none
Lync 2013 + PSMA RRS feed

  • Question

  • Hi Guys,

    Trying to figure this out. I am using the PSMA to control Lync identities, importation is OK, but it's not projecting and nor exporting data to lync. There's something missing?

    Here the scripts:

    IMPORT

    param
    (
    	$Username = "",
    	$Password = "",
    	$OperationType = "Full",
    	[bool] $UsePagedImport,
    	$PageSize
    )
    
    # these delta properties are used for delta searches in Active Directory. When this script is called
    # with the Delta operation type, it will only return users objects where one of the specified
    # attributes has changed since last import
    $DeltaPropertiesToLoad = @( "distinguishedname", "mail", "homemdb", "objectguid", "isdeleted", "samaccountname", "oksecondarymail" )
    
    # the MASchemaProperties are the properties that this script will return to FIM on objects found
    $MASchemaProperties = @( "mail", "samaccountname", "oksecondarymail" )
    
    $rootdse = [adsi] "LDAP://RootDSE"
    $searchroot = $rootdse.defaultnamingcontext
    $domain = new-object system.directoryservices.directoryentry "LDAP://$searchroot", $username, $password
    
    $Searcher = new-object System.DirectoryServices.DirectorySearcher $Domain, "(&(objectClass=user)(objectCategory=person))", $DeltaPropertiesToLoad, 2
    $searcher.tombstone = ($operationtype -match 'delta')
    $searcher.cacheresults = $false
    
    if ($OperationType -eq "Full" -or $RunStepCustomData -match '^$')
    {
    	# reset the directory synchronization cookie for full imports (or no watermark)
    	$searcher.directorysynchronization = new-object system.directoryservices.directorysynchronization
    }
    else
    {
    	# grab the watermark from last run and pass that to the searcher
    	$Cookie = [System.Convert]::FromBase64String($RunStepCustomData)
    	$SyncCookie = ,$Cookie # forcing it to be of type byte[]
    	$searcher.directorysynchronization = new-object system.directoryservices.directorysynchronization $synccookie
    }
    
    $results = $searcher.findall()
    
    $results = $results | where { $_.psbase.path -match 'OU=USERS,DC=DOMAIN,DC=LOCAL$' }
    
    if ( $results -ne $null )
    {
    	foreach ($global:result in $results)
    	{
    		# we always add objectGuid and objectClass to all objects
    		$obj = @{}
    		$obj.id = ([guid] $result.psbase.properties.objectguid[0]).tobytearray()
    		$obj."[DN]" = $result.psbase.path -replace '^LDAP\://'
    		$obj.objectClass = "user"
    		if ( $result.Properties.Contains("isdeleted"))
    		{
    			# this is a deleted object, so we return a changeType of 'delete'; default changeType is 'Add'
    			$obj.changetype = "delete"
    			if ( $operationtype -ne 'full' )
    			{
    				$obj
    			}
    		}
    		else
    		{
    			# we need to get the directory entry to get the additional attributes since
    			# these are not available if we are running a delta import (DirSync) and
    			# they haven't changed. Using just the SearchResult would only get us
    			# the changed attributes on delta imports and we need more, oooh, so much more
    			$global:direntry = $result.getdirectoryentry()
    
    			# special handled attribute
    			$obj.'ismailboxenabled' = $direntry.properties.contains('homemdb')
    
    			# always add the objectguid and objectsid
    			$obj.objectguidstring = [string] ([guid] $result.psbase.properties.objectguid[0])
    			$obj.objectsidstring = [string] ( New-Object System.Security.Principal.SecurityIdentifier($DirEntry.Properties["objectSid"][0], 0) )
    			
    			# add the attributes defined in the schema for this MA
    			$maschemaproperties | foreach-object `
    			{
    				write-debug $_
    				if ( $direntry.properties.$_ )
    				{
    					$obj.$_ = $direntry.properties[$_][0]
    				}
    			}
    			$obj
    		}
    	}
    }
    
    # grab the synchronization cookie value to use for next delta/watermark
    # and put it in the $RunStepCustomData. It is important to mark the $RunStepCustomData
    # as global, otherwise FIM cannot pick it up and delta's won't work correctly
    $global:RunStepCustomData = [System.Convert]::ToBase64String($Searcher.DirectorySynchronization.GetDirectorySynchronizationCookie())
    

    EXPORT

    PARAM
    (
    	$username = "",
    	$password = "",
    	$domain = ""
    )
    
    begin
    {
    	function log( $message )
    	{
    		if ( $message )
    		{
    			write-debug $message
    			$message | out-file e:\logs\exchange-ps-export.log -append
    		}
    	}
    	
    	function set-actioninfo($message)
    	{
    		if ( $message ) 
    		{
    			$global:actioninfo = $message
    			log -message $actioninfo
    			write-debug $actioninfo
    		}
    		else
    		{
    			$actioninfo = "general"
    		}
    	}
    	
    	log -message "begin export"
    	
    	$securepassword = convertto-securestring $password -asplaintext -force
    	$creds = new-object -typename system.management.automation.pscredential($username, $securepassword)
    
    	set-actioninfo "new-pssession"
    	$session = new-pssession -connectionuri ('https://SERVER.DOMAIN.LOCAL/OcsPowershell') -credential $creds -debug
    	import-pssession -session $session
    }
    
    process
    {
    	log -message "-- start export entry --"
    	$identifier = $_."[Identifier]"
    	$anchor = $_."[Anchor]"
    	$dn = $_."[DN]"
    	$objecttype = $_."[ObjectType]"
    	$changedattrs = $_."[ChangedAttributeNames]"
    	$attrnames = $_."[AttributeNames]"
    	$objectmodificationtype = $_."[ObjectModificationType]"
    	$objectguid = $_.objectguidstring
    	
    	# used to return status to sync engine; we assume that no error will occur
    	set-actioninfo 'general'
    	$errorstatus = "success"
    	$errordetail = ""
    	
    	$error.clear()
    
    	try
    	{
    	enable-csuser -registrarpool fepool.domain.local -id "domain\"+$accountname -sipaddress "sip:"+$mail
    	}
    	catch
    	{
    		$errorstatus = ( "{0}-error" -f $actioninfo )
    		log -message "ERROR: $errorstatus"
    		$errordetail = $error[0]
    	}
    
    	# return status about export operation
    	$status = @{}
    	$status."[Identifier]" = $identifier
    	$status."[ErrorName]" = $errorstatus
    	$status."[ErrorDetail]" = $errordetail
    	$status
    	
    	log -message "-- end export entry --"
    }
    
    end
    {
    	set-actioninfo "new-pssession"
    	$null = remove-pssession -session $session 
    	log -message "end export"
    }
    


    Diego Shimohama

    Wednesday, April 22, 2015 10:02 AM

All replies

  • Hi

    Not shure I will help you but  Can I take a look at your PSMA schema scripts.

