Archive for the ‘Tooling/Scripting’ Category

(2011-09-06) Database Browsing/Editing Tool

Posted by Jorge on 2011-09-06

Have you ever had the need to quickly browse and/or edit a database on some database server without installing SQL Management Studio (for SQL Server) or some other huge database management tool, incl. the ones for other database formats? Well, look no further! I found this very interesting Database browsing/editing tool that assisted me in working with the attribute store that I had configured for my ADFSv2 test environment. You cannot compare it with SQL Management Studio for example, with it supports a huge interesting features which work me. I used this a lot in my test environment when I need to browse/edit a database from a server not hosting SQL Server.

ORIGINAL SOURCE FOR THE TEXT/PICTURES BELOW: http://blogs.microsoft.co.il/blogs/doli/archive/2011/07/20/free-tool-database-browser.aspx

Database Browser is an easy to use, free portable tool, which can connect to a variety of database types and browse or modify data, run SQL scripts, export and print data.

This tool is free and portable
The browser supports variety of direct databases connections :
- Oracle
- Microsoft Sql Server
- ODBC
- MySql
- OleDB
- PostgreSQL
- SQLite
- Microsoft Sql Server Compact
- Interbase
- Firebird

Supported OS :
- Windows 2000
- Windows XP
- Windows Vista
- Windows 7

Easy Table browsing – just click on the table name and the content will be shown on the right pane

Supports Unlimited number of connections
Switch between connections by clicking the desired connection

Easy-to-use search mechanism

you do not need to use SQL query

You can edit your table as if it was an excel sheet
- change column order
- sort column
- use filters
- …

You can preview and print your tables

Import/Export data from/to Excel

SQL Builder supporting a wide range of databases types

Alternatively, You can write your own SQL statement

Execution Log

The browser has a very important button – read only mode button

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in IT Pro Tools, Tooling/Scripting | Leave a Comment »

(2011-07-10) Transferring And Seizing FSMO Roles Through GUI, Command Line Or PowerShell

Posted by Jorge on 2011-07-10

AD uses a multi-master replication mechanism, meaning that updates can originate on any RWDC. For all kinds of services AD is highly redundant assuming you have more than one RWDC. Within AD some operations cannot operate using the multi-master principle, but rather use the single-master principle to ensure consistency. The roles for those operations are the so called Flexible Single Masters of Operations (FSMO). From a forest perspective two forest wide FSMO roles exist and from a domain perspective three domain wide FSMO roles exist. Below you will find which one is which.

When FSMOs become unavailable, depending on the scenario you may need to transfer or seize the corresponding FSMO role(s). With regards to FSMO role transfer or seizure, please see "Moving FSMO Roles From One DC To Another DC". After a seizure the old FSMO role owner should never be brought online again. It should at least be force demoted while not connected to the network and its metadata in the AD should be cleaned.

To transfer/seize FSMOs through a GUI you can use:

AD Schema Management MMC (For Schema FSMO)
AD Domain And Trusts MMC (For Domain Naming Master FSMO)
AD Users And Computers MMC (For PDC FSMO, RID FSMO and IM FSMO)

If you want to do this through the command line or PowerShell you can also use:

