Partager via


How to: Create Scripts to Run Management Agents

The Synchronization Service Manager can create a Visual Basic Scripting Edition (VBScript) script that you can use to run a management agent from a command line or at a scheduled time. The generated script has all the commands that you need to connect to the Windows Management Instrumentation (WMI) Service of a local or remote server and run a specified management agent.

This topic describes the following procedures:

  • Creating a script to connect to a local server

  • Specifying alternative credentials

  • Modifying the script to connect to a remote server

Note

Do not run a management agent through a script when you are deleting any management agent because you can cause a failed run or corrupt a management agent configuration.

To create a script to connect to a local server

  1. On the Tools menu, click Management Agents.

  2. In Management Agent, click the management agent for which you want to create a script for a run profile.

  3. On the Actions menu in Management Agent, click Configure Run Profiles.

  4. In the Configure Run Profiles dialog box, under Management agent run profiles, click the run profile for which you want to create a script, and then click Script.

  5. In the Save As dialog box, type a name and location for the script, and then click Save.

The following example shows a script that was created using the previous procedure to connect to the WMI Service on a local server and then run the full import run profile of the Fabrikam HR MA management agent.

Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when <tla rid="fim_sync_short"/> is on remote system.
rem
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
rem
Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set MASet   = Service.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{1D99EC00-87BC-41BF-A65D-AF46217AC686}'")

for each MA in MASet
    WScript.Echo "Running " + MA.name + ".Execute(""Full Import"")..."
    WScript.Echo "Run completed with result: " + MA.Execute("Full Import")
next

The script uses the credentials of the current user to run the script. If the current user is not a member of a group that has permissions to run the scripts, you can use the Run As command to specify alternative credentials to run the script.

To specify alternative credentials

  1. At a command prompt, type the following command:

    runas /user:<domain>\<user name> <script name>

Substitute the appropriate user name and script name. For example, if the script name is fullimport.vbs, and the alternative user name is Jeff, authenticated by the Fabrikam domain controller, you run the following at the command prompt: runas /user:Fabrikam\Jeff fullimport.vbs

You can modify the script to connect to a remote server by following these steps:

To modify the script to connect to a remote server

  1. Open the script file in a text editor, such as Notepad or the Visual Studio 2008 editor.

  2. Remove the text rem to enable the following line:

    rem Set Service = GetObject("MyServer", "root\MicrosoftIdentityIntegrationServer")
    
  3. Change MyServer to the name of your FIM Synchronization Service server.

  4. Add the text rem to the beginning of the following line to disable the line.

    Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
    
  5. Save the file.

The following example shows a script that was modified to connect to a remote server using the current user credentials to run a management agent. The name of the server is FabrikamDomainSvr.

Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when <tla rid="fim_sync_short"/> is on remote system.
rem

Set Service = Locator.ConnectServer("FabrikamDomainSvr", "root\MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
rem
rem Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set MASet   = Service.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{1D99EC00-87BC-41BF-A65D-AF46217AC686}'")

for each MA in MASet
    WScript.Echo "Running " + MA.name + ".Execute(""Full Import"")..."
    WScript.Echo "Run completed with result: " + MA.Execute("Full Import")
next

If you want to use alternative credentials to run the script remotely, use the runas command, as shown in the previous procedure.

Note

We do not recommend storing user credentials in a script. If you have to run a script under a different user context, in most cases you should use the runas command to run the script. If you must include the user name and password in the script, store the script in a secure folder that has the same security level as the FIM Synchronization Service folder. Limit access to that folder.

Note

Do not use a script that connects to a remote server to connect to a local server. Specifying the user name and password in a script that is intended to connect to a remote server causes the connection to fail. For more information, see the strUser parameter in the SWbemLocator.ConnectServer method in the Platform SDK.

You can use the Task Scheduler in Windows Server to run your scripts automatically. For more information, see the Windows Server Task Scheduler.

See Also

Concepts

Creating Scripts
Using the WMI Provider
WMI Provider Overview
How to: Enable Security in Scripts
How to: Create Scripts to Run Management Agents
How to: Create an Executable File to Run a Management Agent