none
Initiate sync run remotely? RRS feed

  • Question

  • Hi,

    I have two FIM instances set up. When run profiles have executed on one, I want that to trigger run profiles on the other FIM instance.

    I've tried with PowerShell and impersonation, but haven't had much luck. (Continuous "Access Denied" messages, even after following the instructions on enabling remote access for WMI.)

    Any ideas on how this could be accomplished are appreciated.

    Thanks,

    Sami

    Friday, February 10, 2012 9:55 PM

Answers

  • You might try remote PowerShell (WinRM), then issue the WMI call locally, so more like:

    Invoke-Command -Computer MySyncServer -Script {### your script to call your MA locally}

    For this to work you'll need to enable WinRM on the Sync server (WinRM quickconfig).


    CraigMartin – Edgile, Inc. – http://identitytrench.com

    Monday, February 13, 2012 6:06 PM
  • Sami - in response to your question on technique above, it's in the way we specify the FIM server credentials when invoking the WMI interface, depending on whether the FIM service is local or remote.  Event Broker will use its own service account for a local FIM instance, wheras the specified server/username/password are specified for a remote instance.  You will be able to adopt a similar approach.


    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

    Wednesday, February 15, 2012 2:18 AM

All replies

  • Are you in the right groups (FIM Operators at least)?

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Friday, February 10, 2012 11:43 PM
    Moderator
  • Sami - when you run the script it works for the first but not the second, right?  If you swap the order, it runs for the first (being the OTHER FIM server this time) but not the second again?  If so it could be simply variable/connection initialization.  Needless to say, I do this exact thing another way ;) ...

    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

    Friday, February 10, 2012 11:49 PM
  • Hi,

    Thank you both for your help.

    I realized I left out a rather large piece of the puzzle: the FIM instances are on different domains. (I re-read my post this morning and couldn't believe I left that out.)

    Brian, yes the account is in the FIM Operators.

    Bob, It only works on the FIM service for the domain the script is being run on. What's your technique?

    Sorry that I didn't give all of the information at first.

    Thanks,

    Sami

    Saturday, February 11, 2012 12:04 PM
  • You might try remote PowerShell (WinRM), then issue the WMI call locally, so more like:

    Invoke-Command -Computer MySyncServer -Script {### your script to call your MA locally}

    For this to work you'll need to enable WinRM on the Sync server (WinRM quickconfig).


    CraigMartin – Edgile, Inc. – http://identitytrench.com

    Monday, February 13, 2012 6:06 PM
  • Thank you for the suggestion. I will give it a try this week and report back. (Had an issue come up that I have to deal with first.)
    Monday, February 13, 2012 7:11 PM
  • Sami - in response to your question on technique above, it's in the way we specify the FIM server credentials when invoking the WMI interface, depending on whether the FIM service is local or remote.  Event Broker will use its own service account for a local FIM instance, wheras the specified server/username/password are specified for a remote instance.  You will be able to adopt a similar approach.


    Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

    Wednesday, February 15, 2012 2:18 AM