I’ve been having a bit of a play with the powershell interface to the FIM Portal. I wanted to pre-populate a demo environment with an interesting set of criteria-based Securoity and Distribution groups, but they get a bit tedious to create by hand, and I wanted to see if powershell was the answer.
I’m pretty pleased with the results. Both of the following scripts use a CSV to bulk-create the groups:
Create Security Groups based on Filters
Create Distribution Lists for Managers which contain all the people they manage
The scripts run pretty slowly, but it’s still quicker than creating the groups by hand.
If you want to have a go at a script like this (and you can’t find an example in the ever-growing FIM Scriptbox) then I suggest you create a sample object by hand and then inspect both the object’s Advanced Properites, and the Details of the Request object which created it, for an idea of which attribute to populate.
While developing the scripts I saw the following error far more times that I would have liked:
Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Policy prohibits the request from completing.
After messing around with MPRs it eventually became clear that this just meant I had populated an attribute incorrently, or missed one out, and was not about permissions at all.
Post a Comment