaimer: This method of embedding images is probably not the best performing option, your first choice should always be images that are on a CDN.