Some FIM really REALLY annoys me, mostly when I come up against odd and unexpected limitations, but then I write a quick little PowerShell script to fix something or other and remember that this is really one of the best differentiators of the product. This quick fix came about because I realised that the group filters did not consistently use EmployeeStatus as a criterion, and with hundreds and hundreds of groups, there’s no way they could have been fixed manually.
. E:\scripts\FIMPowershell.ps1 #See http://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx $filter = "/Group" $objs = Export-FIMConfig -OnlyBaseResources -CustomConfig $filter foreach ($obj in $objs) { $grpfilter = ($obj.ResourceManagementObject.ResourceManagementAttributes | where {$_.AttributeName -eq "Filter"}).Value $DisplayName = ($obj.ResourceManagementObject.ResourceManagementAttributes | where {$_.AttributeName -eq "DisplayName"}).Value $DisplayName if ($grpfilter) { if ($grpfilter.contains("EmployeeStatus = 'Active'")) { "Skip" } elseif ($grpfilter.contains("not(EmployeeStatus = 'Inactive')")) { "Change Inactive to Active" $grpfilter = $grpfilter.Replace("not(EmployeeStatus = 'Inactive')","EmployeeStatus = 'Active'") $ImportObject = ModifyImportObject -TargetIdentifier $obj.ResourceManagementObject.ObjectIdentifier -ObjectType "Group" SetSingleValue $ImportObject "Filter" $grpfilter $ImportObject | import-fimconfig } else { "Add filter" $grpfilter = $grpfilter.Replace("]</Filter>"," and (EmployeeStatus = 'Active')]</Filter>") $ImportObject = ModifyImportObject -TargetIdentifier $obj.ResourceManagementObject.ObjectIdentifier -ObjectType "Group" SetSingleValue $ImportObject "Filter" $grpfilter $ImportObject | import-fimconfig } } }
Nice script as always Carol, i’ve done this also shortly, have to create a Set,MPR combinition for Team Admins, this where around 150 Sets/MPRs, no one wants to click this through the Portal.
And by the way thanks for all the other posts which helped me a lot to get were I am now.
Thanks for your nice comment Peter. I’ve done lots of automated creation of Sets and MPRs, and even Workflows (using XOML templates). You can even combine with the PowerShell activity to trigger these actions from changes in the Portal – works well!