Using Powershell Script to delete all Expected Rule Entry and all Detected Rule Entry
Summary
Hi...
I posted a question in FIM2010 Forum... The question was about FIM2010 Database cleanup...
CarolW has answered me pointing to a
Powershell Script that deletes all users from FIM2010 Portal... The script worked OK...
Markus Vilcinskas has posted an
Powershell Script to delete an ExpectedRuleEntry, but I needed delete All ExpectedRuleEntry... So, I changed the script and today I could test it and the result was OK...
As in my environment the logged account does not have administrator privilegies in FIM2010, I used $credential = Get-Credential to use an administrator account.
To delete all Detected Rule Entry you must change in the script from ExpectedRuleEntry to DetectedRuleEntry
Remember that to delete ExpectedRuleEntry and DetectedRuleEntry you must to have permission to do it!
Deleting All ERE´s
#----------------------------------------------------------------------------------------------------------
$credential = Get-Credential
set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant
#----------------------------------------------------------------------------------------------------------
If(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
$exportObject = export-fimconfig -uri $URI `
-credential $credential `
–onlyBaseResources `
-customconfig "/ExpectedRuleEntry" `
-ErrorVariable Err `
-ErrorAction SilentlyContinue
If($Err){Throw $Err}
If($exportObject -eq $null) {throw "EREs not found"}
$exportObject | Foreach-Object {
$ImportObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$ImportObject.ObjectType = "ExpectedRuleEntry"
$ImportObject.TargetObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2]
$ImportObject.SourceObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2]
$ImportObject.State = 2
$ImportObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue
If($Err){Throw $Err
}
Write-Host "`nCommand completed successfully`n"
}
#----------------------------------------------------------------------------------------------------------
trap
{
Write-Host "`nError: $($_.Exception.Message)`n" -foregroundcolor white -backgroundcolor darkred
Exit 1
}
#----------------------------------------------------------------------------------------------------------
Deleting All DRE´s
#----------------------------------------------------------------------------------------------------------
$credential = Get-Credential
set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant
#----------------------------------------------------------------------------------------------------------
If(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
$exportObject = export-fimconfig -uri $URI `
-credential $credential `
–onlyBaseResources `
-customconfig "/DetectedRuleEntry" `
-ErrorVariable Err `
-ErrorAction SilentlyContinue
If($Err){Throw $Err}
If($exportObject -eq $null) {throw "DREs not found"}
$exportObject | Foreach-Object {
$ImportObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$ImportObject.ObjectType = "DetectedRuleEntry"
$ImportObject.TargetObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2]
$ImportObject.SourceObjectIdentifier = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2]
$ImportObject.State = 2
$ImportObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue
If($Err){Throw $Err}
}
Write-Host "`nCommand completed successfully`n"
#----------------------------------------------------------------------------------------------------------
trap
{
Write-Host "`nError: $($_.Exception.Message)`n" -foregroundcolor white -backgroundcolor darkred
Exit 1
}
#----------------------------------------------------------------------------------------------------------
Go to the FIM ScriptBox
June 11th, 2010 7:45pm
Thanks for sharing, Paulo!
Cheers,
MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2010 12:38am
I'd really like to use this, but after an hour of it running, I get the following error. Does anybody know what policy is needed, or needs modifying?
Error: Failure when making web service call.
SourceObjectID = b2582d62-7ba5-4a55-913f-a8e240a585b9
Error = Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Policy prohibits the request from completing. ---> Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: Policy prohibits the request from completing.
at Microsoft.ResourceManagement.WebServices.ResourceClient.Delete(Message request)
at Microsoft.ResourceManagement.WebServices.ResourceClient.Delete(UniqueIdentifier objectId)
at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient.DeleteResource(UniqueIdentifier resourceIdentifier, ContextualSecurityToken securityToken)
--- End of inner exception stack trace ---
at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient.DeleteResource(UniqueIdentifier resourceIdentifier, ContextualSecurityToken securityToken)
at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Delete()
at Microsoft.ResourceManagement.Automation.ImportConfig.Delete(UniqueIdentifier objectIdentifier, String objectType)
at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()
December 10th, 2010 11:23am
Does your account running the script has permissions to delete ERE and/or DRE? That's not on by default. I like creating a new separate MPR which grants permissions to delete these objects. Having it in a separate MPR ensures you can disable it when it's
not required.http://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 11:26am
It didn't, but I worked it out and created a new MPR just for ERE's, as that's all I have left "ghosting" my system up. Thanks Thomas.
December 10th, 2010 11:54am
Hi,
How I can delete some ExpectedRuleEntry with dilplayname filter.
Ademar
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2011 8:20am
http://technet.microsoft.com/en-us/library/ff394182.aspx: Custom Configuration is defined by the provided XPath filter. For example /Person[DisplayName=’Administrator’]. In
other words:
$exportObject = export-fimconfig -uri $URI `
-credential $credential `
–onlyBaseResources `
-customconfig "/ExpectedRuleEntry[DisplayName='Add-DisplayName-Here']" `
-ErrorVariable Err `
-ErrorAction SilentlyContinue
June 21st, 2011 3:04pm
http://technet.microsoft.com/en-us/library/ff394182.aspx: Custom Configuration is defined by the provided XPath filter. For example /Person[DisplayName=’Administrator’]. In
other words:
$exportObject = export-fimconfig -uri $URI `
-credential $credential `
–onlyBaseResources `
-customconfig "/ExpectedRuleEntry[DisplayName='Add-DisplayName-Here']" `
-ErrorVariable Err `
-ErrorAction SilentlyContinue
To confirm, is the 'Add-DisplayName-Here' the displayname of the ERE?Opper ...don't stop.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 7:12am