Note: If you’re looking for a ready-made PowerShell activity then go to http:\/\/fimpowershellwf.codeplex.com\/<\/a>.<\/p><\/blockquote>\n I will start by saying that I’m sharing this as an example <\/em>and not as supported code. Please do take the time to understand it and modify it as appropriate to your environment. While I do have a production application for this coming up soon I have so far only used it in the lab and may well need to work on it more. This post will remain the place for information about the activity and I will update here if something changes.<\/p>\n If you’re planning on using Remote Powershell then, unless you have WIndows 2008R2 on both the FIM server and the remote server, you will need to make sure the prerequsites are in place. See the Enabling Remote Powershell<\/strong> section in this post<\/a>.<\/p>\n I’ve managed to get the activity using lookup strings like [\/\/Target\/Email]. At the moment I only support \/\/Target and \/\/Requestor. I haven’t yet worked out how to do a nice string concatenator with a lookup button like you see on the OOB activities so you have to type the strings yourself.<\/p>\n For local powershell it is assumed that the FIM Service account has the rights to run the cmdlet\/script. If you need to use a different account then I recommend using a script along with a secure password\u00c2\u00a0file<\/a> to inject the credential.<\/p>\n For remote powershell you also need to fill in the name of the remote server, and the username and password to use when connecting. The remote script will run within the environment of this connection account.<\/p>\n There are a number of points to be aware of when using this activity for remote powershell:<\/p>\n Errors should be reported as a PostProcessingError in the Search Request page of the FIM Portal. In some cases I write extra information to the event log.<\/p>\n I originally had a field to enter a powershell plugin that should be loaded before running the command. I took it out because I figured that would be better done in a script, but the code is still in there commented out if you want to put it back in.<\/p>\n You need to take some care with the powershell scripts you write to go with this activity. First, see the comments the Remote Powershell section above for cmdlets I know should be avoided.<\/p>\n The activity will return the last<\/em> error thrown by the script so it’s a good idea to make the script stop on the first fatal error it encounters. Setting $ErrorActionPreference = “stop” is a start.<\/p>\n Also my code only understands parameters if they have a “-” at the front, like with normal powershel cmdlets. This means you must use PARAM<\/em> when defining script arguments. If you use ARG it won’t work.<\/p>\n See below for a sample test script.<\/p>\n You are going to have to compile the project into the GAC\u00c2\u00a0yourself and then add the AIC in the FIM Portal. See here<\/a> for a walkthrough.<\/p>\n If you don’t re-sign the project or change any names\u00c2\u00a0then the AIC settings are as follows:<\/p>\n Once you’ve installed the activity, and restarted IIS,\u00c2\u00a0you should be able to access it from the Workflow builder. More explanation about how to fill in the form is higher up in this post.<\/p>\n I made a set based on an attribute, then two MPRs on “Transition In” and “Transition Out” of the set. Then it was\u00c2\u00a0simple matter of toggling the appropriate attribute on a user so it transitioned in and out of the set.<\/p>\n Here’s a test script I’ve been using. You can see the way I call it in the Remote Powershell picture above. If you run it locally the FIM Service account will need rights to modfy user accounts in AD.<\/p>\n Here’s the whole solution. I added this activity on to my existing LoggingLibrary solution so you’ll find both here.<\/p>\nGeneral Provisos<\/h3>\n
Server Setup<\/h3>\n
About the Activity<\/h2>\n
Lookup Strings<\/h3>\n
![\"\"](\"https:\/\/www.wapshere.com\/images\/customwf\/ps_lookupstrings.JPG\")
<\/p>\nUsing the Activity with Local Powershell<\/h3>\n
![\"\"](\"https:\/\/www.wapshere.com\/images\/customwf\/ps_local.JPG\")
<\/p>\nUsing the Activity with Remote Powershell<\/h3>\n
![\"\"](\"https:\/\/www.wapshere.com\/images\/customwf\/ps_remote.JPG\")
<\/p>\n\n
Error Reporting<\/h3>\n
![\"\"](\"https:\/\/www.wapshere.com\/images\/customwf\/ps_error.JPG\")
<\/p>\nPlugins<\/h3>\n
Writing a suitable powershell script<\/h3>\n
Installing<\/h2>\n
\n\n
\n Activity Name<\/td>\n FIM.CustomWorkflowActivitiesLibrary.Activities.PowershellActivity<\/td>\n<\/tr>\n \n Assembly Name<\/td>\n FIM.CustomWorkflowActivitiesLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f36c0cc61ccb2b4f<\/td>\n<\/tr>\n \n Is Action Activity<\/td>\n yes<\/td>\n<\/tr>\n \n Type Name<\/td>\n FIM.CustomWorkflowActivitiesLibrary.Activities.WebUIs.PowershellActivitySettingsPart<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Testing<\/h2>\n
Make a Workflow<\/h3>\n
![\"\"](\"https:\/\/www.wapshere.com\/images\/customwf\/ps_wfactivity.JPG\")
<\/p>\nCreate MPRs and Sets to trigger the Workflow<\/h3>\n
Test Powershell Script<\/h3>\n
Param($username, $modifier)\r\n\r\n$ErrorActionPreference = \"stop\"\r\n\r\nif ($username -eq \"\") {throw \"Username parameter must be provided.\"}\r\nif ($modifier -eq \"\") {throw \"Modifier parameter must be provided.\"}\r\n\r\n$objDomain = New-Object System.DirectoryServices.DirectoryEntry\r\n$objSearcher = New-Object System.DirectoryServices.DirectorySearcher\r\n$objSearcher.SearchRoot = \"LDAP:\/\/mydomain.local\"\r\n$objSearcher.PageSize = 1000\r\n$objSearcher.Filter = \"(&(objectClass=user)(sAMAccountName= $username))\"\r\n$objSearcher.SearchScope = \"Subtree\"\r\n\r\n$user = $objSearcher.findone()\r\nif ($user.count -eq 0)\r\n\t{throw \"No user found with username=\" + $username}\r\n\r\n$userDN = $user.path\r\n\r\n$user = [ADSI]$userDN\r\n\r\n$user.Put(\"extensionAttribute1\",$modifier)\r\n$user.SetInfo()<\/pre>\nAnd finally, the code<\/h3>\n