Use cases for calling FIMAutomation from a PowerShell Activity RRS feed

  • Question

  • One of the feedback items, was mentioning calling the FIMAutomation PS cmdlets in a PowerShell script via the PowerShell Activity.

    My initial thoughts are to avoid making MIM Service update calls via a PowerShell activity,  but to write the script that outputs a hashtable of results, that you chain to a child Update Resources activity which would be used to update the MIM Resources.

    I am curious what use cases this is being done, so we can see if we can provide an example using other WAL Activities to accomplish making changes to the MIM Resources.

    What scenarios are being envisioned where FIMAutomation would need to be called?

    Thursday, January 14, 2016 6:26 PM

All replies

  • Hi Jef,

    it is true I could probably get around my "run Exchange cmdlets via PowerShell then write status and logging back to a MIM object" use case by returning the data as script output.... I'd have to try it and see. As you say a hashtable I'm taking it that I can return multiple different types of data and the Update Resources activity will understand that? I've only used WFData in that way, not a hashtable - I'd have to have a play.

    The other one I'm thinking of is a CSV Upload facility which I know a number of us have developed our own versions of using the Powershell activity. All the checking and parsing of the CSV is done in the Powershell script, mostly for flexibility as every site will have different requirements, and then objects are created or updated directly from the script. You could, I guess, return a table of objects to be created back to the workflow process. I'm not sure what that does with error checking - my script, after looping through all the CSV rows and attempting to create/update them, also returns a copy of the CSV file to the "Bulk Upload" object in the Portal that has each row annotated with a status message.


    Thursday, January 14, 2016 8:47 PM
  • For using the PowerShell activity will emit 3 types of returns to downstream activities.   None, Single value, Table of Values.   You can see them here:

    If I have a hashtable of  @{UserName=Jef;ProvisionStatus=Success;} which I return from the powershell activity,   these get mapped to [//WorfklowData/UserName],[//WorkflowData/ProvisionStatus],[//WorkflowData/Email] for use in child activities.

    so my next Update Resources activity may have an Activity Execution Condition (AEC) like  Eq([//WorkflowData/ProvisionStatus],"Success")  that will call the statement if it returns true and apply the expressiong of  [//WorkflowData/Email]  >>>>  [//Target/Email] 

    I could also query other objects if it was not the Target if needed as well.

    Now regarding bulk uploads,  if it's a one time task I would use a PowerShell script outside of MIM Workflows to do it.    If it was an automated task, perhaps a scheduled task, or  I would likely look to use the PowerShell connector or an ECMA since it has retry capabilities,  unlike Workflows would.  

    For example I may have a location object defined in MIM, and I want to load the individual objects in the MIM service for use during provisioning,   I would use PowerShell to load them externally to MIM.

    Maybe you are thinking of a scenario where someone wants to upload a CSV of users they want added to a group in a request? 

    It's good to hear the scenarios so we can relate it to how we have used the WAL to address them before. :)

    Thursday, January 14, 2016 9:29 PM
  • The conversion from hashtable to WFData params would definitely solve a lot of the data return use cases I can think of.

    With the bulk upload facility - I have implemented this in a couple of environments that need it for bulk load of user types that are outside the usual data feeds. Also for bulk load of "entitlements" - ie adding a bunch of users to an application in one go. The people loading in the CSV files are not FIM administrators, and the CSVs are loaded in as needed and not on a scheduled basis. It's nice to be able to let them do that through the FIM Portal, and quite straight-forward to set up the UI components from the basic building blocks in the product.

    There's an AuthZ workflow that rejects the CSV entirely if it doesn't meet certain global conditions (such as a required column missing), but once it gets to the Action WF it's a row-by-row thing, and I use the Results CSV as a way to communicate back to the user if specific rows failed to be processed. I don't know if I'd want to return that in a parameter, especially if the input CSV had a lot of rows.

    Friday, January 15, 2016 12:16 AM
  • Working on one now to auto register users for SSPR based on a change in Mobile Phone.  AFAIK, the only way to do this is with the "Get-AuthenticationWorkflowRegistrationTemplate" and "Register-AuthenticationWorkflow" cmdlets, so I'm forced to use FIMAutomation.



    Tuesday, March 29, 2016 7:51 PM
  • So it is possbile to query a for example an email address of target user's manager.

    First I want to get a target user displayname, then target user's manager. All those I can get. But I want to get a manager's email address at the same time. How should I do that and is that possible? Previously we have used also FIM-Automation to get that working.

    Friday, April 1, 2016 9:39 AM
  • There are examples of these on various Wiki's in the MIMWAL GitHub site. In particular check the Lookups wiki. e.g. it lists [//Target/Manager/DisplayName] or [//Target/Manager/Manager/DisplayName] as an examples. Here what you want is Email instead of DisplayName.
    Thursday, April 7, 2016 5:52 AM