JefTek created a niche hybrid tool that tackles a few pieces of the sync and service puzzle in a way that none of the others do. One noteable one for sync: Get and Export MIM Deltas to CSV (based on a drop file either stop and drop or the audit log dropped during the export It is great for setting up SharePoint and the Kerberos authentication to it. While it doesn’t do all that IS4U-FIM-PowerShell (see my review), does or Lithnext resourcemanagement-powershell or Lithnet-miis-powershell (see my review), or even the he FIM PowerShell Module (see my review), it fills a small niche that none of the rest of them do.
Gil Kirkpatrick (a great guy, fellow MVP, who has taught me a lot over the years) created one of the very first, if not the first, PowerShell commandlets libraries to manage FIM/MIM service. It hasn’t had any activity in years, but it served as a great example to get others going. If you like this simple approach you could check out Adam Weigert’s PowerShell for FIM 2010 (see my review).
Wim Beck’s IS4U-FIM-PowerShell is a great example of open source, in that he has built on top of the FIM PowerShell Module (see my review). This is what Open Source is about, building upon each other’s contributions to make great stuff! When I looked at it in Dec 2016 I almost dismissed it since it lacked a wiki, but since then Wim has added a lot of pages. They still lack examples, I plan on pitching in to help out with that by adding some examples to my fork and then asking Wim to pull it in.
Ryan Newington’s Lithnet consists of several items: miis-powershell resourcemanagement-powershell resourcemanagement-webservice googleapps-managementagent acma “Codeless business rules engine for FIM/MIM” umare “Codeless data transform engine for FIM/MIM” I will only review the items I know Managing Sync miis-powershell is amazing it can almost everything you can do through the UI. For example, Clear-FullSyncWarning and it has a great wiki.
PowerShell for FIM 2010 by Adam Weigert consists of three parts but I further break the last into two: Management Agent(MA) and MetaVerse (MV) Extensions that let you run PowerShell scripts as your extensions A Workflow Activity A PowerShell module Managing Sync Managing Service Management Agent(MA) and MetaVerse (MV) Extensions The work done to enable you to write PowerShell scripts to be MA and MV extensions is crazy brilliant.
The FIM PowerShell Module (started by Craig Martin and now updated most frequently by Brian Desmond) is a great set of commandlets that help you to automate Interactions with FIM Service and FIM Sync Service. Managing Sync This library is great for automating tests. This library and Ryan Newington’s Lithnet-Miis-PowerShell (see my review on LithNet) are very complimentary. You can retrieve CS Objects, Run History, start an MA. I found that the most interesting Sync related Cmdlets are the
Import-Module ActiveDirectory Write-Host “Tuple Index Enabled Attributes” Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext) -SearchScope OneLevel -LDAPFilter “(searchFlags:1.2.840.113522.214.171.1243:=32)” -Property objectClass, name, whenChanged, whenCreated, LDAPDisplayNAme | Out-GridView Write-Host “ANR Enabled Attributes” Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext) -SearchScope OneLevel -LDAPFilter “(searchFlags:1.2.840.1135126.96.36.1993:=4)” -Property objectClass, name, whenChanged, whenCreated, LDAPDisplayNAme | Out-GridView Write-Host “Indexed Enabled Attributes” Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext) -SearchScope OneLevel -LDAPFilter “(searchFlags:1.2.840.1135188.8.131.523:=1)” -Property objectClass, name, whenChanged, whenCreated, LDAPDisplayNAme | Out-GridView The above script is something I use to quickly look and see what is indexed in an AD environment
Unfortunately, my Independence day is not free – I am working. Just so happens I need to report on when computer objects are getting migrated to a new AD forest. Day 1 4 Day 2 30 Day 3 25 etc. Now I could have taken the data and imported it into SQL and then busted out some awesome queries in no time flat. But my buddy Craig Martin, keeps insisting how awesome this PowerShell stuff is.
It’s very good post! Congratulations! I really enj… Unknown - Jul 4, 2013It’s very good post! Congratulations! I really enjoyed to reading your blog. Thanks for share all this information. I’m looking forward your next post
A while back I needed to set up Property Sets in AD LDS for granting of permissions to many of the attributes on the person object all at once, as I reviewed the Technet documentation on AD Property Sets I realized that it doesn’t tell you what object type property sets are, nor does it tell you how to create a property set, nor does it tell you how to assign an attribute to a property set.