Getting Started with the Quest FIM PowerShell Cmdlets
Getting Started
Quest recently posted a PowerShell Snap-In to CodePlex containing some cool PowerShell Cmdlets for FIM, including:
New-FimSession New-FimResource Get-FimResource Set-FimResource Remove-FimResource
So? In using the Cmdlets shipped with FIM you come to notice they are highly tailored to configuration migration. Sure they can be used in lots of other interesting ways as illustrated in this forum's ScriptBox but the cmdlets from Quest a just
a little easier to use.
Below is a quick walkthrough for getting started with the Quest Cmdlets:
Download the source files from
http://fimpscmdlets.codeplex.com/releases/view/44432 To register the DLL, run InstallUtil.exe (be sure to use the correct version for your processor architecture!):
D:\Scratch\FimPsCmdlets>C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe Quest.FIMPowerShellSnapin.dll
To see if the DLL was installed, run "get-PSSnapin -registered" in PowerShell
get-PSSnapin -registered
Run "Add-PSSnapin Quest.FIMPowershellSnapin"
Add-PSSnapin Quest.FIMPowershellSnapin
Create a new FIM Session:
$fimSession = New-FIMSession -Credential (Get-Credential) -Server localhost
Create a new Person:
New-FIMResource -Type "Person" -Session $fimSession -Attributes @{"DisplayName"="Thomas Anderson"; "AccountName"="neo"}
Get the new Person back
$user = Get-FIMResource -Filter "/Person[DisplayName='Thomas Anderson']" -Session $fimSession
Set some attributes on the Person:
$user.SetValue("City", "Leipzig")
$user.SetValue("Country", "Germany")
Set-FIMResource -Instance $user -Session $fimSession
CraigMartin Edgile, Inc. http://identitytrench.com
May 6th, 2010 7:47pm
Thanks a lot for putting this together, Craig.
This is very helpful!
Link to the related post.
Cheers,
MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2010 8:00pm
While executing step 7, getting following error. Am I missing something?
$user = Get-FIMResource -Filter "/Person[DisplayName='XYZ']" -Session $fimSession
Get-FIMResource : The token provider cannot get tokens for target 'http://localhost:5725/ResourceManagementService/Enumeration'.
At line:1 char:24
+ $user = Get-FIMResource <<<< -Filter "/Person[DisplayName='XYZ']" -Session $fimSession
+ CategoryInfo : NotSpecified: (:) [Get-FIMResource], SecurityNegotiationException
+ FullyQualifiedErrorId : System.ServiceModel.Security.SecurityNegotiationException,Quest.FIMPowerShellSnapin.GetFIMResource
Thanks
Sachin
August 31st, 2010 8:43am
Craig
Great info on how to get the Quest PS tools working.
However I have come up against an issue I wondered if you had as well when testing.
With my execution policy in PS set to unrestricted I get this warning when importing the Snapins
Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your
computer. Do you want to run C:\FIMPSCmdlets-0.1\quest.fimpowershellsnapin.Types.ps1xml?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"):
If I set the execution policy to remote-signed then they will not load as their is no signing on the snapin.
Any idea in how I canget this to load automatically so that I can include the snapins in a script?
thanks
Andy
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2011 7:53am
Here is some explanation regarding PS policies: http://setspn.blogspot.com/2011/05/running-powershell-scripts-from-unc.html You could run the script with -bypasshttp://setspn.blogspot.com
June 7th, 2011 10:30am
Is this code still being maintained / developed? I find it to be exceptionally useful to perform bulk modifications / loads for FIM. I also find it to be easier to use then the FIMAutomation cmdlets.
The only release I see is the one in "Alpha" stage on
Apr 28 2010.I have made a few modifications to the code, that might seem useful to others, such as:
GetFIMResource class - retrieve all schema attributes of the Root ResourceType in the filter (or Resource by default)FIMPSClient class - option to use the NetworkCredential of the user running the code/cmdlets without having to specify a PSCredential
Wondering what the road map for this code will be with "FIM 2010 R2" and beyond... :)
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2012 11:16am
The code is a great example of wrapping an existing client to product PowerShell cmdlets, but I do not think it enjoys a steady stream of updates.
The PowerShell Snap-In that ships with FIM 2010 is still incredibly useful for FIM CRUD. A mode that wraps the FimAutomation PowerShell was just released on CodePlex. You might give that try.
http://fimpowershellmodule.codeplex.com
CraigMartin Edgile, Inc. http://identitytrench.com
May 8th, 2012 2:38am