Summary The objective of this script is to create a user in the FIM portal.The script expects the attributes of the new user as parameter with the following format: "<attribute name>:<attribute value>|<attribute name>:<attribute value>"Usage: .\fimusercreate "DisplayName:Britta Simon|FirstName:Britta|LastName:Simon" #---------------------------------------------------------------------------------------------------------- set-variable -name URI -value "http://localhost:5725/resourcemanagementservice' " -option constant #---------------------------------------------------------------------------------------------------------- function SetAttribute { PARAM($object, $attributeName, $attributeValue) END { $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange $importChange.Operation = 1 $importChange.AttributeName = $attributeName $importChange.AttributeValue = $attributeValue $importChange.FullyResolved = 1 $importChange.Locale = "Invariant" if ($object.Changes -eq $null) {$object.Changes = (,$importChange)} else {$object.Changes += $importChange} } } #---------------------------------------------------------------------------------------------------------- function CreateObject { PARAM($objectType) END { $newObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject $newObject.ObjectType = $objectType $newObject.SourceObjectIdentifier = [System.Guid]::NewGuid().ToString() $newObject } } #---------------------------------------------------------------------------------------------------------- if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation} clear-host if($args.count -ne 1) {throw "You need to specify your attribute values as parameter"} $attributes = ($args[0]).split("|") if(0 -ne [String]::Compare(($attributes[0]).split(":")[0],"displayname", $true)) {throw "You need to specify a display name"} $objectName = ($attributes[0]).split(":")[1] $exportObject = export-fimconfig -uri $URI ` –onlyBaseResources ` -customconfig "/Person[DisplayName='$objectName']" if($exportObject) {throw "L:User $objectName already exists"} $newUser = CreateObject -objectType "Person" foreach($attribute in $attributes) { $attrData = $attribute.split(":") SetAttribute -object $newUser ` -attributeName $($attrData[0]) ` -attributeValue $($attrData[1]) } $newUser | Import-FIMConfig -uri $URI write-host "`nUser created successfully`n" #---------------------------------------------------------------------------------------------------------- trap { $exMessage = $_.Exception.Message if($exMessage.StartsWith("L:")) {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue} else {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred} Exit } #---------------------------------------------------------------------------------------------------------- Go to the FIM ScriptBox Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus, this is awesome. Have you ever tried to set the "ExpirationTime" attribute? I am having trouble with this. Brad posted this but it doesnt really apply to a powershell script. http://www.identitychaos.com/2010/01/fim-2010-contributing-datetime-values.html Thanks in advanced for your time!

Sorry, hit send too soon. here is the code snipet switch ($attrData[0]) { "ExpirationTime" { ##$attrData[1] = [datetime]::parseexact("2010-05-30T07:00:00.000", "yyyy-MM-dd", $null) $attrData[1] = [datetime]::ParseExact("2010-05-30T07:00:00.000", "yyyy-MM-ddTHH:mm:ss.fff", $null) write-host $attrData[1] ## exit ## $attrData[1] = [datetime]::ParseExact("2010-05-30T07:00:00.000", "yyyy-MM-ddTHH:mm:ss.fff", $provider) } } This is the output 05/30/2010 07:00:00 This is the error Import-FIMConfig : Failure when making web service call. SourceObjectID = 24fc4f68-4a13-45b4-86d4-52c4764a512c Error = System.InvalidOperationException: Operation is not valid due to the current state of the object. at Microsoft.ResourceManagement.WebServices.Client.Attribute.FormatFragmentValue(AttributeDefinition attributeDefinition, LocaleAwareClientHelper localePreferences, Ob ject value) at Microsoft.ResourceManagement.WebServices.Client.SelectableAttribute.ToFragment(LocaleAwareClientHelper localePreferences, Object value) at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource() at Microsoft.ResourceManagement.WebServices.ResourceManager.CreateResource() at Microsoft.ResourceManagement.Automation.ImportConfig.Create(String objectType, List`1 changeList) at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing() At D:\Scripts\CU.ps1:135 char:30 + $newUser | Import-FIMConfig <<<< -uri $URI -credential $creds + CategoryInfo : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig Thanks again!

This has been answered here. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus, what's the performance like on this? Do you have any numbers? Even if they're a rough guide. I'm pumping stuff into FIM via the Resource Management Client (http://fim2010client.codeplex.com/) but it's slow (more than 2 seconds to create an entity) soI'm wondering about your script as an alternative. To be fair to the RMC, I'm sure the bottle-neck is either FIM web-services or SQL Server. I've yet to do some profiling on it.

Thanks for the post Markus, some questions regarding this: 1. If am running this code from a separate web page (lets say a sharepoint portal), and am using impersonation, are the requests logged and audited as if we are using FIM portal. 2. If I have workflows defined, do these workflows run in this case? MM

Absolutely yes to both questions Marie. That's 100% the intention ... it should never make any difference which method is used because they ultimately all go through the same "pipes".Bob Bradley, www.unifysolutions.net (FIMBob?)