    Thanks

    Thursday, April 23, 2015 8:18 AM
  • Thank you for answer Victor.

    Here the Schema Script:

    $obj = new-object -type pscustomobject
    
    @(
    	@{ Name="Anchor-id";   			 		Type="Binary"; Value=1 }
    	@{ Name="objectclass"; 			 		Type="String"; Value="user" }
    	@{ Name="objectguidstring";		 		Type="String"; Value="" }
    	@{ Name="objectsidstring";		 		Type="String"; Value="" }
    	@{ Name="mail";					 		Type="String"; Value="" }
    	@{ Name="samaccountname"; 		 		Type="String"; Value="" }
    	@{ Name="distinguishedname";   	 		Type="String"; Value="" }
    ) | foreach { `
    	$obj | Add-Member -Type NoteProperty -Name "$($_.Name)|$($_.Type)" -Value $_.Value
    }
    $obj
    
    

    Another information is the MA is not creating the logs or dump files. Importation apparently is fine.

    Diego Shimohama

    Thursday, April 23, 2015 11:36 AM
  • I guess the scripts are only handling data to and from the connector space. Are you doing proper Joins in the config of your MA?

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Sunday, April 26, 2015 5:40 AM
  • Hi Søren,

    I am joining the objects using the Portal Synchronization Rule, in this case AccountName = sAMAccountName. There's no joining on the MA Configuration.


    Diego Shimohama

    Monday, April 27, 2015 4:28 AM
  • It looks as if your current scripts are handling Exchange attributes and not Lync attributes? I think you need to take a look at the sample scripts for Lync that is on my blog - or change the schema and import script to handle Lync attributes, like msRTCsipAddress and such.

    Samples can be downloaded here http://blog.goverco.com/p/psmadownloads.html


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Monday, April 27, 2015 7:00 AM
  • I am already using your sample scripts, I only these lines to import Lync Module.

    #Import-module lync
    
    $securepassword = convertto-securestring $password -asplaintext -force
    $creds = new-object -typename system.management.automation.pscredential($username, $securepassword)
    
    #set-actioninfo "new-pssession"
    $session = new-pssession -connectionuri ('https://LYNC.DOMAIN.LOCAL/OcsPowershell') -credential $creds
    import-pssession -session $session

    Sorry, I copied the wrong import / export script. These are the corrects:

    param
    (
    	$username = "",
    	$password = "",
    	$operationtype = "full",
    	[bool] $usepagedimport,
    	$pagesize
    )
    #Import-module lync
    
    $securepassword = convertto-securestring $password -asplaintext -force
    $creds = new-object -typename system.management.automation.pscredential($username, $securepassword)
    
    #set-actioninfo "new-pssession"
    $session = new-pssession -connectionuri ('https://LYNC.DOMAIN.LOCAL/OcsPowershell') -credential $creds
    import-pssession -session $session
    
    #Start Import
    $users = get-csuser
    
    foreach ($user in $users)
    {
    	$sid = $user.sid
    	$sipaddress = $user.sipaddress -replace '^SIP\:'
    	$de = [adsi] "LDAP://<sid=$sid>"
    	if ( $de )
    	{
    		$obj = @{}
    		$obj.id = ([guid] $de.objectguid[0]).tobytearray()
    		$obj.objectclass = "person"
    		$obj.objectguidstring = ([guid] $de.psbase.properties.objectguid[0]).tostring()
    		$obj.'[DN]' = $de.distinguishedname[0]
    		$obj.samaccountname = $de.samaccountname[0]
    		$obj.sipaddress = $sipaddress
    		if ( $de.'msRTCSIP-UserEnabled' ) { [bool] $obj.enabled = $de.'msRTCSIP-UserEnabled'[0] }
    		$obj
    	}
    }
    
    

    I've tested this script version:

    # version history
    # jan 14, 2015 | soren granfeldt
    # - initial version started
    
    param
    (
    	$username = "",
    	$password = "",
    	$registrarpool = "fepool.domain.local",
    	[switch] $test = $false
    )
    
    #Import-module lync
    
    $securepassword = convertto-securestring $password -asplaintext -force
    $creds = new-object -typename system.management.automation.pscredential($username, $securepassword)
    
    #set-actioninfo "new-pssession"
    $session = new-pssession -connectionuri ('https://LYNC.DOMAIN.LOCAL/OcsPowershell') -credential $creds
    import-pssession -session $session
    
    begin
    {
    	function log($message, [switch] $terminate)
    	{
    		if ( $terminate )
    		{
    			throw $message
    		}
    		else
    		{
    			write-debug $message
    			$message | out-file e:\psma\lync\logs\lync-export.log -append
    		}
    	}
    
    	import-module lync
    }
    
    process
    {
    	$error.clear()
    	
    	$errorstatus = "success"
    	$errordetails = ""
    		
    	$identifier = $_."[Identifier]"
    	$anchor = $_."[Anchor]"
    	$samaccountname = $_.samaccountname
    	$objectguidstring = $_.objectguidstring
    	$objectmodificationtype = $_."[ObjectModificationType]"
    	$changedattrs = $_.'[ChangedAttributeNames]'
    	[bool] $enabled = $_.enabled
    	$_ | out-file e:\psma\lync\dump\$samaccountname.txt
    	
    	if ( $test )
    	{
    		$objectguidstring = '916f41bc-085b-435b-8850-eb82157a62df'
    		$enabled = $false
    	}
    	
    	try
    	{
    		$errorstatus = "success"
    		
    		$isenabled = $false #assume that the user is not already enabled
    		$user = get-csuser $objectguidstring -erroraction silentlycontinue
    		if ( $user )
    		{
    			write-debug "sip: $($user.sipaddress)"
    			[bool] $isenabled = $user.enabled 
    			if ( $enabled -and -not($isenabled) )
    			{
    				write-debug "enable-existing-user"
    				$user | set-csuser -enabled $true -errorvariable $err
    				if ( $err ) throw $err
    			}
    			if ( -not($enabled) -and $isenabled )
    			{
    				write-debug "disable-existing-user"
    				$user | set-csuser -enabled $false -errorvariable $err
    				if ( $err ) throw $err
    			}
    		}
    		else
    		{
    			if ( $enabled -and -not($isenabled) )
    			{
    				write-debug "enable-new-user"
    				enable-csuser $objectguidstring -sipaddresstype userprincipalname -registrarpool $registrarpool
    			}
    		}
    	}
    	catch [exception]
    	{
    		$errorstatus = "export-exception"
    		$errordetails = $error[0].exception
    	}
    	
    	# we do not handle any errors in the current version but
    	# instead just return success and let FIM handle any discovery
    	# of missing adds or updates
    	$status = @{}
    	$status."[Identifier]" = $identifier
    	$status."[ErrorName]" = $errorstatus
    	$status."[ErrorDetail]" = $errordetails
    	$status
    }
    
    end
    {
    }


    Diego Shimohama

    Monday, April 27, 2015 7:15 PM
  • And could you maybe include your provisioning code as well. The sample scripts that you're using requires that you provision to the MA for new users.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, April 27, 2015 7:17 PM
  • I am not using a provision code, just provisioning the new users through FIM Portal SR, using the parameter true / false, for user enable / disable, this Run after the user provisioning on AD.

