PowerShell Script to Enable/Disable Sync Rule Provisoning

I had a need to run synchronization without having provisioning on periodically and accomplishing it as a manual process wasn’t going to work. I found a script script online that looked like it might be useful.

I simplified it and made it a function to add to our scheduled run profile script.

function Set-SRProvisoning()
    set-variable -name URI -value "http://$($Server):5725/resourcemanagementservice' " -option constant
    if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}

    switch ($Enable)
        $True {$ProvisioningStatus = "sync-rule"}
        $False {$ProvisioningStatus = "none"}
        Default {Write "Bad option"}

    $exportObject = export-fimconfig -uri $URI `
                                        –onlyBaseResources `
                                        -customconfig ("/mv-data") `
                                        -ErrorVariable Err `
                                        -ErrorAction SilentlyContinue
    $provisioningState = ($exportObject.ResourceManagementObject.ResourceManagementAttributes | `
                            Where-Object {$_.AttributeName -eq "SyncConfig-provisioning-type"}).Value

    $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
    $importChange.Operation = 1
    $importChange.AttributeName = "SyncConfig-provisioning-type"
    $importChange.AttributeValue = $ProvisioningStatus
    $importChange.FullyResolved = 1
    $importChange.Locale = "Invariant"
    $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
    $importObject.ObjectType = $exportObject.ResourceManagementObject.ObjectType
    $importObject.TargetObjectIdentifier = $exportObject.ResourceManagementObject.ObjectIdentifier
    $importObject.SourceObjectIdentifier = $exportObject.ResourceManagementObject.ObjectIdentifier
    $importObject.State = 1 
    $importObject.Changes = (,$importChange)
    $importObject | Import-FIMConfig -uri $URI -ErrorVariable Err -ErrorAction SilentlyContinue

    switch ($Enable)
        $True {write-host "`nProvisioning enabled successfully`n"}
        $False {write-host "`nProvisioning disabled successfully`n"}

FIM/MIM MA Pending Export Report

This will show what export operations are pending on all of your management agents. It was adapted from a script I found in the FIM Script Box that would show the pending exports for a single MA. Instead, this script queries the Sync Service for all of the management agents and displays the pending exports for all of them.

$MAs = $(Get-WmiObject -class "MIIS_ManagementAgent" -namespace "root\MicrosoftIdentityIntegrationServer"` -computername "." ).name

foreach ($MA in $MAs)
    $MA = @(get-wmiobject -class "MIIS_ManagementAgent" -namespace "root\MicrosoftIdentityIntegrationServer"`
                          -computername "." -filter "Name='$ma'") 
    if($MA.count -eq 0) {throw "MA not found"}

    $Rpt+=New-Object PSObject -Property @{
$Rpt | Sort name | ft Name,Add,Update,Delete -AutoSize

FIM 2010 R2 Training Videos


About This Video
– Successfully install FIM 2010 R2 SP1 on Windows Server 2012
– Set up your very own complete FIM solution including self-service
– Implement self-service enrollment of Smart Cards using FIMWho This Video Is For
If you are implementing and managing FIM 2010 R2 in your business, then this video course is for you. You will need to have a basic understanding of Microsoft-based infrastructure using Active Directory. If you are new to Forefront Identity Management, the case-study approach of this video course will help you understand the concepts and implement them quickly and efficiently. Even if you’re well-versed with the technology, this is a great guide to strengthen your knowledge.

Continue reading “FIM 2010 R2 Training Videos”