To test your XPATH queries in the FIM Portal you can either use a test SET, a test Search Scope, the Quest PowerShell CMDlets for FIM or use the internal FIM PowerShell CMDlets. When testing XPATH queries I just want to see if the XPATH actually works AND if it returns the correct/expected results. With that you can say that the attention is on the XPATH query configuration itself than anything else. Because of that in the past I used a test dynamic SET to test my XPATH quer(y)(ies) as that was the easiest way to go. However, if you are also interested in returning specific attribute values, than you were better of using a Search Scope.
–
In both cases and in addition to what you wanted to do it could give you more work than you would want to have. Fear no more!
–
The guys at Predica have created a tool called the FIM Explorer. You can download the FIM Explorer from the Codeplex.
–
With the FIM Explorer you can:
- Execute any XPATH query against the FIM Service. By default it enumerates all attributes for which you have permissions, but you can also choose which specific ones to return;
- Look for objects through their ObjectID (Resource ID);
- Display the results in a table;
- Look at the properties of a single object by double-clicking the ObjectID in the “Resource ID” column of the corresponding object;
- Navigate through references in linked attributes by clicking on the ObjectID of the reference;
- Export the results in the tabel to an XML (same XML format as when using FIM Configuration CMDlets);
- Import the result XML of either the FIM Explorer or the FIM Configuration CMDlets to display these in a table. This can be useful for "offline" analysis;
- Run on any computer, as long as .NET Framework 4.5 is installed.
–
If you download the pre-compiled version of the FIM Explorer, you are good to go. Just before using the FIM Explorer you need to configure its configuration file called “Predica.FimExplorer.exe.config”. When you open that file you should see something similar to the picture below.
Figure 1: The Configuration File Of The FIM Explorer
–
If you are running the FIM Explorer on the server that has the FIM service installed, you can either specify “http://localhost/” or the actual FQDN that points to the FIM service (e.g. “http://fimsvc.adcorp.lab/”). If you are running the FIM Explorer on a computer that does not have the FIM service installed, then you must specify the FQDN that points to the FIM service (e.g. “http://fimsvc.adcorp.lab/”). In addition, you can also specify credentials. If you leave the credentials (“fimUser” and “fimPassword”) empty as shown in figure 1, then the FIM Explorer will connect by using the credentials of the current logged on user. As soon as you specify credentials, the FIM Explorer will use those credentials. That’s quite handy as with this you can easily test your XPATH queries AND you can test your request based permissions MPRs to see what a specific user is able to query for.
Instead of changing the credentials just before starting the FIM Explorer, I have written a quick and dirty PowerShell script that will look for the FIM Explorer configuration, display it to you, and allow you to easily change the configured credentials. When done, it will start the FIM Explorer right away. The PowerShell script should be located in the same folder as the FIM Explorer itself. See the script below:
# Predica.FimExplorer.ps1 Clear-Host $currentFolder = (Get-Location).Path $predicaFimExplorerConfig = New-Object XML $predicaFimExplorerConfig.Load("$currentFolder\Predica.FimExplorer.exe.config") $fimSvcAddress = $predicaFimExplorerConfig.configuration.appSettings.add[0].value $fimUser = $predicaFimExplorerConfig.configuration.appSettings.add[1].value $fimPassword = $predicaFimExplorerConfig.configuration.appSettings.add[2].value Write-Host "" Write-Host "Current FIM Svc Address...: $fimSvcAddress" Write-Host "Current User Account......: $fimUser" Write-Host "Current Password..........: $fimPassword" Write-Host "" $chosenUser = Read-Host "Current Logged On User (C), Other User (O) Or Specified User (S)" If ($chosenUser.ToUpper() -eq "C" -Or $chosenUser.ToUpper() -eq "") { Write-Host "" Write-Host "Using Credentials Of Current Logged On User" Write-Host "" $predicaFimExplorerConfig.configuration.appSettings.add[1].value = "" $predicaFimExplorerConfig.configuration.appSettings.add[2].value = "" } If ($chosenUser.ToUpper() -eq "O") { Write-Host "" Write-Host "Please Specify The Custom Credentials To Use..." Write-Host "" Write-Host "What is The User Name?" Write-Host " (<Domain NBT>\<sAMAccountName>) (<sAMAccountName>@<Domain FQDN>)" $credsUserName = Read-Host "User Name" Write-Host "" Write-Host "What's The Password?" $credsPassword = Read-Host "Password?" $predicaFimExplorerConfig.configuration.appSettings.add[1].value = "$credsUserName" $predicaFimExplorerConfig.configuration.appSettings.add[2].value = "$credsPassword" } If ($chosenUser.ToUpper() -eq "S") { Write-Host "" Write-Host "Using Credentials Of Already Specified User" Write-Host "" } $predicaFimExplorerConfig.Save("$currentFolder\Predica.FimExplorer.exe.config") Start-Sleep -s 3 &"$currentFolder\Predica.FimExplorer.exe"
–
However, when you use an unsigned PowerShell script (as the one above) and the server execution policy is configured as such it does not allow to execute unsigned PowerShell scripts, you are not able to use the script. In that case you can start the script through a batch file by specifying you want to bypass the execution policy. The PowerShell script should be located in the same folder as the FIM Explorer itself. See the script below:
REM Predica.FimExplorer.cmd @ECHO OFF PowerShell.exe -ExecutionPolicy Bypass -file "%0\..\Predica.FimExplorer.ps1"
This all looks like as shown in the picture below:
Figure 2: Starting The FIM Explorer Through A Script And Specifying Other Credentials
–
As soon as you start the FIM Explorer, it looks like the picture below.
Figure 3: Running The FIM Explorer
–
When looking at Figure 3….
[A] Here you can specify your custom XPATH query (/Person, /Person[AccountName=’ADM.ROOT’]) (also have a look at this post and this post)
[B] Or you just click on of the specified object types and return all objects of a specific type
[C] By default you get all attributes back for which you have permissions, or you select all the attributes you want to be returned in the response
[D] After specifying and selecting everything you want, you click the “Run Query” button.
[E] And over here all the objects matching your XPATH query with all attributes that you wanted to be returned (all or specific)
[F] Clicking “Export To XML” exports the result to an XML file that uses the same format as when using FIM Configuration CMDlets. Clicking “Import XML” allows you to import a result XML of either the FIM Explorer or the FIM Configuration CMDlets to display these in a table. This can be useful for "offline" analysis;
–
However, if your result is too large you will end up with the following nice error! 
This basically tells you to increase the message size quota for incoming messages.
Figure 4: Message Size Quota Error When Limit Is Exceeded
–
To resolve the error, or in other words get rid of it you need to increased the message size quota. To do that you need to get the uncompiled version of the FIM Explorer. Click DOWNLOAD Save the ZIP somewhere and after that unpack it. You are not there yet, you still need to download the FIMClient solution used by the FIM Explorer. Click ZIP and save the file and after that unpack it. Copy the contents (folders ‘lib’ and ‘src’ and the three files) into the FIMClient folder of the uncompiled version of the FIM Explorer. You now need Visual Studio. Double-click on the file “Predica.FimExplorer.sln” to open it in Visual Studio.
–
Figure 5: The “Predica.FimExplorer” Solution
–
Navigate to: “Solution ‘Predica.FimExplorer’” –> “FimClient” –> “Fim2010Client.Client” –> “_Predica” –> “CodeInit” –> “Bindings.cs” and double-click on “Bindings.cs”. Now search for “MaxReceivedMessageSize”.
Figure 6: Changing The Value For “MaxReceivedMessageSize”
–
Change the value to a value of your liking. In this case I just doubled the valued. Save the file “Bindings.cs”. Then right-click on “Solution ‘Predica.FimExplorer’” and select the option “Rebuild Solution”.
Now copy:
- “..\FimClient\src\_external\fim2010client\Microsoft.ResourceManagement.Client\bin\Debug\Microsoft.ResourceManagement.Client.Predica.dll” to folder that contains the FIM Explorer
- “..\src\UI.WPF\bin\Debug\Predica.FimExplorer.exe” to folder that contains the FIM Explorer
–
Now double-click on the file “Predica.FimExplorer.cmd” to start the FIM Explorer.
–
This is quite cool to easily test your XPATH queries! Great job guys!
–
Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————
Jorge's Quest For Knowledge! 