    Diego Shimohama

    Thursday, April 30, 2015 6:12 AM
  • Hi Søren,

    I just want to figure out, what is missing on the sample script to make it work, because Import is running without errors, but on the export none of log / dump functions it's working nor the export update / creation.


    Diego Shimohama

    Thursday, May 7, 2015 5:32 PM
  • So you are getting Pending Exports and your provisioning is working?

    Turn on logging in the PSMA (see documentation).

    And maybe try debugging your export script by running it from a PS prompt to see if you have any issues. I see that you have code outside of the begin section - does the script actually run when you run it from the prompt of do you have syntax errors? The PSMA log should show any script errors as well if you turn on logging.



    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Thursday, May 7, 2015 6:23 PM
  • Did you manage to resolve your issue ?

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, May 11, 2015 10:08 PM
  • No, I had to schedule with the customer to get the logs. Sorry for the delay.

    Export Operation:

    00028759	664.32067871	[6572] 20/05/2015 20:04:52: Invoking export script: e:\psma\lync\export.ps1	
    00028760	664.32073975	[6572] 20/05/2015 20:04:52: Should impersonate: True	
    00028761	664.83612061	[6572] 20/05/2015 20:04:53: Script error in line 67: [At E:\psma\lync\export.ps1:67 char:15 	
    00028762	664.83612061	[6572] +                 if ( $err ) throw $err 	
    00028763	664.83612061	[6572] +                           ~	
    00028764	664.83612061	[6572] Missing statement block after if ( condition ). 	
    00028765	664.83612061	[6572]  	
    00028766	664.83612061	[6572] At E:\psma\lync\export.ps1:73 char:15 	
    00028767	664.83612061	[6572] +                 if ( $err ) throw $err 	
    00028768	664.83612061	[6572] +                           ~	
    00028769	664.83612061	[6572] Missing statement block after if ( condition ). 	
    00028770	664.83612061	[6572]  	
    00028771	664.83612061	[6572] ] - (At E:\psma\lync\export.ps1:67 char:15 	
    00028772	664.83612061	[6572] +                 if ( $err ) throw $err 	
    00028773	664.83612061	[6572] +                           ~)	
    00028774	664.85852051	[6572] 20/05/2015 20:04:53: Leave InvokeExportEntriesWorker->Microsoft.MetadirectoryServices.IMAExtensible2CallExport.PutExportEntries	
    00028775	666.00408936	[6572] 20/05/2015 20:04:54: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00028776	666.00421143	[6572] 20/05/2015 20:04:54: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00028777	666.00427246	[6572] 20/05/2015 20:04:54: Closing Runspace	
    00028778	666.77429199	[6572] 20/05/2015 20:04:55: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00028779	666.77441406	[6572] 20/05/2015 20:04:55: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00028780	668.92150879	[5664] PID=5664 TID=16576 DismApi.dll:                                            - DismInitializeInternal	
    00028781	668.92156982	[5664] PID=5664 TID=16576 DismApi.dll: <----- Starting DismApi.dll session -----> - DismInitializeInternal	
    00028782	668.92163086	[5664] PID=5664 TID=16576 DismApi.dll:                                            - DismInitializeInternal	
    00028783	668.92169189	[5664] PID=5664 TID=16576 DismApi.dll: Version 6.3.9600.17031 - DismInitializeInternal	
    00028784	668.92175293	[5664] PID=5664 TID=16576 DismApi.dll: Parent process command line: C:\Windows\system32\wbem\wmiprvse.exe - DismInitializeInternal	
    00028785	668.92181396	[5664] PID=5664 TID=16576 Enter DismInitializeInternal - DismInitializeInternal	
    00028786	668.92199707	[5664] PID=5664 TID=16576 Input parameters: LogLevel: 2, LogFilePath: (null), ScratchDirectory: (null) - DismInitializeInternal	
    00028787	668.92468262	[5664] PID=5664 TID=16576 Initialized GlobalConfig - DismInitializeInternal	
    00028788	668.92486572	[5664] PID=5664 TID=16576 Initialized SessionTable - DismInitializeInternal	
    00028789	668.92504883	[5664] PID=5664 TID=16576 Lookup in table by path failed for: DummyPath-2BA51B78-C7F7-4910-B99D-BB7345357CDC - CTransactionalImageTable::LookupImagePath	
    00028790	668.92535400	[5664] PID=5664 TID=16576 Waiting for m_pInternalThread to start - CCommandThread::Start	
    00028791	668.92541504	[5664] PID=5664 TID=12828 Enter CCommandThread::CommandThreadProcedureStub - CCommandThread::CommandThreadProcedureStub	
    00028792	668.92742920	[5664] PID=5664 TID=12828 Enter CCommandThread::ExecuteLoop - CCommandThread::ExecuteLoop	
    00028793	668.92761230	[5664] PID=5664 TID=16576 CommandThread StartupEvent signaled - CCommandThread::WaitForStartup	
    00028794	668.92779541	[5664] PID=5664 TID=16576 m_pInternalThread started - CCommandThread::Start	
    00028795	668.92791748	[5664] PID=5664 TID=16576 Created g_internalDismSession - DismInitializeInternal	
    00028796	668.92803955	[5664] PID=5664 TID=16576 Leave DismInitializeInternal - DismInitializeInternal	
    00028797	726.09576416	[5664] PID=5664 TID=16576 Enter DismShutdownInternal - DismShutdownInternal	
    00028798	726.09588623	[5664] PID=5664 TID=16576 GetReferenceCount hr: 0x0 - CSessionTable::RemoveSession	
    00028799	726.09606934	[5664] PID=5664 TID=16576 Refcount for DismSession= 1s 0 - CSessionTable::RemoveSession	
    00028800	726.09625244	[5664] PID=5664 TID=16576 Successfully enqueued command object - CCommandThread::EnqueueCommandObject	
    00028801	726.09643555	[5664] PID=5664 TID=12828 ExecuteLoop: CommandQueue signaled - CCommandThread::ExecuteLoop	
    00028802	726.09661865	[5664] PID=5664 TID=12828 Successfully dequeued command object - CCommandThread::DequeueCommandObject	
    00028803	726.09667969	[5664] PID=5664 TID=12828 ExecuteLoop: Cancel signaled - CCommandThread::ExecuteLoop	
    00028804	726.09686279	[5664] PID=5664 TID=12828 Leave CCommandThread::ExecuteLoop - CCommandThread::ExecuteLoop	
    00028805	726.11791992	[5664] PID=5664 TID=12828 Leave CCommandThread::CommandThreadProcedureStub - CCommandThread::CommandThreadProcedureStub	
    00028806	726.11834717	[5664] PID=5664 TID=16576 Deleted g_internalDismSession - DismShutdownInternal	
    00028807	726.11853027	[5664] PID=5664 TID=16576 Shutdown SessionTable - DismShutdownInternal	
    00028808	726.11865234	[5664] PID=5664 TID=16576 Leave DismShutdownInternal - DismShutdownInternal	
    00028809	726.11877441	[5664] PID=5664 TID=16576 DismApi.dll:                                          - DismShutdownInternal	
    00028810	726.11895752	[5664] PID=5664 TID=16576 DismApi.dll: <----- Ending DismApi.dll session -----> - DismShutdownInternal	
    00028811	726.11907959	[5664] PID=5664 TID=16576 DismApi.dll:                                          - DismShutdownInternal	
    

    Import Operation, it's look fine.

