You first real “FIM” script (Part 2)

  • Article

As you will see very soon, the logic is the same for all type of FIM objects : attributes, bindings, MPRs, workflows, sets.. So for this article, I decided to show you what we usually do in the beginning of a project: modify the FIM schema.

Changing the schema means that for a specific object in FIM (let’s say a USER) we want to add a new property. In FIM you need to do 2 things via the Portal to reach that goal (Administrators section) : First you need to create the attribute itself (and provide properties such as name, type (text, integer), etc). Second, you need to create a “binding” that will link an object (user) with the attribute (for example a Social Security Number)..

This is very intuitive, but it takes around 3 mn to do it via FIM portal.. but what about 3 seconds with a script ?

Note : Remember, in the beginning of our script we need to load the Scripting module (check previous article for details).

Now that the fantastic functions created by Craig are loaded ready to be used… and we will use the “New-FimImportObject” function, used to create an object in FIM. Here is the code used to create the attribute:

image

For a second, forget about the code itself, and suppose you don’t know PowerShell (and don’t want to). Copy this code, paste it in your own script… just change the value of the variable “$Thename” with the name of the object you want to create. You remember what I said before: you should be able to create script without knowing PowerShell, just copy and paste !!

But of course you want to understand the logic.. so let’s review the code. You can even read it like a standard text: The “NEW-FimImportObject” function will create an “object where type” is “AttributeTypeDescription” (this is how FIM calls an attribute object). We will not only create object, but also “change” (modify) it since we will provide some properties to that objects.

The properties here are of course Displayname, Description .. etc.

Using variables ($Thename and $TheDescription) rather than hard coding the values in the function just make copy and paste easier.

So now congratulation, you know how to script FIM with PowerShell in order to create an attribute.

But now we need to do the binding with the “USER” object. Don’t you think you speak now FIM Scripting fluently?

So tell me now with the binding code below what is the difference with the previous code? :

image

You are right… all is the same except:

· We create an object where type is BindingDescription

· Variables follow the same logic

· But look at the “Bound*” variables. This way of coding says to the function that we want in fact to provide reference of an object, and we want FIM to find this object for us. So we give the criteria to search this object:

o Search an “object” where “type is AttributeTypeDescription” (the attribute that we have just created before). Because we have a lot of attributes in FIM of this type, we provide another criteria in order to have FIM to search and find the good … and this criteria is “DisplayName= $TheName”.

o The same thing appends with the next line, where we provide the second part of the binding, which is the type of object we want to link our attribute.

As you understand, when you create a binding you need to specify a property named “BoundAttributeType” which reference the new attribute created, and “BoundObjectType” which reference the object we want to add this attribute. Now “USER” has a new property !

So as you can see it is not that hard to code in FIM. Let’s see some more advanced scenarios in the next article.