Sunday, September 30, 2012

Easily save FIM Synchronization Service configuration

I like to save the configuration of the FIM Synchronization Service from time to time; whether it is before patching, to move the configuration to a test/production environment or for any other reason.

For that purpose, I've created a script that will help get the configuration exported quickly and easily. I do love Powershell, so the script is of course written in Powershell and makes use of some out-of-the-box CLI tools like srvexport.exe and maexport.exe (the path for these utilities are hardcoded in the script, so you may want to change these if your installation doesn't use the default installation path for FIM Synchronization Service).

You can download the script here

The script does not export the encryption key, so remember to do that as needed.

1 comment:

Unknown said...

Expanded script to backup the extensions and keyset.

PARAM
(
$DestinationFolder = "D:\FIMBackup",
)

$DestFolder = Join-Path $DestinationFolder $(Get-Date -uf "%m-%d-%Y")

$SrvExportFolder = Join-Path $DestFolder "SrvExport"
$MaExportFolder = Join-Path $DestFolder "MAs"
$ExtensionsFolder = Join-Path $DestFolder "Extensions"
$KeysetFolder = Join-Path $DestFolder "Keyset"

New-Item -Type Directory $SrvExportFolder -Force -ErrorAction SilentlyContinue
New-Item -Type Directory $MaExportFolder -Force -ErrorAction SilentlyContinue
New-Item -Type Directory $ExtensionsFolder -Force -ErrorAction SilentlyContinue
New-Item -Type Directory $KeysetFolder -Force -ErrorAction SilentlyContinue

$MAs = Get-WmiObject -Class Miis_ManagementAgent -Namespace root\MicrosoftIdentityIntegrationServer | ForEach-Object { $_.Name }
$MAs | foreach `
{
Write-Debug "Exporting Management Agent '$MA'"
."D:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\maexport.exe" $_ $MaExportFolder\$_.XML
}

Write-Debug "Export server configuration"
."D:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\svrexport.exe" $SrvExportFolder /v

Write-Debug "Copy rules extensions"
Copy-Item "D:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\*" $ExtensionsFolder

Write-Debug "Export the key set"
$filename = $KeysetFolder + "\keyset.bin"
$username = ""
$password = ""
& "D:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiskmu.exe" /e $filename /u:$username $password /q