    Unique event viewer error:

    ECMA2 MA import run caused an error.
     
    Error Name: invalid-object-in-pipeline
    Error Detail: Object of type System.Management.Automation.PSModuleInfo should not be in the pipeline. Verify that script only returns hashtable objects.

    00000001	0.00000000	[6572] 20/05/2015 19:53:48: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection	
    00000002	0.01101194	[6572] 20/05/2015 19:53:48: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->InitializeConfigParameters	
    00000003	0.01194572	[6572] 20/05/2015 19:53:48: Password: *** secret ***	
    00000004	0.01611923	[6572] 20/05/2015 19:53:48: Password  (impersonate): *** secret ***	
    00000005	0.01700230	[6572] 20/05/2015 19:53:48: Schema Script: e:\psma\lync\schema.ps1	
    00000006	0.01709596	[6572] 20/05/2015 19:53:48: Username: administrator	
    00000007	0.01717830	[6572] 20/05/2015 19:53:48: Domain (impersonate): ae	
    00000008	0.01728781	[6572] 20/05/2015 19:53:48: Username (impersonate): administrator	
    00000009	0.01738335	[6572] 20/05/2015 19:53:48: Import Script: e:\psma\lync\import.ps1	
    00000010	0.01747478	[6572] 20/05/2015 19:53:48: Export Script: e:\psma\lync\export.ps1	
    00000011	0.01756019	[6572] 20/05/2015 19:53:48: Use paged import: 0	
    00000012	0.01766970	[6572] 20/05/2015 19:53:48: Password Management Script: e:\psma\lync\password.ps1	
    00000013	0.01774290	[6572] 20/05/2015 19:53:48: Export simple objects: 1	
    00000014	0.01794034	[6572] 20/05/2015 19:53:48: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->InitializeConfigParameters	
    00000015	0.01943788	[6572] 20/05/2015 19:53:48: Should impersonate: True	
    00000016	0.02119550	[6572] 20/05/2015 19:53:48: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->SetupImpersonationToken	
    00000017	0.85181445	[6572] 20/05/2015 19:53:49: Succeeded in impersonating: Domain: ae, Username: administrator, Password: **secret***	
    00000018	0.85210204	[6572] 20/05/2015 19:53:49: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->SetupImpersonationToken	
    00000019	0.85436887	[6572] 20/05/2015 19:53:49: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->OpenRunspace	
    00000020	1.17729282	[6572] 20/05/2015 19:53:49: Runspace state: BeforeOpen	
    00000021	1.17734826	[6572] 20/05/2015 19:53:49: Opening Runspace	
    00000022	5.16063404	[6572] 20/05/2015 19:53:53: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->OpenRunspace	
    00000023	5.16071796	[6572] 20/05/2015 19:53:53: Export Type: Delta	
    00000024	5.16076040	[6572] 20/05/2015 19:53:53: Export Batch Size: 100	
    00000025	5.16086006	[6572] 20/05/2015 19:53:53: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection	
    00000026	5.44217491	[6572] 20/05/2015 19:53:53: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00000027	5.44248915	[6572] 20/05/2015 19:53:53: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00000028	5.44257784	[6572] 20/05/2015 19:53:53: Closing Runspace	
    00000029	6.46813059	[6572] 20/05/2015 19:53:54: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00000030	6.46829081	[6572] 20/05/2015 19:53:54: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection	
    00000031	38.58647156	[6572] 20/05/2015 19:54:27: Enter InvokeBeginImportWorker->OpenImportConnection	
    00000032	38.58654785	[6572] 20/05/2015 19:54:27: Getting schema	
    00000033	38.58765411	[6572] 20/05/2015 19:54:27: Type: person	
    00000034	38.59405518	[6572] 20/05/2015 19:54:27: Anchor attribute: id	
    00000035	38.59415817	[6572] 20/05/2015 19:54:27: Attribute: enabled	
    00000036	38.59426880	[6572] 20/05/2015 19:54:27: Attribute: sipaddress	
    00000037	38.59437561	[6572] 20/05/2015 19:54:27: Attribute: samaccountname	
    00000038	38.59446335	[6572] 20/05/2015 19:54:27: Attribute: objectguidstring	
    00000039	38.59455490	[6572] 20/05/2015 19:54:27: Attribute: id	
    00000040	38.60525131	[6572] 20/05/2015 19:54:27: Enter InvokeBeginImportWorker->OpenImportConnection->InitializeConfigParameters	
    00000041	38.60539627	[6572] 20/05/2015 19:54:27: Password: *** secret ***	
    00000042	38.60983276	[6572] 20/05/2015 19:54:27: Password  (impersonate): *** secret ***	
    00000043	38.61068726	[6572] 20/05/2015 19:54:27: Schema Script: e:\psma\lync\schema.ps1	
    00000044	38.61079025	[6572] 20/05/2015 19:54:27: Username: administrator	
    00000045	38.61087799	[6572] 20/05/2015 19:54:27: Domain (impersonate): ae	
    00000046	38.61096191	[6572] 20/05/2015 19:54:27: Username (impersonate): administrator	
    00000047	38.61104202	[6572] 20/05/2015 19:54:27: Import Script: e:\psma\lync\import.ps1	
    00000048	38.61112595	[6572] 20/05/2015 19:54:27: Export Script: e:\psma\lync\export.ps1	
    00000049	38.61120605	[6572] 20/05/2015 19:54:27: Use paged import: 0	
    00000050	38.61128235	[6572] 20/05/2015 19:54:27: Password Management Script: e:\psma\lync\password.ps1	
    00000051	38.61135483	[6572] 20/05/2015 19:54:27: Export simple objects: 1	
    00000052	38.61153412	[6572] 20/05/2015 19:54:27: Leave InvokeBeginImportWorker->OpenImportConnection->InitializeConfigParameters	
    00000053	38.61162186	[6572] 20/05/2015 19:54:27: Should impersonate: True	
    00000054	38.61316299	[6572] 20/05/2015 19:54:27: Enter InvokeBeginImportWorker->OpenImportConnection->SetupImpersonationToken	
    00000055	39.53267670	[6572] 20/05/2015 19:54:27: Succeeded in impersonating: Domain: ae, Username: administrator, Password: **secret***	
    00000056	39.53288651	[6572] 20/05/2015 19:54:27: Leave InvokeBeginImportWorker->OpenImportConnection->SetupImpersonationToken	
    00000057	39.53519821	[6572] 20/05/2015 19:54:27: Enter InvokeBeginImportWorker->OpenImportConnection->OpenRunspace	
    00000058	39.58301163	[6572] 20/05/2015 19:54:28: Runspace state: BeforeOpen	
    00000059	39.58316803	[6572] 20/05/2015 19:54:28: Opening Runspace	
