none
MIM: How to Automate Run Profile Execution with PowerShell RRS feed

  • General discussion

  • I write this article here due to no access to do it on Wiki portal (since not long time ago).

    Introduction

    I found several articles about this topic. For example:

    But I have not found full article about automation of Run Profile execution by PowerShell. Let me to remedy the situation.

    Using classes

    For your script you can use the next classes:

    • MIIS_ManagementAgent
    • MIIS_Server
    • MIIS_RunHistory
    • MIIS_CSObject
    • MIIS_PasswordChangeHistorySource
    • MIIS_PasswordChangeHistoryTarget
    • MIIS_PasswordChangeQueue

    Official technical reference is here. The most valuable and important class is the first one.

    Planning

    Thanks to PowerShell and existing classes for FIM/MIM you can automate a lot of MIM operations such as:

    1. MA run profile execution
    2. Operation History clearing
    3. Checking of need to start MA
    4. Scheduling etc.

    Scripting

    First of all, you should specify variables to use needed classes:

    $Server = "."     
    $MAs = @(get-wmiobject -class "MIIS_ManagementAgent" -namespace "root\MicrosoftIdentityIntegrationServer" -computername $Server)
    $MAHistory = get-wmiobject -class "MIIS_RunHistory" -namespace "root\MicrosoftIdentityIntegrationServer"
    $MIMconn = @(get-wmiobject -class "MIIS_SERVER" -namespace "root\MicrosoftIdentityIntegrationServer" -computer $Server)


    If you have many MAs and Run Profile names use variables for them:

    #Management Agents short names
    $HR = "HR MA"
    $MIM = "MIM MA"
    $AD = "AD MA"
    
    #Run Profiles short names
    $FI = "Full Import"
    $FS = "Full Sync"
    $DI = "Delta Import"
    $DS = "Delta Sync"
    $EX = "Export"

    As you may want to use script cycling it`s better to use main body and functions. For example:

    $MaxCycle= 0
    $Cycle = 0
    
    do
    {FUNCTION1
    FUNCTION2}
    until
    ($Cycle -eq $MaxCycle)

    where FUNCTION1 - scheduled actions to execute Run Profiles, FUNCTION2 - checking whether Operations history clearing is needed.

    Function to execute Run Profile of specified MA:

    #Run Profile $RP in $MA agent
    function Start_RunProfile($MA, $RP)
        {
        Write-Host "$($MA.Name) | $RP is executing"
        $result = $MA.Execute($RP);
        Write-Host "Finished $($result.ReturnValue)"    
        }

    Function to run MA for DeltaImport operation:

    # FUNCTION to run MA for DeltaImport operation
    function DeltaImport_MA ($MAname)
        {
         #get parameters according MA name
        switch ($MAname)
            {
            $HR{$RPlist = @($DI, $DS, $FS); $ExTimeOut = 2}
            $AD{$RPlist = @($EX, $DI, $DS, $FS); $ExTimeOut = 7}
            $MIM{$RPlist = @($EX, $DI, $DS);$ExTimeOut = 3}
            }   
            
            foreach($MA in $MAs)
                { 
                    if($MA.Name.Equals($MAname))
                        {
                        foreach($Profile in $RPlist)
                            {
                            Start_RunProfile $MA $Profile
                            
                            #do timeout between Export and Import profiles
                            if($Profile.Equals($EX))
                            {Start-Sleep -s $ExTimeOut}
                            }
                        }
                }
        }

    Function to clear Operations History:

     # FUNCTION to clear Operations History
     function Clear_History
        {
        $DeleteDay = (Get-Date).AddDays(-$HistoryPeriod).ToString('yyyy-MM-dd')
        Write-Host "Deleting run history earlier than or equal to: $DeleteDay"
        Write-Host "Result: $($MIMconn[0].ClearRuns($DeleteDay).ReturnValue)"
        }

    Function to check if MA running is needed:

    # FUNCTION to check whether MA running is needed
    function Check_MASync($CheckingMA)
        {
        foreach ($MA in $MAs) #get list of all MAs
            { 
            If($MA.Name.Equals($CheckingMA)) #find checking MA
                {
                $count = [int]::Parse($MA.NumExportAdd().ReturnValue) + [int]::Parse($MA.NumExportDelete().ReturnValue) + [int]::Parse($MA.NumExportUpdate().ReturnValue)
                If ($count -gt 0) #if any object is pending export then
                    {
                    return $true #do function TRUE
                    }
                else
                    {
                    return $false #otherwise do function FALSE
                    }
                }
            }
        }

    Function to check schedule:

    #Time for Full Synchronization all MAs
    $Full_Sync_Time = @("00:00:00")
    
    # FUNCTION to check FullSync schedule
    function Check_FullSync_Schedule
        {
        $CurrentTime = Get-Date -Format HH:mm:ss #current time
        $CurrentDate = Get-Date -Format dd.MM.yyyy #current date
    
        If ($Full_Sync_Time -lt $CurrentTime -and $CurrentDate -ge $global:FullSyncDay)
            {
            #Run DailyFullSync procedure
            FUNCTION_Run_Process_FullSync
            $global:FullSyncDay =  (Get-Date).AddDays(1).ToString('dd.MM.yyyy')             
            }
        else
            {
            Write-Host "The time is not Daily FullSync time"
            }
        Write-Host "The next Daily FullSync day is: $global:FullSyncDay"
        }

    • Edited by Emil Valiev Friday, March 30, 2018 2:08 PM delete end lines
    Friday, March 30, 2018 2:05 PM