How to Use PowerShell to Display the Value of the ERL Attribute of a User
FIM ScriptBox Item
Summary
To synchronize an object to a target data source, the object must have a populated ERL attribute.
The values of this attribute are used by the synchronization engine to locate the appropriate outbound synchronization rules that need to be applied to an object during a synchronization run.
The script code below displays the expectedRulesList attribute value of a uroup and the status of the relationship between the object and the outbound synchronization rule.
When calling the script, you need to provide the display name of the object as parameter.
Script Code
| 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 |
#---------------------------------------------------------------------------------------------------------- set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant #---------------------------------------------------------------------------------------------------------- function ShowEREName { PARAM($objectId) END { $exportObject = export-fimconfig -uri $URI ` –onlyBaseResources ` -customconfig "/ExpectedRuleEntry[ObjectID='$objectId']" if($exportObject -eq $null) {write-host " -$($objectId)"} else { $displayName = $exportObject.ResourceManagementObject.ResourceManagementAttributes | ` Where-Object {$_.AttributeName -eq "DisplayName"} $status = $exportObject.ResourceManagementObject.ResourceManagementAttributes | ` Where-Object {$_.AttributeName -eq "SynchronizationRuleStatus"} write-host " -$($displayName.Value), $($status.Value)" } } } #---------------------------------------------------------------------------------------------------------- if($args.count -ne 1) {throw "Missing name parameter"} $objectName = $args[0] write-host $objectName if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation} $exportObject = export-fimconfig -uri $URI ` –onlyBaseResources ` -customconfig "Person[DisplayName='$objectName']" if($exportObject -eq $null) {throw "L:Object not found"} $erlAttribute = $exportObject.ResourceManagementObject.ResourceManagementAttributes | ` Where-Object {$_.AttributeName -eq "ExpectedRulesList"} if($erlAttribute -eq $null) {throw "L:The expected rules list doesn't have values"} foreach($erlValue in $erlAttribute.values) {ShowEREName -objectId ($erlValue.split(":"))[2]} write-host "`n" #---------------------------------------------------------------------------------------------------------- trap { $exMessage = $_.Exception.Message if($exMessage.StartsWith("L:")) {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue} else {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred} Exit } #---------------------------------------------------------------------------------------------------------- |
Note
To provide feedback about this script, create a post on the FIM TechNet Forum.
For more FIM related Windows PowerShell scripts, see the FIM ScriptBox.