    00000060	39.85114670	[6572] 20/05/2015 19:54:28: Leave InvokeBeginImportWorker->OpenImportConnection->OpenRunspace	
    00000061	39.85129166	[6572] 20/05/2015 19:54:28: Resetting pipeline results and counters	
    00000062	39.85147858	[6572] 20/05/2015 19:54:28: OpenImportRunStep Type: Full	
    00000063	39.85156631	[6572] 20/05/2015 19:54:28: OpenImportRunStep Size: 100	
    00000064	39.85163879	[6572] 20/05/2015 19:54:28: OpenImportRunStep CustomData: 	
    00000065	39.85181427	[6572] 20/05/2015 19:54:28: Leave InvokeBeginImportWorker->OpenImportConnection	
    00000066	39.93755722	[6572] 20/05/2015 19:54:28: Enter InvokeImportEntryWorker->GetImportEntries	
    00000067	39.93809891	[6572] 20/05/2015 19:54:28: Setting custom data: 	
    00000068	39.93823242	[6572] 20/05/2015 19:54:28: Setting page token: 	
    00000069	39.93832779	[6572] 20/05/2015 19:54:28: Invoking import script: e:\psma\lync\import.ps1	
    00000070	39.94002533	[6572] 20/05/2015 19:54:28: Should impersonate: True	
    00000071	41.58149338	[6572] 20/05/2015 19:54:30: Script error in line 16: [Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again.] - (At E:\psma\lync\import.ps1:16 char:27 	
    00000072	41.58149338	[6572] + import-pssession -session $session 	
    00000073	41.58149338	[6572] +                           ~~~~~~~~)	
    00000074	41.58172226	[6572] 20/05/2015 19:54:30: Script error: [lync.domain.local] Connecting to remote server lync.domain.local failed with the following error message : The WS-Management service cannot process the request. The maximum number of concurrent shells for this user has been exceeded. Close existing shells or raise the quota for this user. For more information, see the about_Remote_Troubleshooting Help topic.	
    00000075	41.58185577	[6572] 20/05/2015 19:54:30: Page token returned: ''	
    00000076	41.58195496	[6572] 20/05/2015 19:54:30: Custom data returned: ''	
    00000077	41.58203506	[6572] 20/05/2015 19:54:30: Object(s) in pipeline: (null)	
    00000078	41.58213806	[6572] 20/05/2015 19:54:30: Non-paged import; setting MoreToImport to false	
    00000079	41.58225632	[6572] 20/05/2015 19:54:30: Total connector space object(s) left: 0	
    00000080	41.58271027	[6572] 20/05/2015 19:54:30: Custom data: 	
    00000081	41.58281708	[6572] 20/05/2015 19:54:30: Connector space object(s) returned: 0	
    00000082	41.58303070	[6572] 20/05/2015 19:54:30: Leave InvokeImportEntryWorker->GetImportEntries	
    00000083	41.59878540	[6572] 20/05/2015 19:54:30: Enter CloseImportConnection	
    00000084	41.59995270	[6572] 20/05/2015 19:54:30: Enter CloseImportConnection->CloseRunspace	
    00000085	41.60003662	[6572] 20/05/2015 19:54:30: Closing Runspace	
    00000086	41.61015701	[6572] 20/05/2015 19:54:30: Leave CloseImportConnection	
    00000087	41.61023331	[6572] 20/05/2015 19:54:30: CustomData: 	
    00000088	41.61034775	[6572] 20/05/2015 19:54:30: Close reason: Normal	
    00000089	41.61050034	[6572] 20/05/2015 19:54:30: Leave CloseImportConnection	
    00000090	58.39674377	[15596] SHIMVIEW: ShimInfo(Complete) 	
    00000091	68.90200043	[7924] PID=7924 TID=17004 DismApi.dll:                                            - DismInitializeInternal	
    00000092	68.90203857	[7924] PID=7924 TID=17004 DismApi.dll: <----- Starting DismApi.dll session -----> - DismInitializeInternal	
    00000093	68.90211487	[7924] PID=7924 TID=17004 DismApi.dll:                                            - DismInitializeInternal	
    00000094	68.90217590	[7924] PID=7924 TID=17004 DismApi.dll: Version 6.3.9600.17031 - DismInitializeInternal	
    00000095	68.90224457	[7924] PID=7924 TID=17004 DismApi.dll: Parent process command line: C:\Windows\system32\wbem\wmiprvse.exe - DismInitializeInternal	
    00000096	68.90232849	[7924] PID=7924 TID=17004 Enter DismInitializeInternal - DismInitializeInternal	
    00000097	68.90235138	[7924] PID=7924 TID=17004 Input parameters: LogLevel: 2, LogFilePath: (null), ScratchDirectory: (null) - DismInitializeInternal	
    00000098	68.90425110	[7924] PID=7924 TID=17004 Initialized GlobalConfig - DismInitializeInternal	
    00000099	68.90434265	[7924] PID=7924 TID=17004 Initialized SessionTable - DismInitializeInternal	
    00000100	68.90444183	[7924] PID=7924 TID=17004 Lookup in table by path failed for: DummyPath-2BA51B78-C7F7-4910-B99D-BB7345357CDC - CTransactionalImageTable::LookupImagePath	
    00000101	68.90464020	[7924] PID=7924 TID=17004 Waiting for m_pInternalThread to start - CCommandThread::Start	
    00000102	68.90476227	[7924] PID=7924 TID=8736 Enter CCommandThread::CommandThreadProcedureStub - CCommandThread::CommandThreadProcedureStub	
    00000103	68.90615845	[7924] PID=7924 TID=8736 Enter CCommandThread::ExecuteLoop - CCommandThread::ExecuteLoop	
    00000104	68.90622711	[7924] PID=7924 TID=17004 CommandThread StartupEvent signaled - CCommandThread::WaitForStartup	
    00000105	68.90633392	[7924] PID=7924 TID=17004 m_pInternalThread started - CCommandThread::Start	
    00000106	68.90642548	[7924] PID=7924 TID=17004 Created g_internalDismSession - DismInitializeInternal	
    00000107	68.90652466	[7924] PID=7924 TID=17004 Leave DismInitializeInternal - DismInitializeInternal	
    00000108	70.06605530	[16916] SHIMVIEW: ShimInfo(Complete) 	
    00000109	126.09223938	[7924] PID=7924 TID=17004 Enter DismShutdownInternal - DismShutdownInternal	
    00000110	126.09233093	[7924] PID=7924 TID=17004 GetReferenceCount hr: 0x0 - CSessionTable::RemoveSession	
    00000111	126.09252930	[7924] PID=7924 TID=17004 Refcount for DismSession= 1s 0 - CSessionTable::RemoveSession	
    00000112	126.09300995	[7924] PID=7924 TID=17004 Successfully enqueued command object - CCommandThread::EnqueueCommandObject	
    00000113	126.09313202	[7924] PID=7924 TID=8736 ExecuteLoop: CommandQueue signaled - CCommandThread::ExecuteLoop	
    00000114	126.09329224	[7924] PID=7924 TID=8736 Successfully dequeued command object - CCommandThread::DequeueCommandObject	
    00000115	126.09345245	[7924] PID=7924 TID=8736 ExecuteLoop: Cancel signaled - CCommandThread::ExecuteLoop	
    00000116	126.09358215	[7924] PID=7924 TID=8736 Leave CCommandThread::ExecuteLoop - CCommandThread::ExecuteLoop	
    00000117	126.09774017	[7924] PID=7924 TID=8736 Leave CCommandThread::CommandThreadProcedureStub - CCommandThread::CommandThreadProcedureStub	
    00000118	126.09817505	[7924] PID=7924 TID=17004 Deleted g_internalDismSession - DismShutdownInternal	
    00000119	126.09832001	[7924] PID=7924 TID=17004 Shutdown SessionTable - DismShutdownInternal	
    00000120	126.09845734	[7924] PID=7924 TID=17004 Leave DismShutdownInternal - DismShutdownInternal	
    00000121	126.09859467	[7924] PID=7924 TID=17004 DismApi.dll:                                          - DismShutdownInternal	
    00000122	126.09871674	[7924] PID=7924 TID=17004 DismApi.dll: <----- Ending DismApi.dll session -----> - DismShutdownInternal	
    00000123	126.09886169	[7924] PID=7924 TID=17004 DismApi.dll:                                          - DismShutdownInternal	
    00000124	156.09793091	[5960] SCClient Information: 1 : 	
    00000125	156.09802246	[5960] The notification process received a setting change notification   (Microsoft.SoftwareCenter.Client.Notification.SingleInstanceApplication at OnUserPreferenceChanged) 	
    00000126	176.04449463	[14404] SHIMVIEW: ShimInfo(Complete) 	
    00000127	316.64648438	[6572] 20/05/2015 19:59:05: Enter InvokeBeginImportWorker->OpenImportConnection	
    00000128	316.64657593	[6572] 20/05/2015 19:59:05: Getting schema	
    00000129	316.64724731	[6572] 20/05/2015 19:59:05: Type: person	
    00000130	316.65243530	[6572] 20/05/2015 19:59:05: Anchor attribute: id	
    00000131	316.65249634	[6572] 20/05/2015 19:59:05: Attribute: enabled	
    00000132	316.65255737	[6572] 20/05/2015 19:59:05: Attribute: sipaddress	
    00000133	316.65264893	[6572] 20/05/2015 19:59:05: Attribute: samaccountname	
    00000134	316.65267944	[6572] 20/05/2015 19:59:05: Attribute: objectguidstring	
    00000135	316.65277100	[6572] 20/05/2015 19:59:05: Attribute: id	
    00000136	316.66101074	[6572] 20/05/2015 19:59:05: Enter InvokeBeginImportWorker->OpenImportConnection->InitializeConfigParameters	
    00000137	316.66104126	[6572] 20/05/2015 19:59:05: Password: *** secret ***	
    00000138	316.66430664	[6572] 20/05/2015 19:59:05: Password  (impersonate): *** secret ***	
    00000139	316.66497803	[6572] 20/05/2015 19:59:05: Schema Script: e:\psma\lync\schema.ps1	
    00000140	316.66503906	[6572] 20/05/2015 19:59:05: Username: administrator	
    00000141	316.66513062	[6572] 20/05/2015 19:59:05: Domain (impersonate): ae	
    00000142	316.66519165	[6572] 20/05/2015 19:59:05: Username (impersonate): administrator	
    00000143	316.66522217	[6572] 20/05/2015 19:59:05: Import Script: e:\psma\lync\import.ps1	
    00000144	316.66531372	[6572] 20/05/2015 19:59:05: Export Script: e:\psma\lync\export.ps1	
    00000145	316.66537476	[6572] 20/05/2015 19:59:05: Use paged import: 0	
    00000146	316.66543579	[6572] 20/05/2015 19:59:05: Password Management Script: e:\psma\lync\password.ps1	
    00000147	316.66546631	[6572] 20/05/2015 19:59:05: Export simple objects: 1	
    00000148	316.66561890	[6572] 20/05/2015 19:59:05: Leave InvokeBeginImportWorker->OpenImportConnection->InitializeConfigParameters	
    00000149	316.66567993	[6572] 20/05/2015 19:59:05: Should impersonate: True	
    00000150	316.66690063	[6572] 20/05/2015 19:59:05: Enter InvokeBeginImportWorker->OpenImportConnection->SetupImpersonationToken	
    00000151	317.47406006	[6572] 20/05/2015 19:59:05: Succeeded in impersonating: Domain: ae, Username: administrator, Password: **secret***	
    00000152	317.47433472	[6572] 20/05/2015 19:59:05: Leave InvokeBeginImportWorker->OpenImportConnection->SetupImpersonationToken	
    00000153	317.47674561	[6572] 20/05/2015 19:59:05: Enter InvokeBeginImportWorker->OpenImportConnection->OpenRunspace	
    00000154	317.52609253	[6572] 20/05/2015 19:59:05: Runspace state: BeforeOpen	
    00000155	317.52615356	[6572] 20/05/2015 19:59:05: Opening Runspace	
    00000156	317.76119995	[6572] 20/05/2015 19:59:06: Leave InvokeBeginImportWorker->OpenImportConnection->OpenRunspace	
    00000157	317.76129150	[6572] 20/05/2015 19:59:06: Resetting pipeline results and counters	
    00000158	317.76141357	[6572] 20/05/2015 19:59:06: OpenImportRunStep Type: Full	
    00000159	317.76147461	[6572] 20/05/2015 19:59:06: OpenImportRunStep Size: 100	
    00000160	317.76156616	[6572] 20/05/2015 19:59:06: OpenImportRunStep CustomData: 	
    00000161	317.76174927	[6572] 20/05/2015 19:59:06: Leave InvokeBeginImportWorker->OpenImportConnection	
    00000162	317.84835815	[6572] 20/05/2015 19:59:06: Enter InvokeImportEntryWorker->GetImportEntries	
    00000163	317.84887695	[6572] 20/05/2015 19:59:06: Setting custom data: 	
    00000164	317.84899902	[6572] 20/05/2015 19:59:06: Setting page token: 	
    00000165	317.84909058	[6572] 20/05/2015 19:59:06: Invoking import script: e:\psma\lync\import.ps1	
    00000166	317.85070801	[6572] 20/05/2015 19:59:06: Should impersonate: True	
    00000167	386.60852051	[6572] 20/05/2015 20:00:15: Page token returned: ''	
    00000168	386.60864258	[6572] 20/05/2015 20:00:15: Custom data returned: ''	
    00000169	386.60867310	[6572] 20/05/2015 20:00:15: Object(s) in pipeline: 1497	
    00000170	386.60882568	[6572] 20/05/2015 20:00:15: Non-paged import; setting MoreToImport to false	
    00000171	386.60913086	[6572] 20/05/2015 20:00:15: Start connector space object	
    00000172	386.62902832	[6572] 20/05/2015 20:00:15: Invalid object in pipeline: System.Management.Automation.PSModuleInfo	
    00000173	386.66464233	[6572] 20/05/2015 20:00:15: End connector space object	
    00000174	386.66476440	[6572] 20/05/2015 20:00:15: Start connector space object
    


