The power of scripting with Forefront Identity Manger (Part 1)

Introduction

The FIM Portal is the web interface used by administrators (and users) to create all kind of configuration in Forefront Identity Manager.

FIM contains objects such as MPRs (Management Policy Rules), Sets, Workflows, email templates, etc. When you implement FIM, you need to teach FIM WHEN it is supposed to start a process, and also WHAT to do, I mean here a list of tasks to execute in order to automate from A to Z this process. As a good example “when a user arrive in the company” (the WHEN) “(Task 1) create an account in AD (Task 2) Create his mailbox on exchange (Task 3) send him a welcome email (Task 4) create a SharePoint site”, etc

All this configuration is set in FIM via the FIM portal, in the Administrator Section that you can see below

image

Of course, the web portal is “the” application to configure FIM, but I think it is important to know that you can also do exactly the same in command line, using PowerShell scripts.

It may sound weird/geek to you, but once you understand how it works, no matter what is your job, it may save you a lot of time.

Suppose that you are a consultant. After X FIM projects you already have identified a lot of powerful/interesting configurations in FIM that you would like to propose to your customer “by default”. Of course you could write a Word document saying “1) Create an email template 2) Create a notification workflow that use this template 3) Create an MPR that calls this workflow.. etc” and then follow the instructions each time you implement FIM at customer site. The bad side of this approach is that the job may become boring, you will spend a lot of time clicking the FIM portal, and maybe you will mistype something that will make the process to fail. At the end you lose time and potentially lower the quality.

Here comes scripting. Why don’t you spend 2 minutes to create a script that will do all this job for you in just a few seconds?

This is why you should review these articles, and as you will see it is very , and do not require strong expertise in “PowerShell”.

 

Introducing the “FIM PowerShell Module”

Scripting FIM in PowerShell is in fact documented for years on Microsoft Technet Web Site. You can also find a lot of “sample” scripts on the internet (search “FIM Scriptbox”. But the problem is that you need to be a PowerShell developer, and I would say a bit experimented, in order to interact correctly with FIM.

A few months ago, Craig Martin (a FIM/Scripting Specialist) decided to create functions that will make FIM/PowerShell script easier. At the same time I was leading a project to propose an implementation offer where we could do in 10 days what normally takes 50. So we started to collaborate and finally reached that goal.

These functions are regrouped in a “module” (a file with PSM1 extension) that you just need to load in your own PowerShell script. Once loaded, you can use the power of these functions.

As a feedback to you, using these functions automates now 90% of my job when I am facing a customer. I usually show the customer how to create something (for example create an MPR) manually via the portal, focus on the “transfer of expertise”, and then load all the remaining configuration (usually I build the script before the POC, based on customer RFP/RFI) via a script, in just a few seconds. Most of the time customers are impressed by this approach.

The Powershell module is available for download (FREE) on this web site: https://fimpowershellmodule.codeplex.com/. First of all, you need to download it and spend some times on this web site. Always interesting to see what the Author say about his baby.

Ready ? in the next articles I will show you how to use this module.