FIM2010/MIM2016: How to Bulk Export Connector and Disconnector Status from an AD Domain
Applies To
- FIM 2010 (R2)
- MIM 2016
Summary
We were recently asked if there was a way to export the connector status for an entire AD domain. We pointed the person to a previous article that can export the connection status of objects listed in a file, but realized it would be helpful to output some AD values in addition to the connector status especially in account audit scenarios. So, here you go - a fully supported tool that looks at the connector status for an entire AD domain and outputs some select AD attribute values typically used when performing a quick AD account audit.
Listed below is C# code that reads through an import file and exports the connector status, TRUE (meaning a connector) or FALSE (a disconnector).
The code is written to make it readable and customizable for non-developers.
Usage
GetConnectorStatusByDomain.exe > file.csv
For You To Update
C:\temp\temp.xml is a temporary file required by CSEXPORT.EXE
delimiter specifies the character to use between attributes
basedn is the RFC 2253 DN to base search from
maname is the name of the MA to search for connector status
csexportlocation is the full path and exe name for CSEXPORT.EXE
C# Code
| 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 079 080 081 082 083 084 085 086 087 088 089 090 091 092 093 094 095 096 097 098 099 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 |
using System; using System.IO; using System.Xml; using System.Diagnostics; using System.DirectoryServices; namespace GetConnectorsByDomain { class Program { // Constants for you to edit const string tempfile = @"c:\temp\temp.xml"; // Temporary file needed for csexport binary const string delimiter = ";"; // Delimiter for output file const string basedn = "dc=contoso,dc=com"; // RFC 2253 DN to base search from const string maname = "Contoso AD MA"; // Name of MA to search for connector status const string csexportlocation = @"C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\"; const string csexport = csexportlocation + "csexport.exe"; static void LaunchCommandLineApp(string MA, string DN) { // For the example // string MA = "AD MA"; // string DN = "CN=jingalls,OU=User,DC=contoso,DC=com"; ProcessStartInfo startInfo = new ProcessStartInfo(csexport); startInfo.CreateNoWindow = false; startInfo.UseShellExecute = true; startInfo.FileName = csexport; startInfo.WindowStyle = ProcessWindowStyle.Hidden; startInfo.Arguments = '\u0022' + MA + '\u0022' + " " + tempfile + " " + "/f:d=" + '\u0022' + DN + '\u0022'; startInfo.WorkingDirectory = csexportlocation; try { // Start the process with the info we specified. Call WaitForExit and the using statement will close. using (Process exeProcess = Process.Start(startInfo)) { exeProcess.WaitForExit(); } } catch { // Log error. } } static void Main(string[] args) { string ldapServer = "LDAP://" + basedn; string MA = maname; DirectoryEntry de = new DirectoryEntry(ldapServer); de.RefreshCache(); DirectorySearcher deSearch = new DirectorySearcher(de); SearchResultCollection results; // To search against all enabled user objects use the filter below // deSearch.Filter = ("(&(objectCategory=person)(objectclass=user)(!objectClass=foreignSecurityPrincipal)(samaccountname=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))"); // To search against all user objects use the filter below deSearch.Filter = ("(&(objectCategory=person)(objectclass=user)(!objectClass=foreignSecurityPrincipal)(samaccountname=*))"); deSearch.SearchScope = SearchScope.Subtree; deSearch.PageSize = 1000; results = deSearch.FindAll(); Console.WriteLine("sAMAccountName;mail;FIMConnectionStatus;DN;whenCreated;whenChanged;lastLogon;displayName;manager;employeeID;pwdLastSet"); foreach (SearchResult result in results) { string DN = result.Properties["distinguishedName"][0].ToString(); DN = DN.Replace(delimiter, ","); string sAMAccountName = result.Properties["sAMAccountName"][0].ToString(); sAMAccountName = sAMAccountName.Replace(delimiter, ","); string whenCreated = string.Empty; if (result.Properties.Contains("whenCreated")) { whenCreated = result.Properties["whenCreated"][0].ToString(); DateTime dtwhenCreated = Convert.ToDateTime(whenCreated); whenCreated = dtwhenCreated.ToString("s"); } else { whenCreated = "<NULL>"; } string whenChanged = string.Empty; if (result.Properties.Contains("whenChanged")) { whenChanged = result.Properties["whenChanged"][0].ToString(); DateTime dtwhenChanged = Convert.ToDateTime(whenChanged); whenChanged = dtwhenChanged.ToString("s"); } else { whenChanged = "<NULL>"; } string lastLogon = string.Empty; if (result.Properties.Contains("lastLogon")) { if (result.Properties["lastLogon"][0].ToString() == "0") { lastLogon = "(never)"; } else { long longlastLogon = (long)result.Properties["lastLogon"][0]; DateTime dtlastLogon = DateTime.FromFileTimeUtc(longlastLogon); lastLogon = dtlastLogon.ToString(); DateTime dt_lastLogon = Convert.ToDateTime(lastLogon); lastLogon = dt_lastLogon.ToString("s"); } } else { lastLogon = "(never)"; } string displayName = string.Empty; if (result.Properties.Contains("displayName")) { if (result.Properties["displayName"].Count > 0) { displayName = result.Properties["displayName"][0].ToString(); displayName = displayName.Replace(delimiter, ","); } else { displayName = "<NULL>"; } } else { displayName = "<NULL>"; } string mail = string.Empty; if (result.Properties.Contains("mail")) { if (result.Properties["mail"].Count > 0) { mail = result.Properties["mail"][0].ToString(); mail = mail.Replace(delimiter, ","); } else { mail = "<NULL>"; } } else { mail = "<NULL>"; } string manager = string.Empty; if (result.Properties.Contains("manager")) { if (result.Properties["manager"].Count > 0) { manager = manager = result.Properties["manager"][0].ToString(); manager = manager.Replace(delimiter, ","); } else { manager = "<NULL>"; } } else { manager = "<NULL>"; } string employeeID = string.Empty; if (result.Properties.Contains("employeeID")) { if (result.Properties["employeeID"].Count > 0) { employeeID = result.Properties["employeeID"][0].ToString(); employeeID = employeeID.Replace(delimiter, ","); } else { employeeID = "<NULL>"; } } else { employeeID = "<NULL>"; } string pwdLastSet = string.Empty; if (result.Properties.Contains("pwdLastSet")) { if (result.Properties["pwdLastSet"][0].ToString() == "0") { pwdLastSet = "(never)"; } else { long longpwdLastSet = (long)result.Properties["pwdLastSet"][0]; DateTime dtpwdLastSet = DateTime.FromFileTimeUtc(longpwdLastSet); pwdLastSet = dtpwdLastSet.ToString(); DateTime dt_pwdLastSet = Convert.ToDateTime(pwdLastSet); pwdLastSet = dt_pwdLastSet.ToString("s"); } } else { pwdLastSet = "(never)"; } string connector = string.Empty; if (File.Exists(tempfile)) { File.Delete(tempfile); } string FIMConnectionStatus = string.Empty; LaunchCommandLineApp(MA, DN); //Loading an XML file XmlDocument xml = new XmlDocument(); if (File.Exists(tempfile)) { xml.Load(tempfile); XmlNodeList xnList = xml.SelectNodes("/cs-objects/cs-object"); foreach (XmlNode xn in xnList) { connector = xn["connector"].InnerText; if (connector != null && connector.Length > 0) { string Output = connector.Substring(0, 1); if (Output == "1") { FIMConnectionStatus = "TRUE"; } else { FIMConnectionStatus = "FALSE"; } } else { FIMConnectionStatus = "XML_FILE_ERROR"; } } if (connector == string.Empty) { FIMConnectionStatus = "XML_FILE_ERROR"; } } else // XML file does not exist { FIMConnectionStatus = "XML_FILE_NOT_FOUND"; } Console.WriteLine(sAMAccountName + delimiter + mail + delimiter + FIMConnectionStatus + delimiter + DN + delimiter + whenCreated + delimiter + whenChanged + delimiter + lastLogon + delimiter + displayName + delimiter + manager + delimiter + employeeID + delimiter + pwdLastSet); if (File.Exists(tempfile)) { File.Delete(tempfile); } } } } } |
Note
To provide feedback about this article, create a post in the FIM TechNet Forum.
For more FIM related Windows PowerShell scripts, see the FIM ScriptBox 