Tuesday, March 18, 2014

New version of PowerShell Management Agent

I'm pleased to announce that I've released a new version of my PowerShell MA.

This new version now supports two sets of credentials (both optional); the one set of credentials is passed to all the scripts (no change from earlier versions), however, the other set of credentials is used as the security context under which all scripts are run. This present you with some nice options for mixing and matching credentials to build scripts that work under the correct credentials.

Go and check out the new version here and download it here.

Also worth mentioning is that Microsoft released their version of a PowerShell Management Agent this week, so now you have the option to choose which one better suits your needs. You can check out Microsoft's PowerShell MA here.

I use my PowerShell MA a lot for all my engagements and I know a lot of installations are running my PowerShell MA, so I'm dedicated to keeping it alive. As always, I'm very open to suggestions for improving my PowerShell MA - and if you want to make a donation to help me help others, I would appreciate that very much.

I'm looking forward to hearing reactions and feedback from your experience with both versions.

Thank you.

Tuesday, March 11, 2014

The PowerShell MA generates another donation

It has been a while since I blogged due to a lot of FIM 2010 engagements and a lot going on in my personal life, such as selling my house, buying a new house and moving cross country. But I'm back.

As you may know, every year around Christmas, I like to make a donation to an organisation that helps people less fortunate. The amount donated varies from year to year, because it depends on the donations made to my software projects.

In 2013, I moved most of my software projects to CodePlex and therefore these projects have not generated donations. However, my PowerShell Management Agent for FIM2010 is still hosted here on my blog and it is still hugely popular. In 2013, it generated approximately USD $250 in donation (perhaps, you are one of the kind donators?) and I opted to double that amount in my company, Goverco.

This resulted in a donation of USD $500 to Dansk Folkehjælp (http://www.folkehjaelp.dk/) and that check, I hope, made Christmas just a little more enjoyable for some people less fortunate.

It is always a pleasure to help and I'm very greatful for any donations made through my blog. Every penny goes directly to helping others and I usually double the amount donated. My software is free, but I'd very much appreciate a donation big or small (every penny counts), if you download and use my software.

Thank you.

Wednesday, December 18, 2013

Updated the FIM2010 R2 Codeless Provisioning Framework

Lately, I found myself using my old codeless provisioning framework more and more to simplify the different FIM2010 R2 installations that I'm involved in.

The reason seems to always be that I can create some very simple rules that react to basic data generated either in datasource or through simple workflows done in the FIM Service. This keep my FIM setup fairly simple and without a lot of Synchronization Rules (SR's). I typically only have a few approval workflows but a lot of data manipulating workflows which allows me to present very clean data to the Synchronization Engine and make use of my own codeless provisioning framework. Lately, a few of my customers has also taken a like to this framework and find it very simple when adding additional MA's to their setup; and they are using now as a more flexible alternative to Scoped Synchronization Rules.

Anyways, enough ramblings - this blog entry was mostly to inform you that I released a new version of the FIM2010 R2 Codeless Provisioning Framework on CodePlex. I also updated the documentation to match the current release. One of the new features that I really missed in the older version was the ability to do conditional renames, i.e. when a user status changed to 'left' I wanted to move the user to a different OU without caring about provisioning. This is now possible with this release as you can have one or more 'rename' rules that are conditional.

Check out the new release on CodePlex and let me know what you think.

Happy Holidays.

Tuesday, November 19, 2013

MARunScheduler is now on CodePlex

I'm happy to announce that the MARunScheduler can now be found on CodePlex.

The MARunScheduler is a plug-in replacement for the old Microsoft's MASequencer which is used to automate the order in which management agents profiles are run. MARunScheduler uses input from an XML file, which contains information about the management agents to be sequenced.

You can read more about the project and get it at https://marunscheduler.codeplex.com/.


Wednesday, November 13, 2013

Can you trace the BHOLD Access Management Connector

Today I found myself playing with the BHOLD Access Management Connector for FIM 2010 R2. My earlier implementations have been without this connector so I haven't had much time to work with it.

I did, however, have some trouble getting my exports to go to BHOLD. I had followed the guide and done my provisioning properly (using my provisioning framework). Even so, I kept getting 'cd-error' errors on my exports. There was no information about the error to be found anywhere, so I decided to put on my gloves and accept the challenge.

I eventually found the problem by adding a new diagnostics listener for the BHOLD connector to miiserver.exe.config to be able to gather diagnostics from this Management Agent. I couldn't find any information on how to do this anywhere (probably just me), but after some serious peeking and poking around, I managed to construct a new source that worked -

<source name="Microsoft.AccessManagement.BHOLDConnector" switchValue="Verbose">
     <remove name='Default' />
     <add name="BHOLDAMCEventLogListener" type="System.Diagnostics.TextWriterTraceListener"  initializeData="c:\temp\BHOLD.log" />

After adding this to the <sources> section under <system.diagnostics> and restarting the FIMSynchronizationService, I started getting traces in the BHOLD.LOG file in my C:\Temp folder.

This tracelog led me on track as the log showed a SQL exception for an user INSERT statement. Turned out that I didn't have an export flow to the bholdDescription attribute for the users I was pushing to BHOLD; and the bholdDescription is apparently mandatory for users (can't find any documentation to support this, though).

Behold, success! Once an export flow for displayName ==> bholdDescription was added, all my users adds went through smoothly.