Add a filter to all Group criteria

Some FIM really REALLY annoys me, mostly when I come up against odd and unexpected limitations, but then I write a quick little PowerShell script to fix something or other and remember that this is really one of the best differentiators of the product. This quick fix came about because I realised that the group filters did not consistently use EmployeeStatus as a criterion, and with hundreds and hundreds of groups, there’s no way they could have been fixed manually.

. E:\scripts\FIMPowershell.ps1 #See http://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx

$filter = "/Group"
$objs = Export-FIMConfig -OnlyBaseResources -CustomConfig $filter

foreach ($obj in $objs)
{
    $grpfilter = ($obj.ResourceManagementObject.ResourceManagementAttributes | where {$_.AttributeName -eq "Filter"}).Value
    $DisplayName = ($obj.ResourceManagementObject.ResourceManagementAttributes | where {$_.AttributeName -eq "DisplayName"}).Value
    $DisplayName

    if ($grpfilter)
    {
        if ($grpfilter.contains("EmployeeStatus = 'Active'")) 
        {
            "Skip"
        }
        elseif ($grpfilter.contains("not(EmployeeStatus = 'Inactive')")) 
        {
            "Change Inactive to Active"
            $grpfilter = $grpfilter.Replace("not(EmployeeStatus = 'Inactive')","EmployeeStatus = 'Active'")
            $ImportObject = ModifyImportObject -TargetIdentifier $obj.ResourceManagementObject.ObjectIdentifier -ObjectType "Group"
            SetSingleValue $ImportObject "Filter" $grpfilter
            $ImportObject | import-fimconfig
        }
        else
        {
            "Add filter"
            $grpfilter = $grpfilter.Replace("]</Filter>"," and (EmployeeStatus = 'Active')]</Filter>")
            $ImportObject = ModifyImportObject -TargetIdentifier $obj.ResourceManagementObject.ObjectIdentifier -ObjectType "Group"
            SetSingleValue $ImportObject "Filter" $grpfilter
            $ImportObject | import-fimconfig
        }
    }
}

 

2 Replies to “Add a filter to all Group criteria”

  1. Nice script as always Carol, i’ve done this also shortly, have to create a Set,MPR combinition for Team Admins, this where around 150 Sets/MPRs, no one wants to click this through the Portal.

    And by the way thanks for all the other posts which helped me a lot to get were I am now.

  2. Thanks for your nice comment Peter. I’ve done lots of automated creation of Sets and MPRs, and even Workflows (using XOML templates). You can even combine with the PowerShell activity to trigger these actions from changes in the Portal – works well!

Leave a Reply

Your email address will not be published. Required fields are marked *


*