FIM 2010 R2 Portal: Configuration management via PowerShell

Lets look at setting up new or updating existing configuration in FIM. The FIM OOB method is to do the export and import PS tools. Quite a bit of work and really not something that an Architect can easily pass to Operations staff to run and implement in Production. The Lithnet PS offers not only an easy way to code a new configuration but also to document changes that you make. What I do now is I write my solution design, then I code the solution schema in an xml and then use Lithnet PS to run and its done. No need to do the GUI click here and there. I am looking in future to create a web interface where you can select config objects that you want and a background process will build the config file for you and run it in FIM!

Alright, lets come down from Mount Rushmore, I am going to talk about setting up a Config file for Lithnet PS. In this scenario we want to

  • Create 3 attributes – Single valued String, Multivalued String, Single Reference
  • Bind all 3 attributes to the Person Object.
  • Create a Notification Template
  • Update the Admin Filter permission to allow attrib1 to be used for Sets and groups
  • Create a set
  • Create a workflow
  • Create an Transition MPR
  • Create a Rights MPR

Items to Note

  1. You need to declare within the file each object that you reference in the file. So for instance you want to bind Attrib1 to Person object, you have to declare Attrib1 and the Person objects in the file. If you want to just do bindings you must declare the attributes that you want to bind in the file even if they already exist in the schema. Since you are doing an add/replace, no new changes will be made to the attributes.
  2. You can also use a “None” if you are declaring an item which you are going to reference elsewhere in the file.
  3. The Operation Type is case sensitive. “None” versus “none” makes a difference.
  4. The ID you use is case sensitive. So if you create attribute  1 and give it an ID “Attrib1” when you reference it in your config file, do not use “attrib1”.
  5. If adding selective attributes to a rights MPR, you should add the system name of the attribute.
  6. If updating a multi valued attribute, use an “add” or “remove” to update the attribute. If it is a reference multi-valued attribute, use “xmlref” and make sure to declare the value in the file.

Some Prerequisites

  • Create an email template file containing the body of your Notification. Save it at C:\MyEmailTemplate.txt
  • Create an xml file with your Workflow settings. Save it at C:\MyWorkflow.xml

At the top of the file, declare the Person Object

<Lithnet.ResourceManagement.ConfigSync>

<Operations>

<!– Declare some Objects –>

<ResourceOperation operation=”None” resourceType=”ObjectTypeDescription” id=”Person”>

<AnchorAttributes>

<AnchorAttribute>Name</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”none” name=”Name”>Person</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create Attribute –>

<ResourceOperation operation=”Add Update” resourceType=”AttributeTypeDescription” id=”MyAttrib1″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”Name”>Attrib1</AttributeOperation>

<AttributeOperation operation=”replace” name=”DisplayName”>Attrib1</AttributeOperation>

<AttributeOperation operation=”replace” name=”DataType”>String</AttributeOperation>

<AttributeOperation operation=”replace” name=”Multivalued”>false</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

<ResourceOperation operation=”Add Update” resourceType=”AttributeTypeDescription” id=”MyAttrib2″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”Name”>AttribMultivaluedString</AttributeOperation>

<AttributeOperation operation=”replace” name=”DisplayName”> AttribMultivaluedString </AttributeOperation>

<AttributeOperation operation=”replace” name=”DataType”>String</AttributeOperation>

<AttributeOperation operation=”replace” name=”Multivalued”>True</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

<ResourceOperation operation=”Add Update” resourceType=”AttributeTypeDescription” id=”MyAttrib3″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”Name”>RefAttrib</AttributeOperation>

<AttributeOperation operation=”replace” name=”DisplayName”>RefAttrib</AttributeOperation>

<AttributeOperation operation=”replace” name=”DataType”>Reference</AttributeOperation>

<AttributeOperation operation=”replace” name=”Multivalued”>false</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

Create the bindings – Note that for BoundAttributeType I entered the ID name we used in the file not the name of the attribute, if you enter the attribute name it will fail

<ResourceOperation operation=”Add Update” resourceType=”BindingDescription” id=”MyBinding1″>

<AnchorAttributes>

<AnchorAttribute>BoundObjectType</AnchorAttribute>

<AnchorAttribute>BoundAttributeType</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”BoundObjectType” type=”xmlref”>Person</AttributeOperation>

<AttributeOperation operation=”replace” name=”BoundAttributeType” type=”xmlref”>MyAttrib1</AttributeOperation>

<AttributeOperation operation=”replace” name=”DisplayName”>My Binding test</AttributeOperation>

<AttributeOperation operation=”replace” name=”Required”>False</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create Filter Admin –>

