Powershell Management Agent for FIM2010 and MIM2016
Clone or download
sorengranfeldt Merge pull request #7 from puttyq/master
added reference to the project wiki
Latest commit 99843cf Oct 12, 2018

README.md

PowerShell Management Agent for FIM2010 and MIM2016

The Granfeldt PowerShell Management Agent (PSMA) is a highly flexible ECMA for Forefront Identity Manager 2010 (FIM) R2 and Microsoft Identity Manager 2016. Although the MA can be deployed to perform many different user cases, the basic operation centres around creation, deletion, update or deletion (CRUD) that can be achieved via PowerShell. By using this framework, these operations can be triggered within FIM/MIM Synchronization Engine, thereby greatly extending the integration possibilities of the platform while simultaneously lowering the complexity of supporting the solution in the future.

The management agent supports

Real-world uses

Below are just a few potential use cases for the MA, although integration can be achieved with almost any system that allow for direct or indirect integration using PowerShell.

  • Home Directories - a typical implementation of this MA is the creation and managing of home directories and/or profile drives for users.
  • Skype for Business - managing Skype for Business/Lync user accounts as well as profiles. By importing the standard Lync PowerShell cmdlets or the Skype for Business Online cmdlets and running appropriate CMDlets, users use this MA for the automation of the entire CSUser lifecycle.
  • SQL Delta Import - by using a timestamp column as a watermark, users can do delta imports from SQL server tables.
  • Web Service Integration - with the use of PowerShell many options for integration to REST/SOAP web services become simple. This can be achieved with Invoke-RestMethod, Invoke-WebRequest and New-WebServiceProxy.
  • OpenLDAP - this MA has been used to replace the old OpenLDAP XMA.
  • Azure Active Directory - the MA can be used in conjunction with the Azure AD PowerShell Module to automate Azure AD user lifecycle scenarios and even manage Azure B2B guests.
  • Office 365 - this MA is also frequently used for managing users in Office 365 and users can find a link for sample scripts for doing this in the download section.
  • Dynamics AX - this MA has been used for managing users and roles in Dynamics AX.
  • Human Resource (HR) Information - this MA has been used to read funny formatted files (and clean up) data coming from various HR systems. Using PowerShell to read the file and maybe enrich it / filter allowing you to pass more clean data to FIM.
  • TCP/IP (DHCP Leases) - in network related use cases the MA has been used to import DHCP lease information from DHCP servers in order to create computer accounts for use with WPA authentication.
  • Password Management - a great use case includes the use of the MA for custom password synchronization scenarios, especially if the target system requires some form of custom password hashing before the password is stored. The MA supports password management (PCNS) and will allow for a script to be run for password changes when triggered via Password Change Notification Services events from company domain controllers.

These are only a subset of some of the use cases. Many other implementations of this MA are running around the world and it is used for a wide variety of integration requirements.

PSMA Implementation Examples

The following are but some examples of users who have used the PSMA in order to automate specific use cases in FIM/MIM. For additional examples, see Wiki->Samples.

Other Tools and Examples

Usage and Implementation

In order to gain a better understanding of the MA, technical introduction can be found in the following presentation from the July 2013 in the FIM Team User Group meeting. The session recording is available on YouTube. A complete reference on how to install, configure and troubleshoot the MA can also be found in the project Wiki.

Contributing

Contributing to this project is welcomed and encouraged since the community can benefit from keeping this updated. When contributing to this repository, please first discuss the change you wish to make via the creation of an issue or getting in touch.

Enjoy, Søren Granfeldt (blog or twitter)