none
Using PowerShell to enable provisioning

    General discussion

  • Summary
    This script enables provisioning on your FIM server.
    It only enables declarative provisioning.
    If you need to enable non-declarative provisioning or both, you need to modify this script.

     

    ImportantImportant
    To use this script, you need to add the FIM service account to the FIMSyncAdmins group!

     

    #----------------------------------------------------------------------------------------------------------
     set-variable -name URI -value "http://localhost:5725/resourcemanagementservice' " -option constant 
    #----------------------------------------------------------------------------------------------------------
     if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
     clear-host
     $exportObject = export-fimconfig -uri $URI `
                                      –onlyBaseResources `
                                      -customconfig ("/mv-data") `
                                      -ErrorVariable Err `
                                      -ErrorAction SilentlyContinue
     if($Err){throw $Err}
     if($exportObject -eq $null) {throw "There is no metaverse data configured on your system!"} 
     $provisioningState = ($exportObject.ResourceManagementObject.ResourceManagementAttributes | `
                          Where-Object {$_.AttributeName -eq "SyncConfig-provisioning-type"}).Value
     
     
     if(0 -ne [String]::Compare($provisioningState,"none", $true))
     {throw "L:Provisioning is already enabled"}
    
     $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
     $importChange.Operation = 1
     $importChange.AttributeName = "SyncConfig-provisioning-type"
     $importChange.AttributeValue = "sync-rule"
     $importChange.FullyResolved = 1
     $importChange.Locale = "Invariant"
     $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
     $importObject.ObjectType = $exportObject.ResourceManagementObject.ObjectType
     $importObject.TargetObjectIdentifier = $exportObject.ResourceManagementObject.ObjectIdentifier
     $importObject.SourceObjectIdentifier = $exportObject.ResourceManagementObject.ObjectIdentifier
     $importObject.State = 1 
     $importObject.Changes = (,$importChange)
     $importObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue
     if($Err){throw $Err}
     
     write-host "`nProvisioning enabled successfully`n"
    #----------------------------------------------------------------------------------------------------------
     trap 
     { 
        $exMessage = $_.Exception.Message
        if($exMessage.StartsWith("L:"))
        {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
        else {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
        Exit 1
     }
    #----------------------------------------------------------------------------------------------------------
    

     

    Go to the FIM ScriptBox


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Thursday, December 24, 2009 6:32 PM
    Owner

All replies

  •  

    Hello there,

    I am configuring FIM 2010, I have successfully configured inbound synchronization rule from ADDS to FIM and the self-password reset feature is working perfectly fine. Now I am configuring outbound sync rule from FIM to ADDS by following the procedure mentioned  here ( http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/4561f5d0-710f-407e-83fe-3eef9c688eb2 )

    After creating Run Profiles, I ran the above script on my FIM server and it resulted an error. Please see the following messege when i ran the above powershell script to enable user provisioning to ADDS

    PS C:\Users\Administrator.domain>  $exportObject = export-fimconfig -uri $URI `
    >>                                   -onlyBaseResources `
    >>                                   -customconfig ("/mv-data") `
    >>                                   -ErrorVariable Err `
    >>                                   -ErrorAction SilentlyContinue
    >>  if($Err){throw $Err}
    >>  if($exportObject -eq $null) {throw "There is no metaverse data configured on your system!"}
    >>  $provisioningState = ($exportObject.ResourceManagementObject.ResourceManagementAttributes | `
    >>                       Where-Object {$_.AttributeName -eq "SyncConfig-provisioning-type"}).Value
    >>
    PS C:\Users\Administrator.domain>
    PS C:\Users\Administrator.domain>  if(0 -ne [String]::Compare($provisioningState,"none", $true))
    >>  {throw "L:Provisioning is already enabled"}
    >>
    L:Provisioning is already enabled
    At line:2 char:8
    +  {throw <<<<  "L:Provisioning is already enabled"}
        + CategoryInfo          : OperationStopped: (L:Provisioning is already enabled:String) [], RuntimeException
        + FullyQualifiedErrorId : L:Provisioning is already enabled

    PS C:\Users\Administrator.domain>  $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportCh
    ange
    PS C:\Users\Administrator.domain>  $importChange.Operation = 1
    PS C:\Users\Administrator.domain>  $importChange.AttributeName = "SyncConfig-provisioning-type"
    PS C:\Users\Administrator.domain>  $importChange.AttributeValue = "sync-rule"
    PS C:\Users\Administrator.domain>  $importChange.FullyResolved = 1
    PS C:\Users\Administrator.domain>  $importChange.Locale = "Invariant"
    PS C:\Users\Administrator.domain>  $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportOb
    ject
    PS C:\Users\Administrator.domain>  $importObject.ObjectType = $exportObject.ResourceManagementObject.ObjectType
    PS C:\Users\Administrator.domain>  $importObject.TargetObjectIdentifier = $exportObject.ResourceManagementObject.ObjectIde
    ntifier
    PS C:\Users\Administrator.domain>  $importObject.SourceObjectIdentifier = $exportObject.ResourceManagementObject.ObjectIde
    ntifier
    PS C:\Users\Administrator.domain>  $importObject.State = 1
    PS C:\Users\Administrator.domain>  $importObject.Changes = (,$importChange)
    PS C:\Users\Administrator.domain>  $importObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyCont
    inue


    SourceObjectIdentifier : urn:uuid:5b8b5785-4808-421e-a668-12967fccc542
    TargetObjectIdentifier : urn:uuid:5b8b5785-4808-421e-a668-12967fccc542
    ObjectType             : mv-data
    State                  : Put
    Changes                : {SyncConfig-provisioning-type}
    AnchorPairs            :

     

    PS C:\Users\Administrator.domain>  if($Err){throw $Err}
    Failure when making web service call.
    SourceObjectID = urn:uuid:5b8b5785-4808-421e-a668-12967fccc542
    Error = Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The endpoint could not dispatch the requ
    est.
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate()
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Update()
       at Microsoft.ResourceManagement.Automation.ImportConfig.UnifiedClientPut(List`1 changeList, UniqueIdentifier objectI
    dentifier, String objectType, CultureInfo locale)
       at Microsoft.ResourceManagement.Automation.ImportConfig.ProcessLocaleBucket(String objectIdentifier, String objectTy
    pe, Dictionary`2 localeBucket)
       at Microsoft.ResourceManagement.Automation.ImportConfig.Put(String objectIdentifier, String objectType, List`1 chang
    eList)
       at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()
    At line:1 char:16
    +  if($Err){throw <<<<  $Err}
        + CategoryInfo          : OperationStopped: (System.Collections.ArrayList:ArrayList) [], RuntimeException
        + FullyQualifiedErrorId : Failure when making web service call.
    SourceObjectID = urn:uuid:5b8b5785-4808-421e-a668-12967fccc542
        Error = Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The endpoint could not dispatch the
        request.
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate()
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Update()
           at Microsoft.ResourceManagement.Automation.ImportConfig.UnifiedClientPut(List`1 changeList, UniqueIdentifier ob
       jectIdentifier, String objectType, CultureInfo locale)
           at Microsoft.ResourceManagement.Automation.ImportConfig.ProcessLocaleBucket(String objectIdentifier, String obj
       ectType, Dictionary`2 localeBucket)
           at Microsoft.ResourceManagement.Automation.ImportConfig.Put(String objectIdentifier, String objectType, List`1
       changeList)
       at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()

    Kindly help me out from the issue.

    Thanks alot.


    Network Engineer
    Wednesday, August 04, 2010 5:56 PM
  • Please help!!
    Network Engineer
    Tuesday, August 17, 2010 11:42 AM
  • This script does not work.  I get the same error as the previous poster.

    This script is linked to from MS documentation @ http://technet.microsoft.com/en-us/library/ff686264(v=ws.10).aspx

    Monday, August 25, 2014 3:37 PM