Summary When you troubleshoot access problems, it might be helpful to review whether denied requests exits on your system. The objective of this script is to display them. #---------------------------------------------------------------------------------------------------------- Function GetReferenceValue { Param($ObjectId) End { If($ObjectId.Length -eq 0) {Return ""} If($ObjectId.StartsWith("urn:uuid:") -eq $true) {$ObjectId = ($ObjectId.split(":"))[2]} $exportObject = export-fimconfig -uri "http://localhost:5725/resourcemanagementservice" ` -customconfig ("/*[ObjectID='$ObjectId']") ` -onlyBaseResources ` -ErrorVariable Err ` -ErrorAction SilentlyContinue If($Err){Throw $Err} If($exportObject -eq $null) {Return ""} Return ($ExportObject.ResourceManagementObject.ResourceManagementAttributes | ` Where-Object {$_.AttributeName -eq "DisplayName"}).Value } } #---------------------------------------------------------------------------------------------------------- Function GetAttribute { Param($ExportObject, $AttributeName) End { $attributeValue = ($ExportObject.ResourceManagementObject.ResourceManagementAttributes | ` Where-Object {$_.AttributeName -eq $AttributeName}).Value If($attributeValue -eq $null) {$attributeValue = ""} Return $attributeValue } } #---------------------------------------------------------------------------------------------------------- If(@(Get-PSSnapin | Where-Object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {Add-PSSnapin FIMAutomation} $dataList = @() $exportObjects = export-fimconfig -uri "http://localhost:5725/resourcemanagementservice" ` -customconfig ("/Request[RequestStatus = 'Denied']") ` -onlyBaseResources ` -ErrorVariable Err ` -ErrorAction SilentlyContinue If($Err){Throw $Err} If($exportObjects -eq $null) { Write-Host "No matching requests found" Exit 0 } $exportObjects | Where-Object {$_.ResourceManagementObject.ObjectType -eq "Request"} | ForEach{ $newRecord = new-object psobject $attrValue = GetAttribute -ExportObject $_ -AttributeName "DisplayName" $newRecord | add-member noteproperty "DisplayName" $attrValue $attrValue = GetAttribute -ExportObject $_ -AttributeName "CreatedTime" $newRecord | add-member noteproperty "Date-Submitted" $attrValue $refAttr = GetAttribute -ExportObject $_ -AttributeName "Creator" $refVal = GetReferenceValue -ObjectId $refAttr $newRecord | add-member noteproperty "Originator" $refVal $attrValue = GetAttribute -ExportObject $_ -AttributeName "Operation" $newRecord | add-member noteproperty "Operation" $attrValue $attrValue = GetAttribute -ExportObject $_ -AttributeName "TargetObjectType" $newRecord | add-member noteproperty "Target-Resource-Type" $attrValue $refAttr = GetAttribute -ExportObject $_ -AttributeName "Target" $refVal = GetReferenceValue -ObjectId $refAttr $newRecord | add-member noteproperty "Target-Resource" $refVal $dataList += $newRecord } #---------------------------------------------------------------------------------------------------------- Clear-Host Write-Host "Denied Requests" Write-Host "===============" $dataList | Format-List Write-Host "Command completed successfully`n" #---------------------------------------------------------------------------------------------------------- Trap { Write-Host "`nError: $($_.Exception.Message)`n" -foregroundcolor white -backgroundcolor darkred Exit 1 } #---------------------------------------------------------------------------------------------------------- Go to the FIM ScriptBox Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation