A short while ago Søren Granfeldt released a new version of his fantastic PowerShell MA. One of the nice things is that it now supports sending error messages back to the MA. I implemented it this week, for Home Folder management, at a customer and this resulted in a new example script I wanted to share with you all.
The new example script can be downloaded here: PSMA.4.5.HomeFolder.Example. This sample script is based on using the “old” CSEntryChange object, rather then configuring it to use the new feature in this MA allowing you to Export simple objects, that will use PSCustomObject instead.
The Global Parameters for the MA this script is used in, is set as in the picture below.
Global Parameters for PowerShell MA 4.5
Really great, thank you.
Hello,
Thank you for providing this script; I can see it will be a great way to be understand the Powershell MA.
I wonder if you could point me in the right direction. I have configured a PowerShell MA to use the scripts file and configured as much as I can think to just do an import but when it is run I get a status of ”completed-no-objects”. Could you tell me what the minimum configuration is to get the scripts/MA working…? I should say that I am new to FIM but have configured synchronization across SQL and two domains using codeless provisioning.
Thanks!
If you are using my example scripts and get no objects in the Import youlikely have an error in the LDAP filter that imports users from AD. Giving you zero objects in return when searching.
Is that LDAP filer configured in the Script? I didn”t configure any filters when setting up the MA within FIM…
Yes in the SearchRequest there is a filter. (&(objectClass=user)(eduPersonAffiliation=*)) that you need to modify to match your AD. If you remove the eduPersonAffiliation part you will basically get “all” users.
Hi Kent,
I was trying to use your script. As far as I understood the Export Script requires the AD Object GUID to find the right object in AD.
I’ve created a MV attribute as binary called “ADObjectGUID” and an inbound sync rule “objectGuid” to “ADobjectGUID”. But the MA seems to require the object GUID in a differen format (e.g. f08b9a62-8069-4703-ab69-76048859dc5b). If I create a outbound sync rule for the PS MA and add a flow ADObjectGUID->DN I’ll get an error message “The type of ADObjectGUID(Binary) is not compatible with the type of dn(String)”.
How do I need to synchronize the AD object GUID?
Thanks
Chris
Hi Chris,
You do not need any attribute flow for the AD GUID.
The MA imports it and uses it as DN.
During export the DN is then used to pick up the user from AD.
Hope this info helps!
Pingback: Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent | Kloud Blog
Pingback: Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent | Kloud Blog
Hello Kent, I know it’s very late but I hope you can still help me . I was just trying to use your scripts for provisioning home folders in a very old FIM 2010 R2 setup. But I have issues in export. When I do export nothing really happens. The MA finishes the export run without any errors but home folder does not created and AD is not updated. Export run profile log shows all correct attributes for the user like the account name, home folder, home drive and GUID and no error there as well. In the debug log nothing really gets written just the start time processing: with no value and changes 0 and then the end time. I am not able to figure out what’s wrong I am using the latest MA version. Can you please help?
Thanks very much
Pingback: Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent - darrenjrobinson - Bespoke Identity and Access Management Solutions
Pingback: Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent - darrenjrobinson - Bespoke Identity and Access Management Solutions