NTDSUTIL
- NTDSUTIL
- Roles
- Connections
- Connect to server <FQDN NEW DC>
- Quit
- To Transfer FSMOs
  - Schema FSMO –> Transfer schema master
  - Domain Naming FSMO –> Transfer naming master
  - PDC FSMO –> Transfer PDC
  - RID FSMO –> Transfer RID master
  - Infrastructure FSMO –> Transfer infrastructure master
- To Seize FSMOs
  - Schema FSMO –> Seize schema master
  - Domain Naming FSMO –> Seize naming master
  - PDC FSMO –> Seize PDC
  - RID FSMO –> Seize RID master
  - Infrastructure FSMO –> Seize infrastructure master
- Quit
- Quit
ADMOD
- To Transfer FSMOs
  - Schema FSMO (leverages "becomeSchemaMaster" operational attribute) –> ADMOD [-h <FQDN NEW DC>] -sc xferschema
  - Domain Naming FSMO (leverages "becomeDomainMaster" operational attribute) –> ADMOD [-h <FQDN NEW DC>] -sc xferdm
  - PDC FSMO (leverages "becomePdc" operational attribute) –> ADMOD [-h <FQDN NEW DC>] -sc xferpdc:<domain SID> (<domain SID> can be found on the rooDSE of any DC in the objectSid attribute)
  - RID FSMO (leverages "becomeRidMaster" operational attribute) –> ADMOD [-h <FQDN NEW DC>] -sc xferrid
  - IM FSMO (leverages "becomeInfrastructureMaster" operational attribute) –> ADMOD [-h <FQDN NEW DC>] -sc xferim
- To Seize FSMOs
  - Schema FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> ADMOD [-h <FQDN NEW DC>] -b "CN=Schema,CN=Configuration,DC=<forest root domain>,DC=<tld>" "fSMORoleOwner::CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>"
  - Domain Naming FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> ADMOD [-h <FQDN NEW DC>] -b "CN=Partitions,CN=Configuration,DC=<forest root domain>,DC=<tld>" "fSMORoleOwner::CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>"
  - PDC FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> ADMOD [-h <FQDN NEW DC>] -b "DC=<domain>,DC=<tld>" "fSMORoleOwner::CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>"
  - RID FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> ADMOD [-h <FQDN NEW DC>] -b "CN=RID Manager$,CN=System,DC=<domain>,DC=<tld>" "fSMORoleOwner::CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>"
  - IM FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> ADMOD [-h <FQDN NEW DC>] -b "CN=Infrastructure,DC=<domain>,DC=<tld>" "fSMORoleOwner::CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>"
Regular PowerShell CMDlets (leveraging ADSI)
- To Transfer FSMOs
  - $objRootDSE = [ADSI]"LDAP://<FQDN NEW DC>/rootDSE"
  - Schema FSMO (leverages "becomeSchemaMaster" operational attribute) –> $objRootDSE.Put("becomeSchemaMaster", "1")
  - Domain Naming FSMO (leverages "becomeDomainMaster" operational attribute) –> $objRootDSE.Put("becomeDomainMaster", "1")
  - PDC FSMO (leverages "becomePdc" operational attribute) –> $objRootDSE.Put("becomePdc", (([adsi]"").objectsid)[0])
  - RID FSMO (leverages "becomeRidMaster" operational attribute) –> $objRootDSE.Put("becomeRidMaster", "1")
  - Infrastructure FSMO (leverages "becomeInfrastructureMaster" operational attribute) –> $objRootDSE.Put("becomeInfrastructureMaster", "1")
  - $objRootDSE.SetInfo()
- To Seize FSMOs
  - Schema FSMO (just hijacks the attribute by writing new attribute value, no checks performed)
    - $objDN = [ADSI]"LDAP://<FQDN NEW DC>/CN=Schema,CN=Configuration,DC=<forest root domain>,DC=<tld>"
    - $objDN.Put("fSMORoleOwner", "CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>")
    - $objDN.SetInfo()
  - Domain Naming FSMO (just hijacks the attribute by writing new attribute value, no checks performed)
    - $objDN = [ADSI]"LDAP://<FQDN NEW DC>/CN=Partitions,CN=Configuration,DC=<forest root domain>,DC=<tld>"
    - $objDN.Put("fSMORoleOwner", "CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>")
    - $objDN.SetInfo()
  - PDC FSMO (just hijacks the attribute by writing new attribute value, no checks performed)
    - $objDN = [ADSI]"LDAP://<FQDN NEW DC>/DC=<domain>,DC=<tld>"
    - $objDN.Put("fSMORoleOwner", "CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>")
    - $objDN.SetInfo()
  - RID FSMO (just hijacks the attribute by writing new attribute value, no checks performed)
    - $objDN = [ADSI]"LDAP://<FQDN NEW DC>/CN=RID Manager$,CN=System,DC=<domain>,DC=<tld>"
    - $objDN.Put("fSMORoleOwner", "CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>")
    - $objDN.SetInfo()
  - IM FSMO (just hijacks the attribute by writing new attribute value, no checks performed)
    - $objDN = [ADSI]"LDAP://<FQDN NEW DC>/CN=Infrastructure,DC=<domain>,DC=<tld>"
    - $objDN.Put("fSMORoleOwner", "CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<forest root domain>,DC=<tld>")
    - $objDN.SetInfo()
W2K8R2 AD PowerShell CMDlets
- Import-Module ActiveDirectory
- To Transfer FSMOs
  - Schema FSMO –> Move-ADDirectoryServerOperationMasterRole -Identity <FQDN NEW DC> -OperationMasterRole SchemaMaster
  - Domain Naming FSMO –> Move-ADDirectoryServerOperationMasterRole -Identity <FQDN NEW DC> -OperationMasterRole DomainNamingMaster
  - PDC FSMO –> Move-ADDirectoryServerOperationMasterRole -Identity <FQDN NEW DC> -OperationMasterRole PDCEmulator
  - RID FSMO –> Move-ADDirectoryServerOperationMasterRole -Identity <FQDN NEW DC> -OperationMasterRole RIDMaster
  - Infrastructure FSMO –> Move-ADDirectoryServerOperationMasterRole -Identity <FQDN NEW DC> -OperationMasterRole InfrastructureMaster
- To Seize FSMOs
  - Schema FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject [-Server <FQDN NEW DC>] -Identity "CN=Schema,CN=Configuration,DC=<forest root domain>,DC=<tld>" -Replace @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - Domain Naming FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject [-Server <FQDN NEW DC>] -Identity "CN=Partitions,CN=Configuration,DC=<forest root domain>,DC=<tld>" -Replace @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - PDC FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject [-Server <FQDN NEW DC>] -Identity "DC=<domain>,DC=<tld>" -Replace @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - RID FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject [-Server <FQDN NEW DC>] -Identity "CN=RID Manager$,CN=System,DC=<domain>,DC=<tld>" -Replace @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - IM FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject [-Server <FQDN NEW DC>] -Identity "CN=Infrastructure,DC=<domain>,DC=<tld>" -Replace @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
Quest AD PowerShell CMDlets
- Add-PSSnapin Quest.ActiveRoles.ADManagement
- To Transfer FSMOs
  - I have not been able to achieve this with the Quest PowerShell CMDlets. Use the regular PowerShell CMDlets instead which leverage ADSI (see above)
- To Seize FSMOs
  - Schema FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-QADObject -Identity "CN=Schema,CN=Configuration,DC=<forest root domain>,DC=<tld>" -ObjectAttributes @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - Domain Naming FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-QADObject -Identity "CN=Partitions,CN=Configuration,DC=<forest root domain>,DC=<tld>" -ObjectAttributes @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - PDC FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject -Identity "DC=<domain>,DC=<tld>" -ObjectAttributes @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - RID FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject -Identity "CN=RID Manager$,CN=System,DC=<domain>,DC=<tld>" -ObjectAttributes @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}
  - IM FSMO (just hijacks the attribute by writing new attribute value, no checks performed) –> Set-ADObject -Identity "CN=Infrastructure,DC=<domain>,DC=<tld>" -ObjectAttributes @{fSMORoleOwner=’CN=NTDS Settings,CN=<New DC Name>,CN=Servers,CN=<Site Name>,CN=Sites,CN=Configuration,DC=<domain>,DC=<tld>’}

