Using Powershell Script to delete all Expected Rule Entry and all Detected Rule Entry
Summary Hi... I posted a question in FIM2010 Forum... The question was about FIM2010 Database cleanup... CarolW has answered me pointing to a Powershell Script that deletes all users from FIM2010 Portal... The script worked OK... Markus Vilcinskas has posted an Powershell Script to delete an ExpectedRuleEntry, but I needed delete All ExpectedRuleEntry... So, I changed the script and today I could test it and the result was OK... As in my environment the logged account does not have administrator privilegies in FIM2010, I used $credential = Get-Credential to use an administrator account. To delete all Detected Rule Entry you must change in the script from ExpectedRuleEntry to DetectedRuleEntry Remember that to delete ExpectedRuleEntry and DetectedRuleEntry you must to have permission to do it! Deleting All ERE´s #---------------------------------------------------------------------------------------------------------- $credential = Get-Credential set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant #---------------------------------------------------------------------------------------------------------- If(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation} $exportObject = export-fimconfig -uri $URI ` -credential $credential ` –onlyBaseResources ` -customconfig "/ExpectedRuleEntry" ` -ErrorVariable Err ` -ErrorAction SilentlyContinue If($Err){Throw $Err} If($exportObject -eq $null) {throw "EREs not found"} $exportObject | Foreach-Object { $ImportObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject $ImportObject.ObjectType = "ExpectedRuleEntry" $ImportObject.TargetObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2] $ImportObject.SourceObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2] $ImportObject.State = 2 $ImportObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue If($Err){Throw $Err } Write-Host "`nCommand completed successfully`n" } #---------------------------------------------------------------------------------------------------------- trap { Write-Host "`nError: $($_.Exception.Message)`n" -foregroundcolor white -backgroundcolor darkred Exit 1 } #---------------------------------------------------------------------------------------------------------- Deleting All DRE´s #---------------------------------------------------------------------------------------------------------- $credential = Get-Credential set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant #---------------------------------------------------------------------------------------------------------- If(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation} $exportObject = export-fimconfig -uri $URI ` -credential $credential ` –onlyBaseResources ` -customconfig "/DetectedRuleEntry" ` -ErrorVariable Err ` -ErrorAction SilentlyContinue If($Err){Throw $Err} If($exportObject -eq $null) {throw "DREs not found"} $exportObject | Foreach-Object { $ImportObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject $ImportObject.ObjectType = "DetectedRuleEntry" $ImportObject.TargetObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2] $ImportObject.SourceObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2] $ImportObject.State = 2 $ImportObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue If($Err){Throw $Err} } Write-Host "`nCommand completed successfully`n" #---------------------------------------------------------------------------------------------------------- trap { Write-Host "`nError: $($_.Exception.Message)`n" -foregroundcolor white -backgroundcolor darkred Exit 1 } #---------------------------------------------------------------------------------------------------------- Go to the FIM ScriptBox
June 11th, 2010 7:45pm

Thanks for sharing, Paulo! Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2010 12:38am

I'd really like to use this, but after an hour of it running, I get the following error. Does anybody know what policy is needed, or needs modifying? Error: Failure when making web service call. SourceObjectID = b2582d62-7ba5-4a55-913f-a8e240a585b9 Error = Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Policy prohibits the request from completing. ---> Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: Policy prohibits the request from completing. at Microsoft.ResourceManagement.WebServices.ResourceClient.Delete(Message request) at Microsoft.ResourceManagement.WebServices.ResourceClient.Delete(UniqueIdentifier objectId) at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient.DeleteResource(UniqueIdentifier resourceIdentifier, ContextualSecurityToken securityToken) --- End of inner exception stack trace --- at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient.DeleteResource(UniqueIdentifier resourceIdentifier, ContextualSecurityToken securityToken) at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Delete() at Microsoft.ResourceManagement.Automation.ImportConfig.Delete(UniqueIdentifier objectIdentifier, String objectType) at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()
December 10th, 2010 11:23am

Does your account running the script has permissions to delete ERE and/or DRE? That's not on by default. I like creating a new separate MPR which grants permissions to delete these objects. Having it in a separate MPR ensures you can disable it when it's not required.http://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 11:26am

It didn't, but I worked it out and created a new MPR just for ERE's, as that's all I have left "ghosting" my system up. Thanks Thomas.
December 10th, 2010 11:54am

Hi, How I can delete some ExpectedRuleEntry with dilplayname filter. Ademar
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2011 8:20am

http://technet.microsoft.com/en-us/library/ff394182.aspx: Custom Configuration is defined by the provided XPath filter. For example /Person[DisplayName=’Administrator’]. In other words: $exportObject = export-fimconfig -uri $URI ` -credential $credential ` –onlyBaseResources ` -customconfig "/ExpectedRuleEntry[DisplayName='Add-DisplayName-Here']" ` -ErrorVariable Err ` -ErrorAction SilentlyContinue
June 21st, 2011 3:04pm

http://technet.microsoft.com/en-us/library/ff394182.aspx: Custom Configuration is defined by the provided XPath filter. For example /Person[DisplayName=’Administrator’]. In other words: $exportObject = export-fimconfig -uri $URI ` -credential $credential ` –onlyBaseResources ` -customconfig "/ExpectedRuleEntry[DisplayName='Add-DisplayName-Here']" ` -ErrorVariable Err ` -ErrorAction SilentlyContinue To confirm, is the 'Add-DisplayName-Here' the displayname of the ERE?Opper ...don't stop.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 7:12am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics