Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-12-11) Experiences And/Or Differences With FIM2010 RC1 So Far (Part 3)

Posted by Jorge on 2009-12-11

Export/Import Portal Configuration

In ILM 2007 you were able to export the complete Sync Engine configuration and move that to some other instance instead of reconfiguration everything manually. That saved you a lot of work AND mistakes! Although it is possible export/import individual Mas, you need to be careful about that precedence configuration may not be configure the same as with the instance where you did the export. Sometimes it may be better to export the complete server configuration!

In ILM "2" RC0 it was not possible to export ANYTHING from the portal. So, you basically had to reconfigure stuff over and over and over again, until you get annoyed and start dying to be able to use FIM 2010 RC1! Why? FIM 2010 RC1 does allow you to export and import the portal configuration through PowerShell CMDlets. YES ! YES ! YES!!!!!!!!!!!

So, how do you do this? Follow the next steps:

  • Start PowerShell
  • Execute: Add-PSSnapin FIMautomation

The following FIM CMDlets become available:

  • Export-FIMConfig
    • The Export-FIMConfig cmdlet extracts configuration objects from the FIM Service using the web service interface. The cmdlet recursively follows references contained in objects in order to extract a full representation of the service’s configuration. If a reference points to an object which is not marked as a configuration object, the cmdlet downloads the entire representation but does not follow any references.
  • Import-FIMConfig
    • The Import-FIMConfig cmdlet takes in a list of ImportObject objects and executes the web service calls. Please be warned that all ImportObjects sent to Import will be executed. As objects are created, the references are automatically resolved in subsequent update and create operations.
  • Join-FIMConfig
    • The Join-FIMConfig cmdlet takes two lists of Export Objects and joins them into Match Objects. The cmdlet performs the join using criteria specified as arguments to the cmdlet. The join criteria is specific attributes to compare using case-sensitive matching. You may specify individual join criteria for each object type. For example, you may join on EmployeeID for Person and MailNickname for Groups. You may also use multiple attributes as join criteria. For example, you may join ConstantSpecifier objects on both the DisplayName and Value. No default join criteria is provided. The reason you must specify the join criteria is to ensure that this tool joins on attributes or collections of attributes that are unique in your organization.
  • Compare-FIMConfig
    • The Compare-FIMConfig cmdlet takes in a list of MatchObject and performs an attribute-level comparison on the source and target objects. The cmdlet returns a list of changes to make to the target system such that it looks like the source system. The list of changes is guaranteed to be in precedence order. For example, if a Workflow Definition references an Email Template, then the cmdlet guarantees that the EmailTemplate exists prior to creating the WorkflowDefinition. All objects are processed generically without regard to object type except for ManagementPolicyRule objects. These objects are processed in a special way: the cmdlet guarantees that all dependent sets are updated prior to workflow definitions.
  • ConvertFrom-FIMResource
    • The ConvertFrom-FIMResource serializes objects used elsewhere in the FIM Automation Snapin into xml. The motiviation of this cmdlet is so you can save intermediate work and transfer it among computers. The cmdlet serializes the objects using XmlObjectSerializer in .NET. It is necessary to use this cmdlet over Export-Clixml because Export-Clixml does not preserve nested and complex types.
  • ConvertTo-FIMResource
    • The ConvertTo-FIMResource deserializes objects used elsewhere in the FIM Automation Snapin from xml. This is the complement cmdlet to ConvertFrom-FIMResource. The cmdlet deserializes the objects using XmlObjectSerializer in .NET.

Using the GET-Help CMDlet you can get additional information on how to use each FIM CMDlet, including examples (e.g. Get-help Export-FIMConfig)

Remark: Make sure to read this too!


WorkFlow Activities designed for ILM "2" RC0 to be used in FIM 2010 RC1

Short one. Check the following URL:

Enable/Disable codeless provisioning

In RC0 you could only disable/enable scripted (through Rules Extensions) provisioning. As soon as an object mapping was defined in the ILM2 MA provisioning would occur, assuming other prerequisites were also met (initial flow only for anchor attributes and criteria). It was not possible to disable codeless provisioning. In RC1 you now can disable codeless provisioning through the Identity Manager GUI. If the setting is not checked, provisioning through Codeless Provisioning will not work. AND it is disabled by default!


* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
############### Jorge’s Quest For Knowledge #############
######### ########


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: