none
PowerShell to show who has not registered for SSPR RRS feed

  • Question

  • Hi,

    The following script shows who has registered for SSPR (this script works)...but how do I modify it to show who hasnt registered for SSPR?

    set-variable -name URI -value “http://localhost:5725/resourcemanagementservice’ ” -option constant

    set-variable -name CSV -value “RegistredResetPassUsers.csv”

    clear

    If(@(Get-PSSnapin | Where-Object {$_.Name -eq “FIMAutomation”} ).count -eq 0) {Add-PSSnapin FIMAutomation}

    $WFDFilter = “/WorkflowDefinition[DisplayName=’Password Reset AuthN Workflow’]”

    $curObjectWFD = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($WFDFilter) -ErrorVariable Err -ErrorAction SilentlyContinue

    $WFDObjectID = (($curObjectWFD.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq “ObjectID”}).value).split(“:”)[2]

    $Filter = “/Person[AuthNWFRegistered = ‘$WFDObjectID’]”

    $curObject = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($Filter) -ErrorVariable Err -ErrorAction SilentlyContinue

    [array]$users = $null

    foreach($Object in $curObject)

    {

     $ResetPass = New-Object PSObject

     $UserDisplayName = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq “DisplayName”}).Value)

     $ResetPass | Add-Member NoteProperty “DisplayName” $UserDisplayName

     $Users += $ResetPass

    }

    $users | export-csv -path $CSV

    Thank you


    • Edited by Shim Kwan Thursday, December 8, 2016 11:54 PM
    Thursday, December 8, 2016 9:41 PM

Answers

  • As Brian mentions, the script works after you replace the single and double smart characters with single quote and double quote characters.  Jorge also blogged about doing this in a handy Search Scope.

    Best,

    Jeff Ingalls

    • Marked as answer by Shim Kwan Sunday, December 11, 2016 8:29 PM
    Friday, December 9, 2016 9:15 PM

All replies

  • Found this modified script online: 

    https://blogs.msdn.microsoft.com/connector_space/2014/10/08/who-has-not-registered-for-sspr/

    But get the following error:

    export-fimconfig : Failure on making enumeration web service call. 
    Filter = /WorkflowDefinition[DisplayName=’Password Reset AuthN Workflow’] 
    Error= Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: cannot filter as requested
       at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters 
    parameters, ClientOptionsHelper clientOptionsHelper)
       at Microsoft.ResourceManagement.WebServices.ResourceManager.MoveNext()
       at Microsoft.ResourceManagement.Automation.ExportConfig.EndProcessing() 
    At line:9 char:17
    + $curObjectWFD = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($WF ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Export-FIMConfig], InvalidOperationException
        + FullyQualifiedErrorId : ExportConfig,Microsoft.ResourceManagement.Automation.ExportConfig

    export-fimconfig : Failure on making enumeration web service call. 
    Filter = /Person[not(AuthNWFRegistered = ‘9c3aca59-a85c-437f-bb67-9ce5a70521d7’)] 
    Error= Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: cannot filter as requested
       at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters 
    parameters, ClientOptionsHelper clientOptionsHelper)
       at Microsoft.ResourceManagement.WebServices.ResourceManager.MoveNext()
       at Microsoft.ResourceManagement.Automation.ExportConfig.EndProcessing() 
    At line:12 char:14
    + $curObject = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($Filte ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Export-FIMConfig], InvalidOperationException
        + FullyQualifiedErrorId : ExportConfig,Microsoft.ResourceManagement.Automation.ExportConfig 

    Thursday, December 8, 2016 10:30 PM
  • Are your single quotes in that smart quotes?


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Friday, December 9, 2016 12:23 AM
    Moderator
  • OK, I have copied and pasted the script into Notepad and then into PowerShell ISE, and it now runs.

    However, it returns a list of people registered for SSPR. We need a list of people NOT registered for SSPR.

    Its as if the NOT in the following line is not being executed?

    $Filter = $Filter = “/Person[not(AuthNWFRegistered = ‘9c3aca59-a85c-437f-bb67-9ce5a70521d7’)]”

    Friday, December 9, 2016 12:45 AM
  • As Brian mentions, the script works after you replace the single and double smart characters with single quote and double quote characters.  Jorge also blogged about doing this in a handy Search Scope.

    Best,

    Jeff Ingalls

    • Marked as answer by Shim Kwan Sunday, December 11, 2016 8:29 PM
    Friday, December 9, 2016 9:15 PM
  • Thank you, I updated all the single and double quotes and the script appears to be working now.

    cheers.

    Sunday, December 11, 2016 8:29 PM