Powershell to find the No of set or Group in FIM

Time to move on...

Time to move on...

Today is my last day in Mphasis an HP company, Thank you so much for providing me all the support and guidance whenever I require.

Team: Onepass \ CIO-Identity Security.

Manager : Mahal Sasidharan
Siddharth Agarwal
Pramod Das
Satisha P
Syama Mohan

Thanks Binu Balan for all the help and encouragement to learn Windows Power Shell & VBScript.

-- Bangalore (27-Sept-2013).

Group Management in FIM portal 2010 (Adding new attribute in FIM portal and map the attribute in AD)

Thinking of writing this article from a long time and finally was able to done it today… The scenario is client want a new attribute in FIM portal and the same attribute has to map in AD.Let say we have a group in FIM 2010 and want to create a new attribute expiration date for the group in FIM 2010 portal and the same attribute have to map in extension attribute 1 in AD.
How to create the new attribute in FIM 2010?

Creation of group attribute in FIM

Schema--->All Attribute --->New (Create the new attribute)
All Binding-->New---->Group-->New attribute.

Binding the new attribute to group.

Create a request MPR to allow the administrator create, delete, modify and read new attribute.

Administrator--> Filter permission for the new created attribute

Refresh FIM MA Schema. Select the new attribute in FIM MA

Creation of group attribute in Metaverse

Refresh AD MA schema

In FIM MA, make the import mapping as below.

Select the attribute in SYNC and map the metaverse attribute to the AD attribute.

MPR : Administrators can read and update Users

Guys..! It given me a run to figure out, why the empty box is not display in the portal bind with the user.

It was a Eureka moment for me.. When see all are fine the only issue is with the admin has not given the right to read and update the attribute binding with the user.

Powershell try and catch

PowerShell to Query groups having no owners in FIM portal

<# Please do not anything in the production enviroment unless and untill you are very much sure #>
# Load FIMAutomation module
 if(@(Get-PSSnapin | ? { $_.Name -eq "FIMAutomation" } ).Count -eq 0)
 {
     Add-PSSnapin FIMAutomation;
 }
$groups = Export-FIMConfig -customConfig "/Group[Owner !=/Person]" -Uri "http://localhost:5725"  -OnlyBaseResources
foreach ($group in $groups)
{
$x = (($group.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "DisplayName"}).Value)
Write-Host "Groups are $x"
}

Adding user from txt in AD group

<#   The input file is User.txt havig the samaccount of the user, try and catch is used to verify if the user is already added to the group, Here we can use variable to out the result in logs for the user which are already added in group #>

Import-module ActiveDirectory
Import-CSV "C:\Users\administrator\Desktop\User.txt" | % {
try {$x=$_.UserName
Add-ADGroupMember -Identity allit -Member $x }
catch [system.exception] {
write-host "the user $x is alreday a member of the group"}
}

PSBUG UG meet Bangalore 1st June 2013

PSBUG UG meet at Microsoft Bangalore- was doing my Night shift and UG meet was on Saturday in the morning, I was eager to learn new thing in Power Shell and meet few MVP that motivate me to attain the meeting in spite of doing the Night shift.

New Learning for me J

F7 and H command will show the command that had been executed.

Group migration from AD to FIM 2010. ( the documentaion is in progress)

 

The main drawback with the classic rule is you have to use vb.net or C# rule extension to bring the group type and group scope from AD in metaverse.it will drive you nut if you do not have an experience in programing knowledge and to test this in the production will mess up all the thing, if it is not properly coded at first go.

In Declerative Rule it can be done as below.

A Inbound sync rule that will bring the group from AD to metaverse
FIM export that  will populate the group  from metaverse in FIM 2010