<ResourceOperation operation=”Add Update” resourceType=”FilterScope” id=”myFilterScope”>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”DisplayName”>Administrator Filter Permission</AttributeOperation>

<AttributeOperation operation=”add” name=”AllowedAttributes” type=”xmlref”>myAttrib1</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create Email Template –>

<ResourceOperation operation=”Add Update” resourceType=”EmailTemplate” id=”EmailTemplate1″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”DisplayName”>My approval email template</AttributeOperation>

<AttributeOperation operation=”replace” name=”EmailTemplateType”>Notification</AttributeOperation>

<AttributeOperation operation=”replace” name=”EmailBody” type=”file”> C:\MyEmailTemplate.txt </AttributeOperation>

<AttributeOperation operation=”replace” name=”EmailSubject”>Your request regarding [//Target/DisplayName] has been Approved</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create Set –>

<ResourceOperation operation=”Add Update” resourceType=”Set” id=”mySet1″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”DisplayName”>mySet</AttributeOperation>

<AttributeOperation operation=”replace” name=”Description”>mySet</AttributeOperation>

<AttributeOperation operation=”replace” name=”Filter” type=”filter”>/Person[Attrib1 = ‘Yes’]</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create Workflow –>

<ResourceOperation operation=”Add Update” resourceType=”WorkflowDefinition” id=”MyWorkflow1″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”DisplayName”>MyWorkflow</AttributeOperation>

<AttributeOperation operation=”replace” name=”Description”>MyWorkflow</AttributeOperation>

<AttributeOperation operation=”replace” name=”XOML” type=”file”>C:\MyWorkflow.xml</AttributeOperation>

<AttributeOperation operation=”replace” name=”RequestPhase”>Action</AttributeOperation>

<AttributeOperation operation=”replace” name=”RunOnPolicyUpdate”>false</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create MPR –>

<ResourceOperation operation=”Add Update” resourceType=”ManagementPolicyRule” id=”myMPR1″>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”DisplayName”>MyMPR</AttributeOperation>

<AttributeOperation operation=”replace” name=”Description”>MyMPR</AttributeOperation>

<AttributeOperation operation=”replace” name=”ActionParameter”>*</AttributeOperation>

<AttributeOperation operation=”replace” name=”ActionType”>TransitionIn</AttributeOperation>

<AttributeOperation operation=”replace” name=”ActionWorkflowDefinition” type=”xmlref”>myWorkflow1</AttributeOperation>

<AttributeOperation operation=”replace” name=”Disabled”>false</AttributeOperation>

<AttributeOperation operation=”replace” name=”GrantRight”>false</AttributeOperation>

<AttributeOperation operation=”replace” name=”ManagementPolicyRuleType”>SetTransition</AttributeOperation>

<AttributeOperation operation=”replace” name=”ResourceFinalSet” type=”xmlref”>mySet1</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

<!– Create Rights MPR –>

<ResourceOperation operation=”Add Update” resourceType=”ManagementPolicyRule” id=”myRightsMPR”>

<AnchorAttributes>

<AnchorAttribute>DisplayName</AnchorAttribute>

</AnchorAttributes>

<AttributeOperations>

<AttributeOperation operation=”replace” name=”DisplayName”>myRights MPR</AttributeOperation>

<AttributeOperation operation=”replace” name=”Description”>MyRightsMPR</AttributeOperation>

<AttributeOperation operation=”add” name=”ActionParameter”>AttribMultivaluedString</AttributeOperation>

<AttributeOperation operation=”add” name=”ActionParameter”>Attrib1</AttributeOperation>

<AttributeOperation operation=”replace” name=”ManagementPolicyRuleType”>Request</AttributeOperation>

<AttributeOperation operation=”replace” name=”Disabled”>false</AttributeOperation>

<AttributeOperation operation=”replace” name=”GrantRight”>true</AttributeOperation>

<AttributeOperation operation=”replace” name=”PrincipalSetRelativeToResource” type=”ref”>ObjectID</AttributeOperation>

<AttributeOperation operation=”replace” name=”ResourceCurrentSet” type=”xmlref”>AllPeople</AttributeOperation>

<AttributeOperation operation=”replace” name=”ResourceFinalSet” type=”xmlref”>AllPeople</AttributeOperation>

<AttributeOperation operation=”add” name=”ActionType”>Create</AttributeOperation>

<AttributeOperation operation=”add” name=”ActionType”>Delete</AttributeOperation>

<AttributeOperation operation=”add” name=”ActionType”>Modify</AttributeOperation>

<AttributeOperation operation=”add” name=”ActionType”>Read</AttributeOperation>

</AttributeOperations>

</ResourceOperation>

 

Bottom of the file

</Operations>

</Lithnet.ResourceManagement.ConfigSync>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s