    Diego Shimohama

    Monday, June 1, 2015 2:21 PM
  • Have a look throught the logs. You have a script error that you need to fix. That is probably your problem, or at least you need to fix that before you can test further...

    The dump of the error is in the log

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, June 2, 2015 8:26 AM
  • I am having a similar issue - and it may be with calling lync cmdlets via remote powershell. the creates the System.Management.Automation.PSModuleInfo that is added to the pipeline.

    Is there anyway to exclude this object from the pipeline? below is my import script:

    param
    (
        $username,
        $password,
        $operationtype = "full",
        [bool] $usepagedimport,
        $pagesize
    )
    #
    $PlainPassword = "####"
    $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
    
    
    $UserName = "User"
    $Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword
    
     $sessionoption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
    
        #create new session
    
        $session = New-PSSession -ConnectionUri https://lyncserver/ocspowershell -SessionOption $sessionOption -Credential $credentials
        
    
        # assuming the above line worked, import the cmdlets needed for Lync
    
        import-pssession $session
    
    $users = get-csuser
    
    foreach ($user in $users)
    {
        #write-host $user.sid
        $sid = $user.sid
        $sipaddress = $user.sipaddress -replace '^SIP\:'
        $de = [adsi] "LDAP://<sid=$sid>"
        if ( $de )
        {
            $obj = @{}
            $obj.id = ([guid] $de.objectguid[0]).tobytearray()
            $obj.objectclass = "person"
            $obj.objectguidstring = ([guid] $de.psbase.properties.objectguid[0]).tostring()
            $obj.'[DN]' = $de.distinguishedname[0]
            $obj.samaccountname = $de.samaccountname[0]
            $obj.sipaddress = $sipaddress
            if ( $de.'msRTCSIP-UserEnabled' ) { [bool] $obj.enabled = $de.'msRTCSIP-UserEnabled'[0] }
            $obj
        }
    }
    
    remove-pssession $session

    when the script run interactively, theres no problem.

    Any advice?



    Tuesday, July 7, 2015 7:18 AM
  • Assuming I understand your question correctly, you could try assigning outputs from Lync CMDlets to $null to avoid them outputting to pipeline, like this -

    $null = remove-pssession $pssession


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, July 7, 2015 7:47 AM
  • Thanks for the speedy response - it was the import-pssession that was throwing an object to the pipeline.
    Tuesday, July 7, 2015 10:13 AM
  • Yes, I've seen that too

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, July 7, 2015 10:14 AM
  • Hello!

    I am having a similar issue.

    Import is working. Export is does not working.

    Help me please!


    Alex

    Thursday, July 23, 2015 10:17 AM
  • What is "similar" issue? Please elaborate and maybe share your Export script for more qualified help.

    Thanks


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thursday, July 23, 2015 10:20 AM
  • I do not use FIM portal for PSMA.

    I run Export and Import from Sync Service Manager.

    I disable Lync for previous imported user to FIM.

    After I run the Export script and Lync does not enable for the user.

    Export script:

    # version history
    # jan 14, 2015 | soren granfeldt
    # - initial version started
    
    param
    (
    	$username = "",
    	$password = "",
    	$registrarpool = "sippool01.goverco.com",
    	[switch] $test = $false
    )
    
    begin
    {
    	function log($message, [switch] $terminate)
    	{
    		if ( $terminate )
    		{
    			throw $message
    		}
    		else
    		{
    			write-debug $message
    			$message | out-file d:\psma\logs\lync-export.log -append
    		}
    	}
    
    	import-module lync
    }
    
    process
    {
    	$error.clear()
    	
    	$errorstatus = "success"
    	$errordetails = ""
    		
    	$identifier = $_."[Identifier]"
    	$anchor = $_."[Anchor]"
    	$samaccountname = $_.samaccountname
    	$objectguidstring = $_.objectguidstring
    	$objectmodificationtype = $_."[ObjectModificationType]"
    	$changedattrs = $_.'[ChangedAttributeNames]'
    	[bool] $enabled = $_.enabled
    	$_ | out-file d:\psma\dump\$samaccountname.txt
    	
    	if ( $test )
    	{
    		$objectguidstring = '916f41bc-085b-435b-8850-eb82157a62df'
    		$enabled = $false
    	}
    	
    	try
    	{
    		$errorstatus = "success"
    		
    		$isenabled = $false #assume that the user is not already enabled
    		$user = get-csuser $objectguidstring -erroraction silentlycontinue
    		if ( $user )
    		{
    			write-debug "sip: $($user.sipaddress)"
    			[bool] $isenabled = $user.enabled 
    			if ( $enabled -and -not($isenabled) )
    			{
    				write-debug "enable-existing-user"
    				$user | set-csuser -enabled $true -errorvariable $err
    				if ( $err ) throw $err
    			}
    			if ( -not($enabled) -and $isenabled )
    			{
    				write-debug "disable-existing-user"
    				$user | set-csuser -enabled $false -errorvariable $err
    				if ( $err ) throw $err
    			}
    		}
    		else
    		{
    			if ( $enabled -and -not($isenabled) )
    			{
    				write-debug "enable-new-user"
    				enable-csuser $objectguidstring -sipaddresstype userprincipalname -registrarpool $registrarpool
    			}
    		}
    	}
    	catch [exception]
    	{
    		$errorstatus = "export-exception"
    		$errordetails = $error[0].exception
    	}
    	
    	# we do not handle any errors in the current version but
    	# instead just return success and let FIM handle any discovery
    	# of missing adds or updates
    	$status = @{}
    	$status."[Identifier]" = $identifier
    	$status."[ErrorName]" = $errorstatus
    	$status."[ErrorDetail]" = $errordetails
    	$status
    }
    
    end
    {
    }


    Alex


    • Edited by ArhangeL87 Thursday, July 23, 2015 10:39 AM
    Thursday, July 23, 2015 10:36 AM
  • Can you run the script manually and confirm that it works? You could also try to enable logging in the PSMA and include the logs in this thread. That would be helpful.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thursday, July 23, 2015 10:46 AM
  • How I can enable logging in the PSMA?


    Alex

    Thursday, July 23, 2015 10:53 AM
  • You have a syntax error in your export script. Fix that. Looks like a missing parenthesis of some sort.

    You can read more on troubleshooting the PSMA here (including enabling logging) - http://blog.goverco.com/p/psmalogging.html


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thursday, July 23, 2015 10:59 AM
  • 7/23/2015 11:06:14 AM: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection 7/23/2015 11:06:14 AM: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->InitializeConfigParameters 7/23/2015 11:06:14 AM: Password: *** secret *** 7/23/2015 11:06:14 AM: Password (impersonate): *** secret *** 7/23/2015 11:06:14 AM: Schema Script: C:\distr\psma.5.5.lync.sample.scripts\schema.ps1 7/23/2015 11:06:14 AM: Username: test1\admin 7/23/2015 11:06:14 AM: Domain (impersonate): test1.local 7/23/2015 11:06:14 AM: Username (impersonate): admin 7/23/2015 11:06:14 AM: Import Script: C:\distr\psma.5.5.lync.sample.scripts\import.ps1 7/23/2015 11:06:14 AM: Export Script: C:\distr\psma.5.5.lync.sample.scripts\export.ps1 7/23/2015 11:06:14 AM: Use paged import: 0 7/23/2015 11:06:14 AM: Password Management Script: C:\distr\psma.5.5.lync.sample.scripts\password.ps1 7/23/2015 11:06:14 AM: Export simple objects: 0 7/23/2015 11:06:14 AM: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->InitializeConfigParameters 7/23/2015 11:06:14 AM: Should impersonate: True 7/23/2015 11:06:14 AM: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->SetupImpersonationToken 7/23/2015 11:06:14 AM: Succeeded in impersonating: Domain: test1.local, Username: admin, Password: **secret*** 7/23/2015 11:06:14 AM: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->SetupImpersonationToken 7/23/2015 11:06:14 AM: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->OpenRunspace 7/23/2015 11:06:15 AM: Runspace state: BeforeOpen 7/23/2015 11:06:15 AM: Opening Runspace 7/23/2015 11:06:19 AM: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection->OpenRunspace 7/23/2015 11:06:19 AM: Export Type: Delta 7/23/2015 11:06:19 AM: Export Batch Size: 100 7/23/2015 11:06:19 AM: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.OpenExportConnection 7/23/2015 11:06:19 AM: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection 7/23/2015 11:06:19 AM: Enter Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection 7/23/2015 11:06:19 AM: Closing Runspace 7/23/2015 11:06:19 AM: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection 7/23/2015 11:06:19 AM: Leave Microsoft.MetadirectoryServices.IMAExtensible2CallExport.CloseExportConnection


    I did not change the export script. What I need fix in the script?

    Alex

    Thursday, July 23, 2015 11:11 AM
  • You need to fix the syntax errors that you have in the export script. That is pure PowerShell and has nothing to do with the PSMA. Focus on fixing that first.

    After that make sure that you indeed have Pending Exports in the PSMA cause from the export log it doesnt look like you get any objects in the pipeline. You need to make sure that your provisioning and flow are correct for you to succeed with this.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thursday, July 23, 2015 11:29 AM
  • You need to fix the syntax errors that you have in the export script. That is pure PowerShell and has nothing to do with the PSMA. Focus on fixing that first.

    After that make sure that you indeed have Pending Exports in the PSMA cause from the export log it doesnt look like you get any objects in the pipeline. You need to make sure that your provisioning and flow are correct for you to succeed with this.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Sunday, July 26, 2015 6:35 AM
  • Hello!

    I searched new export script:

    #Author: Eihab Isaac (FIM MVP)
    #Company: Zeva Inc.
    #email: eihab@zevainc.com
    PARAM
    (
        $Username,
        $Password
    )
    
    BEGIN
    {
        Import-Module Lync 
    }
    
    PROCESS
    {
        $DN = $_.'[DN]'
        $Identifier = $_.'[Identifier]'
        $anchor = $_."[Anchor]"
        $ObjectType = $_.'[ObjectType]'
        $ObjectModificationType = $_.'[ObjectModificationType]'
        $SamAccountName = $_.samaccountname
        $RegistrarPool = $_.RegistrarPool
        $domain = 'FIMNABOX'
        $errorstatus = "success"
    	$errordetail = ""
    
        $error.clear()
        
        #unsupported operations
        #We will not create a new user. The user is already in AD. We are just enabling lync (update only)
        # The user wil be deleted from AD, therefore, we don't need to process deletion
        if ($objectmodificationtype -eq 'add|delete')
    	{
    		throw "add-and-delete-not-supported"
        }
        
    	if ($objectmodificationtype -match 'replace')
    	{
            try
            {
                $domainandusername = $domain+"\"+$SamAccountName
                
                # this line will enable lync
                # the identity is passed and the registrar pool
                # the sip address in this example is using the email address
    		    Enable-CsUser -Identity $domainandusername `
                -RegistrarPool $RegistrarPool `
                -SipAddressType EmailAddress
           }
           catch
           {
                    $errorstatus = ( "{0}-error" -f "Can't enable lync" )
    		    $errordetail = "Can't enable mailbox for user "+ $domain+"\"+$SamAccountName + ". Error details $($_.Exception.Message)"
           }
    	}
    	# return status about export operation
    	$status = @{}
    	$status."[Identifier]" = $identifier
    	$status."[ErrorName]" = $errorstatus
    	$status."[ErrorDetail]" = $errordetail
    	$status
    }
    END
    {
        
    }

    The script run in Powershell without errors.

    But user does not enabled in lync after I run Export Run Profile.

    Attributes does not export to Connector Space PSMA.

    I don't understand, why?


    Alex

    Tuesday, August 4, 2015 12:03 PM
  • It looks as if the Enable-CSUser line in your script is commented out?

    On the other hand, how are you doing provisioning to this MA? What are your attribute flows - looks like you need to flow sAMAccountName and RegistrarPool at least to this MA to get a good result!?

    If you are not getting any Pending Exports in this MA, I suspect that you are missing provisioning code / declaration for this MA.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, August 4, 2015 12:08 PM
  • Enable-CsUser is not commented out.

    I created Sync Rule in FIM Portal for PS MA.

    RegistrarPool I set in the export script. ($RegistrarPool = 'fim-lync.test1.local')



    • Edited by ArhangeL87 Tuesday, August 4, 2015 12:23 PM
    Tuesday, August 4, 2015 12:23 PM