none
Changing the Account an ECMA 2 runs under RRS feed

  • Question

  • Is there a quick and easy way to change the account an ECMA 2 is using - even for specific tasks? My need is that I have developed the ECMA in a Dev domain but need to copy a file to a production share before we move the ECMA into the Production FIM instance. My Dev account doesn't exist in the production domain so can't be given the permissions. 

    Cheers,

    Dave

    Thursday, August 21, 2014 9:27 AM

All replies

  • Hi Dave,

    Many depends on how is your ECMA designed to work. Do you have any hardcoded credentials in it? Or do you take credentials from any configuration (either a config file or config in MA GUI). Or you don't specify credentials at all and you use service's credentials?

    As you can see, there are multiple ways that you can use to provide credentials. You have to identify, which way is used in your MA.

    Most popular ways are to use FIM Sync credentials or to use credentials stored in MA (changed by GUI). If so, you simply can give appropriate permissions to MA service account or FIMSync account.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Thursday, August 21, 2014 10:43 AM
  • By default, it'll always run in the context of the Sync Service service account. If you want to use other creds, you have to code it.

    I tend to allow for adding credentials using the GUI of the MA - and I then pick these credentials up in the code and do impersonating around the code that does the specific tasks.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Tuesday, August 26, 2014 6:43 PM
  • Hi, Dave

    Did you manage to resolve this or work around?


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thursday, September 4, 2014 5:19 PM
  • Collect the credential from GUI of MA so it will be easy to change , for credential from GUI of MA add the below code in your ECMA code

       public IList<ConfigParameterDefinition> GetConfigParameters(KeyedCollection<string, ConfigParameter> configParameters, ConfigParameterPage page)
            {
                List<ConfigParameterDefinition> configParametersDefinitions = new List<ConfigParameterDefinition>();

                switch (page)
                {
                    case ConfigParameterPage.Connectivity:

                 configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("User Name",""));
                          configParametersDefinitions.Add(ConfigParameterDefinition.CreateEncryptedStringParameter("Password",""));
                        break;


                    case ConfigParameterPage.Global:
                        break;

                    case ConfigParameterPage.Partition:
                        break;

                    case ConfigParameterPage.RunStep:

                        break;
                }

                return configParametersDefinitions;
            }

    And try to collect the value as

      myUserName = configParameters["User Name"].Value;
                IntPtr ptr = Marshal.SecureStringToBSTR(configParameters["Password"].SecureValue);
                myPassword = Marshal.PtrToStringUni(ptr);


    • Edited by dushyant_aujas Friday, September 12, 2014 10:59 AM
    • Proposed as answer by shprna Friday, September 12, 2014 11:23 AM
    Friday, September 12, 2014 10:57 AM