There’s an ongoing problem with maintaining a system that has all the configuration possibilities of FIM. Documentation is usually out of date the moment it’s written and it’s a cumbersome way to try and understand a system anyway. One thing that can at least make your Policy configuration a bit easier to understand is to be able to see which MPRs use which Sets and Workflows. Now I know you can see this info if you look at the MPR object – but what if I’m looking at a Set or Workflow? How do I quickly see which MPRs are using that object, and thereby assess its purpose?
Searching is cumbersome and I’ll have to specify multiple possible MPR attributes. It’s also no good if I want to review a number of Sets or Workflows at once.
So what I decided to do was write a script which updates Set and Workflow objects with a list of the MPRs using them. I started out with the Description field but quickly ran up against the length limit, so instead I created a new unindexed string attribute called “ReferringMPRs”, which I bound to both the Set and WorkflowDefinition object types. I’ve added this attribute to the Search Scope definitions so it’s easy to see:
Next I wrote a script which I schedule to run once a week. It updates the ReferringMPRs attribute on each Set and WorkflowDefinition with the list of MPRs referencing it. Note I don’t differentiate on where the MPR is using the object – ie I don’t care which phase the Workflow runs in, or which role the Set is performing. When trying to figure out what a Set or Workflow is used for I often won’t need this level of detail – it’s enough to know that the MPR is using it somehow. You are of course welcome to take the script and modify it if you think it should do more.
On a suggestion from my colleague Pete Wass I added an extra function to the script. If you feed it a folder name it will create a datestamped report in that folder if it finds differences in the list of referring MPRs.
You can grab a copy of the script from the FIM Team Scripts site.