FIM 2010 R2: How to Bulk Import Attributes Flow Rules into a Synchronization Rule in the Portal
Overview
I had to create 6 Sync rules each one with 100+ attribute flows. It would take me at least 2 dedicated workdays to do this repetitive task. My research revealed that the only means available to automate this task is to adapt the Migration deployment steps
FIM 2010 Configuration Migration Deployment Steps
Here is how we adapted these steps to accomplish this work in less than 20 minutes.
Pre-requisites
- FIM 2010 R2 should be installed, the sync engine and the Portal should be installed.
- The FIM Service MA should be configured and synchronized.
- In the sync engine make sure that all the required Metaverse (MV) attributes are present, there may be some custom attributes that need to be created. In the Management Agent for the sync rule make sure all the required local attributes have been selected.
- Refresh the Portal schema. Go to the FIM Service MA re-enter the MA account password and click ok.
- Make sure you can run PowerShell scripts on the server.
- Make sure you are logged with an account with rights to the Portal e.g the Portal service account.
- Go to the FIM Portal and create the Sync rules you want e.g Contoso AD Sync Inbound, Contoso AD Sync Outbound. See the following links below on how to do this
Create Synchronization Rules in the Portal
Go to the FIM Portal and create the Sync rules you want e.g Contoso AD Sync Inbound, Contoso AD Sync Outbound. See the following links below on how to do this
Add one attribute flow to each one created.
Create Powershell scripts
- We will need 3 PowerShell scripts to carry out the task. Create 3 files. Click on the link on each file name to get the script code to be copied into each one of the files.
SyncPolicy.ps1 In this script make the following changes
$pilot_filename = "updatepolicy.xml"
$production_filename = "policy.xml"
Configure attribute flows in Excel
- Open Excel
- In a sheet paste the names of the MV attributes on Column A, paste the attributes of the remote directory in column B. Put quote (“) in the cell (J1).
- Go cell (C1), enter the following formula for Outbound attribute flows
="<string><export-flow allows-null="&$J$1&"true"&$J$1&"><src><attr>"&A1&"</attr></src><dest>"&B1&"</dest><scoping></scoping></export-flow></string>"
Note that I configured my outbound flow to allow null, if you do not want that you can take it out.
Enter the following for Inbound attribute flows
="<string><import-flow ><src><attr>"&B1&"</attr></src><dest>"&A1&"</dest><scoping></scoping></import-flow></string>"
In Excel copy the formula down column C to all the attributes listed.
Using the powershell scripts
- Open a powershell window
- Go the directory where the powershell scripts are located
- Run the exportpolicy.ps1. It will export the Portal configuration and create a file in C:\Users\loggedinaccount. The file will be called “policy.xml”. Note that each time you run this script it will overwrite the file.
- Edit the policy.xml with notepad. Look for the Sync rule name “Contoso AD Sync Outbound”. Scroll down a bit you will see the one attribute flow created. Copy and paste the Excel column C under this line.
- Repeat search and paste process this for each of the sync rules.
- Save the file as “updatepolicy.xml” in the same location as policy.xml.
- Run syncpolicy.ps1. This will compare the two files and create a file called changes.xml in the same location. This file contains differences between the two files and XML code to update the FIM Portal.
- Run commitchanges.ps1.
- Go to the Portal and confirm the updates are successfully made to the Sync rules.
Items to Note
I did find that even though no errors were reported during the update processes I had to manually match 3-5 attributes. I will post an update but if you run into this you can update this article too.