How to Use PowerShell to Determine the ERL Flow Configuration

FIM ScriptBox Item

Summary

To process outbound synchronization rules, you must populate the ERL attribute of you managed objects in the metaverse.

The objective of this script is to check whether import attribute flow rule mappings for the expectedRulesList attribute are configured on your FIM management agent for person objects and group objects.

Script Code

001

002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

063

064

065

066

067

068

069

070

071

#----------------------------------------------------------------------------------------------------------

 set-variable -name URI   -value "http://localhost:5725/resourcemanagementservice"    -option constant 

 set-variable -name Part1 -value "//import-flow-set[@mv-object-type='$']"             -option constant

 set-variable -name Part2 -value "/import-flows[@mv-attribute='expectedRulesList']"   -option constant

 set-variable -name Part3 -value "/import-flow[@src-ma='$'
 "                          -option constant

 set-variable -name Part4 -value "and
 @cd-object-type='$']"                           -option constant

 set-variable -name Part5 -value "/direct-mapping[src-attribute='ExpectedRulesList']" -option constant

#----------------------------------------------------------------------------------------------------------

 function HasNode

 {

    PARAM($xmlDoc, $maId, $mvType, $cdType)

    END

    {

       $node = $Part1.Replace("$", $mvType) + `

               $Part2 + `

               $Part3.Replace("$", $maId)   + `

               $Part4.Replace("$", $cdType) + `

               $Part5

       $xmlDoc.selectSingleNode($node) -ne $null

    }           

 }

#----------------------------------------------------------------------------------------------------------

 if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}

 clear-host

 $exportObject = export-fimconfig -uri $URI `

                                  -customconfig ("/ma-data[SyncConfig-category='FIM']") `

                                  -ErrorVariable Err `

                                  -ErrorAction SilentlyContinue `

                                  -onlyBaseResources 

 if($Err){throw $Err}

 if($exportObject -eq $null) {throw "FIM
 management agent not found"} 

#----------------------------------------------------------------------------------------------------------

 [xml]$partData = ($exportObject.ResourceManagementObject.ResourceManagementAttributes | `

                   Where-Object {$_.AttributeName -eq "SyncConfig-ma-partition-data"}).Values

 if($partData.selectSingleNode("//filter/object-classes[object-class='Person']") -eq $null)

 {throw "FIM management agent is not configured to process object type person"}

 $bHasGroups = $partData.selectSingleNode("//filter/object-classes[object-class='Group']") -ne $null

 $maId = ($exportObject.ResourceManagementObject.ResourceManagementAttributes | `

          Where-Object {$_.AttributeName -eq "SyncConfig-id"}).Value

#----------------------------------------------------------------------------------------------------------

 $exportObject = export-fimconfig -uri $URI `

                                  -customconfig ("/mv-data") `

                                  -onlyBaseResources `

                                  -ErrorVariable Err `

                                  -ErrorAction SilentlyContinue

 if($Err){throw $Err}

 if($exportObject -eq $null) {throw "No
 metaverse data configured"} 

 $iafValue = ($exportObject.ResourceManagementObject.ResourceManagementAttributes | `

              Where-Object {$_.AttributeName -eq "SyncConfig-import-attribute-flow"}).Value

 [xml]$iafFlows = "" +$iafValue + ""

 $bHasPersonErl = HasNode -xmlDoc $iafFlows -maId $maId -mvType "person" -cdType "Person"

 $bHasGroupErl  = HasNode -xmlDoc $iafFlows -maId $maId -mvType "group"  -cdType "Group"

#----------------------------------------------------------------------------------------------------------

 write-host "`nERL Flow Configuration"

 write-host "======================"

 write-host "Person: " $bHasPersonErl.toString()

 if($bHasGroups -eq $true)

 {write-host "Group : " $bHasGroupErl.toString()}

 write-host "`nCommand completed successfully`n"

#----------------------------------------------------------------------------------------------------------

 trap 

 { 

    Write-Host "`nError: $($_.Exception.Message)`n" -foregroundcolor white -backgroundcolor darkred

    Exit 1

 }

#----------------------------------------------------------------------------------------------------------

Note
To provide feedback about this script, create a post on the FIM TechNet Forum. For more FIM related Windows PowerShell scripts, see the FIM ScriptBox.

How to Use PowerShell to Determine the ERL Flow Configuration

See Also