Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-08-05) FIM – Using PowerShell To Check The Initial Flow Configuration Of Your AD MA

Posted by Jorge on 2009-08-05


Info/Script by: Markus Vilcinskas, Technical Content Developer, Microsoft Corporation

Source: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/a7946d62-0c15-4ade-a27c-5ed802a33efe

When configuring outbound synchronization rules, you need to configure certain outbound flows as initial flows. In case of the AD MA, this includes the flows that are part of the relationship criteria and the DN attribute flow. This PowerShell script checks the initial flow configuration of your outbound synchronization rule and lists the attributes for which the initial attribute flows are missing. To run the script, you need to provide the DN of your AD MA as parameter. You can find a description for how to retrieve the DN here.

 

#-------------------------------------------------------------------------------------------------------------------------- if($args.count -ne 1) {throw "Missing DN parameter"} $srGuid = $args[0] #-------------------------------------------------------------------------------------------------------------------------- write-host "`nInitial Flow Config Check" write-host "======================" #-------------------------------------------------------------------------------------------------------------------------- $lstMA = @(get-wmiobject -class "MIIS_ManagementAgent" -namespace "rootMicrosoftIdentityIntegrationServer" -computername "." -filter "Type='Identity Lifecycle Management (ILM)'") if($lstMA.count -eq 0) {throw "There is no FIM MA configured"} #-------------------------------------------------------------------------------------------------------------------------- write-host "MA Name:" $lstMA[0].Name $ilmMAGuid = $lstMA[0].Guid $lstCs = @(get-wmiobject -class "MIIS_CSObject" -namespace "rootMicrosoftIdentityIntegrationServer" -computername "."filter "DN='$srGuid' and MaGuid = '$ilmMaGuid'") if($lstCs.count -eq 0) {throw "Synchronization Rule not found"} #-------------------------------------------------------------------------------------------------------------------------- [xml]$xmlDoc = $lstCs[0].Hologram if($xmlDoc.selectSingleNode("/entry/primary-objectclass").get_InnerText() -ne "SynchronizationRule") {throw ("Object is no synchronization rule!")} write-host "SR Name:" $xmlDoc.selectSingleNode("/entry/attr[@name='DisplayName']/value").get_InnerText() if($xmlDoc.selectSingleNode("/entry/attr[@name='FlowType']/value").get_InnerText() -eq "0x0") {throw "Synchronization rule is not outbound!"} if($xmlDoc.selectNodes("//entry/attr[@name='RelationshipCriteria']").count -eq 0) {throw "Relationship criteria not defined!"} [xml]$relNodes = $xmlDoc.selectSingleNode("//entry/attr[@name='RelationshipCriteria']/value").get_InnerText() [xml]$exportFlows = "<export-flows>" + $xmlDoc.selectSingleNode("//entry/attr[@name='InitialFlow']").get_InnerText() + "</export-flows>" $reqAttrs = @("dn") foreach($curNode in $relNodes.selectNodes("conditions/condition/csAttribute")) {$reqAttrs += $curNode.get_InnerText()} $missingAttr = @() foreach($attr in $reqAttrs) { if($exportFlows.selectNodes("/export-flows/export-flow[dest = '" + $attr + "']").count -eq 0) {$missingAttr += $attr} } #-------------------------------------------------------------------------------------------------------------------------- write-host "`nInitial export flow is missing for the following attributes:" if($missingAttr.length -eq 0) {write-host "None"} else { foreach($item in $missingAttr){write-host " - $item"} } write-host "" #-------------------------------------------------------------------------------------------------------------------------- trap { Write-Host "`nError: $($_.Exception.Message)" -foregroundcolor white -backgroundcolor darkred Exit } #--------------------------------------------------------------------------------------------------------------------------



Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: