Using PowerShell To Generate The Custom Expression For The Domain Attribute Flow RRS feed

  • General discussion

  •   Summary

    The script code below generates the custom expression that is necessary to flow the domain attribute from AD DS to FIM.
    The custom expression is stored in the clipboard of your computer.

     Please see the following articles for more details:


     Set-Variable -Name ForestDn -Value "DC=Fabrikam,DC=Com" -Option Constant
     Set-Variable -Name DnsRoot  -Value "fabrikam.com"       -Option Constant
     $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
     $objSearcher.SearchRoot = "LDAP://CN=Partitions,CN=Configuration,$ForestDn" 
     $objSearcher.Filter     = "(&(objectclass=Crossref)(dnsRoot=$DnsRoot)(netBIOSName=*))"
     $dataList = @()
     $objSearcher.FindAll() | ForEach{
    	$Domain = New-Object DirectoryServices.DirectoryEntry "LDAP://$($_.Properties.ncname)"
        If($Domain.objectGuid -eq $null) {Throw "Partition not found"}
    	$DomainSid = New-Object System.Security.Principal.SecurityIdentifier($Domain.objectSid[0], 0)
    	$newRecord = new-object psobject
        $newRecord | add-member noteproperty "Path"           $($_.Path)
        $newRecord | add-member noteproperty "NetBIOSName"    $($_.Properties.netbiosname)
        $newRecord | add-member noteproperty "SID"            $DomainSid.ToString()
    	$dataList += $newRecord
     If($dataList.length -eq 0) {Throw "L:No domain partitions found!"}
     $CustomExpression = ""
     $dataList | ForEach {
        $CustomExpression += 
     $CustomExpression += """Unknown"""
     $dataList | ForEach {
        $CustomExpression += ")"
     Write-Host "Domain partitions for forest"
     Write-Host "============================"
     Write-Host "Forest  : $ForestDn"
     Write-Host "DNS Root: $DnsRoot" 
     $dataList | Format-List
     Write-Host "Custom Expression:"
     Write-Host $CustomExpression
     Write-Host ""
     $CustomExpression | clip
        $exMessage = $_.Exception.Message
        {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
    	{write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
        Exit 1


      Go to the FIM ScriptBox

    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Tuesday, March 30, 2010 9:16 PM

All replies

  • Hi Markus,

        My subdomain is aaa.bbbb.com,I use this script gets the domain of the SSID,The following error:No such object on the server?

    No problem, my forest was wrong, thank you


    There is no fate but what we make!

    Tuesday, December 14, 2010 2:58 AM
  • I am having the same problem.  My domain is abc.domain.net.  I tried "DC=abc,DC=domain,DC=net" and  DnsRoot as "abc.domain.net" but I am still getting errors.
    Tuesday, March 13, 2012 9:00 PM
  • When I paste in the value for the CustomExpression, it errors:

    "The return type(Object) of function IIF is not Binary"

    Monday, February 29, 2016 6:20 AM