Open Source: Review of PowerShell for FIM 2010

March 31, 2017

PowerShell for FIM 2010 by Adam Weigert consists of three parts but I further break the last into two:

  1. Management Agent(MA)  and MetaVerse (MV) Extensions that let you run PowerShell scripts as your extensions

  2. A Workflow Activity

  3. A PowerShell module

  4. Managing Sync

  5. Managing Service

Management Agent(MA)  and MetaVerse (MV) Extensions
The work done to enable you to write PowerShell scripts to be MA and MV extensions is crazy brilliant. However, I suspect (I haven’t tested) that large installations should shy away from this as compiled C# and VB.NET code tends to run orders of magnitude faster than PowerShell scripts. Perhaps someone else knows a way to make it more comparable in performance. I can see some smaller shops taking advantage of this as they don’t need to worry about performance in the Sync Engine

Workflow Activity
The workflow activity (see my review of a bunch of open source Workflow activities) was good in its time but like most has been surpassed by the excellent MIMWAL.

Managing Sync
Similar to the FIM PowerShell Module you can Get an MA’s status, start it, and get the run history. It does go beyond that by allowing you to Clear the RunHistory, and Stop an MA. However all of these features are covered in  Ryan Newington’s Lithnet-Miis-PowerShell (see my review on LithNet). This library is good but I recommend using the FIM PowerShell Module and Lithnet-Miis-PowerShell 
Managing Service

This library has a nice simple model for creating, updating and deleting FIM/MIM resources. It is easier to use than FIM 2010 PowerShell Cmdlets. However, the simple model doesn’t add lots of intelligence to help you with creating and managing the various resource types.

This may indeed be the approach you want.

I prefer  IS4U-FIM-PowerShell (Check out my review of IS4U-FIM-PowerShell). 

I can see how others would prefer Lithnext resourcemanagement-powershell (see my review).

Here is an incomplete example from my notes:

New-FIMResource -ObjectType ‘ManagementPolicyRule’ -Set @{
  DisplayName = ‘Users Can Edit Preferred Names with Approval’;

Description =‘Users can edit preferred names with their managers approval which are then used to calculate their new displayname’;

PrincipalSetID = $Principalset; GrantRight= $True; ManagementPolicyRuleType= ‘'; AuthwfID= $AuthWFID; ActionWfID $ActionWfID; Disabled $false;

} -Add @{

ActionParameter= @(‘PreferredLastName’, ‘PreferredFirstName’)

; ActionType = @('’,'')} | Set-FIMResource

http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices

Search

Categories

Tags