FIM 2010: How to Run PowerShell Cmdlets on non-FIM Machine
Credits
- MSDN Blogs > syamp's musings > How to run FIM 2010 PowerShell Cmdlets from a remote machine?
- Installing FIMAutomation on a FIM-less machine
- FIM 2010 – Registering FIMAutomation class on another system
Get the FIM libraries
From the %program files%\Microsoft Forefront Identity Manager\2010\Service folder on the FIM server, copy the following files:
- Microsoft.ResourceManagement.Automation.dll
- Microsoft.IdentityManagement.Logging.dll
- Microsoft.ResourceManagement.dll
Copy the FIM binaries to a local drive.
Check the target machine OS version
The location of the utility we will used depends on the OS you're running.
On a 64-bit machine, InstallUtil, resides at
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe
While the 32-bit defaults to:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
Use the right tool version
As suggested by Brad Turner (here)
x64
set-alias installutil $env:windir\Microsoft.NET\Framework64\v2.0.50727\installutil
installutil .\Microsoft.ResourceManagement.Automation.dll
x86
set-alias installutil $env:windir\Microsoft.NET\Framework\v2.0.50727\installutil
installutil .\Microsoft.ResourceManagement.Automation.dll
Register the FIM libraries
InstallUtil.exe -i .\Microsoft.ResourceManagement.Automation.dll
gacutil -i Microsoft.ResourceManagement.dll
gacutil -i Microsoft.IdentityManagement.Logging.dll
Load the pssnap-in
From the Powershell command console execute this command to load the snapin:
add-pssnapin FIMAutomation
You will see that lots of scripts load the snap-in during executing, like
If(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
Run Powershell with remote URI
In your FIM powershell scripts you need to define the URI, which refers to the FIM Service.
When you run powershell scripts from the FIM Service machine, the URI is set to local host, like
http://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx
But when you run the powershell remotely, you'll need to change that localhost to the remote FIM Service machine name.
In lots of scripts this setting is defined as a variable in the beginning of the script, like
set-variable -name URI -value http://localhost:5725/ -option constant
Hints & Tips
Drive mapping
If you attempt this from a mapped drive you will receive the following error:
Exception occurred while initializing the installation:
System.IO.FileLoadException: Could not load file or assembly 'Microsoft.ResourceManagement.Automation, Version=4.0.2592.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417).
GACUtil
.gacutil is not available on Windows Server 2012 per default.
Use a Powershell-Script like this to register the FIM libaries instead:
cd C:\Install\FIMResourcemanagement set-alias installutil $env:windir\Microsoft.NET\Framework\v2.0.50727\installutil installutil .\Microsoft.ResourceManagement.Automation.dll Set-location "C:\Install\FIMResourcemanagement" [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a") $publish = New-Object System.EnterpriseServices.Internal.Publish $publish.GacInstall("c:\Install Microsoft.ResourceManagement.dll") $publish.GacInstall$publish.GacInstall("c:\Install\Microsoft.IdentityManagement.Logging.dll")