For more information about FSMO roles see "Operations master roles" and "FSMO Roles".

Posted in Active Directory Domain Services (ADDS), Batch Script, PowerShell, Tooling/Scripting, VB Script | 1 Comment »

(2010-07-29) Windows Server Core Configurator

Posted by Jorge on 2010-07-29

With Windows Server 2008, Microsoft introduced Server Core into the Windows Server operating system, which is a new installation option. Summarized: Windows Server WITH a GUI is Full Server and Windows Server WITHOUT a GUI is Server Core. You could also call it "Windows without Windows" or "Windows Command Prompt".

Server Core has limited support for GUIs. Because of that a lot of the stuff locally must be done through Command Line Tools already in the operating system or third-party (free) tools. A non-exhaustive list of command line tools in Server Core can be found here.

Server Core is the perfect Windows Server option with the lowest attack surface you can imagine. Lots of the baggage that Full Server has is not available. If it is not available there’s not much left to attack.

Although perfect in terms of security, admins may not feel that well because they do not always know all the required command line utilities with their options to do something on the server.

A while ago, the Server Core Configurator was born which allowed an admin to use a GUI to do stuff locally on Server Core. The story about that tool can be found here. Unfortunately that tool is not available anymore to download. So, what are the options now?

On codeplex you will find two versions of Windows Server Core Configurator. Version 1.1 can be used on Windows Server 2008 Server Core (x86 and x64) and on Windows Server 2008 R2 Server Core (x64 only) because it is based upon VB Script. Version 2.0 can only be used on Windows Server 2008 R2 Server Core (x64 only) because it leverages PowerShell. The required features are "NetFx-ServerCore Feature" and "PowerShell" and both are only available on the Server Core version of Windows Server 2008 R2. As soon as you start version 2.0 it checks for the required features. If those are not installed, then those will be installed. If you are using Server Core on Windows Server 2008 R2, I really suggest you use version 2.0 of the Windows Server Core Configurator. The GUI is amazing!

Have a look at some screenshots for both versions.

"Windows Server Core Configurator Version 1.1"

"Windows Server Core Configurator Version 2.0"

Isn’t this just COOL?!

Posted in Tooling/Scripting, Windows Server | Leave a Comment »

(2010-06-28) dotNET Verification Tool

Posted by Jorge on 2010-06-28

FIM 2010 and a lot of other apps use some kind of version of .NET Framework. If you want to check the health and status of the .NET Framework version(s) you have installed, then you can use the .NET Framework Verification Tool.

SOURCE: http://blogs.msdn.com/b/astebner/archive/2008/10/13/8999004.aspx

=============================================================================================

.NET Framework Setup Verification Tool User’s Guide

Introduction

This .NET Framework setup verification tool is designed to automatically perform a set of steps to verify the installation state of one or more versions of the .NET Framework on a computer. It will verify the presence of files, directories, registry keys and values for the .NET Framework. It will also verify that simple applications that use the .NET Framework can be run correctly.

Download location

The .NET Framework setup verification tool is available for download at the following locations:

REMARK: The .zip file that contains the tool also contains a file named history.txt that lists when the most recent version of the tool was published and what changes have been made to the tool over time.

Supported products

The .NET Framework setup verification tool supports removing the following products:

.NET Framework 1.0
.NET Framework 1.1
.NET Framework 1.1 SP1
.NET Framework 2.0
.NET Framework 2.0 SP1
.NET Framework 2.0 SP2
.NET Framework 3.0
.NET Framework 3.0 SP1
.NET Framework 3.0 SP2
.NET Framework 3.5
.NET Framework 3.5 SP1
.NET Framework 4 Client
.NET Framework 4 Full

By default, the .NET Framework setup verification tool will only list versions of the .NET Framework that it detects are installed on the computer that it is being run on. As a result, the tool will not list all of the above versions of the .NET Framework. This product filtering can be overridden by running the .NET Framework setup verification tool with the following command line switch:

–> netfx_setupverifier.exe /q:a /c:"setupverifier.exe /a"

Silent installation mode

The .NET Framework setup verification tool supports running in silent mode. In this mode, the tool will run without showing any UI, and the user must pass in a version of the .NET Framework to verify as a command line parameter. To run in silent mode, you need to download the verification tool .zip file, extract the file netfx_setupverifier.exe from the .zip file, and then run it using syntax like the following:

–> netfx_setupverifier.exe /q:a /c:"setupverifier.exe /p <name of product to verify>"

The value that you pass with the /p switch to replace <name of product to verify> in this example must exactly match one of the products listed in the Supported products section above. For example, if you would like to run the tool in silent mode and verify the install state of the .NET Framework 2.0, you would use a command line like the following:

–> netfx_setupverifier.exe /q:a /c:"setupverifier.exe /p .NET Framework 2.0"

Exit codes

The cleanup tool can returns the following exit codes:

0 – cleanup completed successfully for the specified product
1 – the required file setupverifier.ini was not found in the same path as setupverifier.exe
2 – a product name was passed in that cannot be verified because it does not support installing on the OS that the tool is running on
3 – a product name was passed in that does not exist in setupverifier.ini
100 – verification failed for the specified product
1602 – verification was canceled

Log files

This verification tool creates 2 log files by default that can be used to determine what actions the tool is taking and what errors it encounters while verifying a product. The 2 log files are listed below, and they are created in the %temp% directory by default. Note that you can find the %temp% directory by clicking on the Windows start menu, choosing Run, typing %temp% and clicking OK to open the directory in Windows Explorer.

%temp%setupverifier_main_*.txt – this log contains information about all actions taken during a verification tool session; it will include information about each resource that the tool attempts to verify for a chosen product and whether or not that resource was found on the system; this log tends to be fairly long, so errors will be logged with the prefix ****ERROR**** to make it easy to search and find them
%temp%setupverifier_errors_*.txt – this log only contains information about any errors found during verification of a chosen product
%temp%setupverifier_netfx20testapp_*.txt – this log contains error information for the .NET Framework test application that is run by the verification tool. This log will only be created if there is an error while running the test application.

A new pair of log files will be created each time the verification tool is launched. The date and time the tool is launched will be appended to the end of the log file names by default in place of the * in the names listed above. If you want to control the exact names used for the log files, you can use the following command line parameters:

/l <filename> – specifies a name to replace the default value of setupverifier_main_*.txt for the main activity log for the verification tool
/e <filename> – specifies a name to replace the default value of setupverifier_errors_*.txt for the error log for the verification tool

For example, the following command line will allow you to specify non-default names for both log files:

–> netfx_setupverifier.exe /q:a /c:"setupverifier.exe /l %temp%my_main_log.txt /e %temp%my_error_log.txt"

=============================================================================================

Posted in Tooling/Scripting, Windows Client, Windows Server | Leave a Comment »

(2010-05-18) Boot From USB In VMware Workstation

Posted by Jorge on 2010-05-18

For years I have been using VMware Workstation as the desktop virtualization for all my demoing, testing and learning needs. It fulfills all the needs I have with regards to flexibly using virtualization technology in the broadest sense. I have always tried to find the barriers of the product and I was able to do really a lot with it. One thing that has not been possible with VMware Workstation (even in the latest available version) is booting from USB. The VMware BIOS does not provide an option to boot from external media.

With something I found recently, you only need to be able to boot from CD/DVD and the ability to load an ISO file OR be able to boot from Floppy and the ability to load an IMG file.

The tool I use is called "PLoP Boot Manager" and it can be downloaded from here.

After configuring the BIOS to boot either from Floppy or CD/DVD you need to load the IMG or ISO file (depending on what you used to boot). After doing this you will see a screen similar to the following.

As you can see, it list all kinds of options to boot from. In the case you see above it list the 4 partitions my VM has. The OS is installed on Partition2 so only that partition would be bootable at the time. But, again as you see it lists also other options to boot from, including USB.

As soon as you select an option and hit ENTER, it will hand over the boot process to the option selected. This works perfectly! Try it yourself.

I have not tested this with other virtualization technologies (e.g. Hyper-V or ESX), but I expect it is also possible to use the same way I described above.

Posted in Tooling/Scripting, Virtualization | 1 Comment »

(2009-10-04) FIM – FIM Provisioning Configuration Documenter

Posted by Jorge on 2009-10-04

Info/Script by: Markus Vilcinskas, Technical Content Developer, Microsoft Corporation

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/121e04f2-7b13-44b8-8854-b41fc1fbff76

Description:

The FIM Provisioning Configuration Documenter is a script to create a report of your current provisioning configuration

The Provisioning Type field is only displayed, when provisioning is enabled on your FIM computer.

Possible values for this field are:

sync-rule
scripted
both

Get the script/tool from here.

Posted in Forefront Identity Manager (FIM) Portal, Forefront Identity Manager (FIM) Sync, PowerShell, Tooling/Scripting | Leave a Comment »

(2009-10-04) FIM – FIM Object Visualizer

Posted by Jorge on 2009-10-04

Info/Script by: Markus Vilcinskas, Technical Content Developer, Microsoft Corporation

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/3ac18e4b-c4db-457c-8030-149037ef9d1a

Description:

The FIM Object Visualizer is a community script to display and document configurable objects such as Synchronization Rules, Workflows and Management Policy Rules:

Display – because the script has a UI to render your configuration
Document – because you can copy a displayed configuration to the clipboard and save it to a file.

The script is based on the HTA (HTML Application) framework – a framework that enables you to develop scripts that look like Windows applications without the need of writing code in Visual Studio.

Important: To run the script, you need a FIM server with PowerShell installed. Please read the FIM ScriptBox Read Me First prior to running this script

The FIM Object Visualizer is a customizable community script to display and document configurable objects such as Synchronization Rules, Workflows and Management Policy Rules. You can use this script to document your current FIM deployment or to provide configuration information in case of a troubleshooting scenario. The script consists of two main components:

Data Request
Data Display

The script assumes that all PowerShell scripts that are located in the Collection folder are scripts to request object information from your FIM server. When you start the script, the script code locates all these scripts and adds them to the left list box in the toolbar:

To request new or update existing object information for a specific object type, select the object type you are interested in from the list box, and then click Get Objects. You can extend the number of supported object types by adding additional PowerShell scripts to the Collection folder. The second list box lists the object types for which you have already requested object information. To list the display names for an object type, select the object type from the list box, and then click Get Names:

To display the configuration of an object, click the object’s display name:

As mentioned earlier in this post, the FIM Object Visualizer is a community tool. This means, the objective of this download is to get you started with the process of documenting your deployment; however, I expect that you will modify the components of this script. For example, if you don’t like the "look & feel" of how an object type is rendered, you can easily customize it by modifying the related XSLT file. If you have questions, comments or even extensions for this script, please respond to this post.

Get the script/tool from here.

Posted in Forefront Identity Manager (FIM) Portal, PowerShell, Tooling/Scripting | Leave a Comment »

(2009-08-05) FIM – FIM MA Attribute Flow Documenter

Posted by Jorge on 2009-08-05

Info/Script by: Markus Vilcinskas, Technical Content Developer, Microsoft Corporation

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/ebe5bac8-e8b3-4501-afda-df46439fffd9

Description:

The FIM MA Attribute Flow Documenter generates a report of the import and export attribute flow configuration of your FIM MA:

Important: To run the script, you need a FIM server with PowerShell installed.

If you have installed PowerShell on your FIM server, make sure that it is configured to allow running scripts. The command to verify this is "get-executionpolicy". To enable all Windows PowerShell scripts to run, use the following command: "set-executionpolicy unrestricted". Please see the PowerShell documentation for more details.

Posted in Forefront Identity Manager (FIM) Sync, PowerShell, Tooling/Scripting | Leave a Comment »

(2009-08-05) FIM – FIM Attribute Flow Precedence Viewer

Posted by Jorge on 2009-08-05

Info/Script by: Markus Vilcinskas, Technical Content Developer, Microsoft Corporation

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/ec8732ca-54dc-46ce-ae17-fd5b92fc95d1

Description:

The FIM Attribute Flow Precedence Viewer is a script to display and document your metaverse attribute population:

Display – because the script has a UI to render your configuration
Document – because you can copy a displayed configuration to the clipboard and save it to a file.

The script is based on the HTA (HTML Application) framework – a framework that enables you to develop scripts that look like Windows applications without the need of writing code in Visual Studio.

Important: To run the script, you need a FIM server with PowerShell installed.

To display the attribute flow precedence configuration for an object type, select the object type you care about, and then click Display:

Here is a screenshot a sample run:

Get the script/tool from here.

Posted in Forefront Identity Manager (FIM) Sync, PowerShell, Tooling/Scripting | Leave a Comment »

(2009-08-05) FIM – FIM CS Synchronization Rule Viewer

Posted by Jorge on 2009-08-05

Info/Script by: Markus Vilcinskas, Technical Content Developer, Microsoft Corporation

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/983e05ec-c1fc-4214-8e8d-1fe70377f8b1

Description:

The FIM CS Synchronization Rule Viewer is a script to display and document your FIM synchronization rules:

Display – because the script has a UI to render your configuration
Document – because you can copy a displayed configuration to the clipboard and save it to a file.

The script is based on the HTA (HTML Application) framework – a framework that enables you to develop scripts that look like Windows applications without the need of writing code in Visual Studio.

Important: To run the script, you need a FIM server with PowerShell installed.

When running the script, you need to provide the Distinguished Name of the synchronization rule you want to display. To retrieve the attribute value, use the connector space search:

You can then copy the Distinguished Name from the Connector Space Object Properties dialog:

To display the synchronization rule, click Display:

Get the script/tool from here.

REMARK: Markus also created a "FIM CS Synchronization Rule Viewer Plus" for which it is not needed to determine the DN of the synchronization rule. You just select the synchronization rule from the GUI. For more info about that, check out this.

Posted in Forefront Identity Manager (FIM) Portal, PowerShell, Tooling/Scripting | Leave a Comment »

« Previous Entries

Jorge's Quest For Knowledge!

All about Windows Server, ADDS, ADFS & ILM/FIM (It is just like an addiction, The more you have, the more you want to have!)

Profiles

Statistics

Other Cool Blogs

Interesting Places To Visit

The Knowledge Archives

RSS Links

Email Subscription

Categories

Archive for the ‘Tooling/Scripting’ Category

(2011-09-06) Database Browsing/Editing Tool

(2011-07-10) Transferring And Seizing FSMO Roles Through GUI, Command Line Or PowerShell

(2010-07-29) Windows Server Core Configurator

(2010-06-28) dotNET Verification Tool

(2010-05-18) Boot From USB In VMware Workstation

(2009-10-04) FIM – FIM Provisioning Configuration Documenter

(2009-10-04) FIM – FIM Object Visualizer

(2009-08-05) FIM – FIM MA Attribute Flow Documenter

(2009-08-05) FIM – FIM Attribute Flow Precedence Viewer

(2009-08-05) FIM – FIM CS Synchronization Rule Viewer

All about Windows Server, ADDS, ADFS & ILM/FIM (It is just like an addiction, The more you have, the more you want to have!)

Profiles

Statistics

Other Cool Blogs

Interesting Places To Visit

The Knowledge Archives

RSS Links

Email Subscription

Categories

Archive for the ‘Tooling/Scripting’ Category

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: