This sample shows how to create a new Person then add them to the FIM Administrators Set.
It also shows how alternate credentials can be used with the FIM Automation PowerShell snap-in.

The FimAutomation PowerShell snap-in caches credentials, and those credentials are then used for both Import-FimConfig and Export-FimConfig. So if you first do a query using Export-FimConfig using alternate credentials, then updates to the FIM Service using Import-FimConfig will also use those credentials (instead of the logged-on user).

In the example below a PSCredential object is created with the username and password of the local administrator, who also happens to be the FIM Administrator. NOTE: if you are already logged on as the administrator then this is not necessary.

The first call to Export-FimConfig uses the -Credential parameter, which causes the FimAutomation snap-in to cache the credential. The next calls to Import-FimConfig submit requests to the FIM Service as the administrator.

###
### Import the FimPowerShellModule
### this assumes the FimPowerShellModule files are in $env:PSModulePath
###
Import-Module -Name FimPowerShellModule

###
### Create a PSCredential object for the current FIM administrator
###
$FimAdminCredential = New-Object PSCredential administrator, (ConvertTo-SecureString 'hoofhearted' -AsPlainText -Force)

### Do a FIM query using the credential of the FIM administrator
### The FimAutomation PowerShell Snap-In caches this credential, so will re-use the credential until we change it
### So even if we call Import-FimConfig, it will run as the cached credential (the FIM Administrator in this case)
Export-FIMConfig -OnlyBaseResources -CustomConfig "/Set[DisplayName='Administrators']" -Credential $FimAdminCredential

###
### Create a new person
###
New-FimImportObject -State Create -ObjectType Person -Changes @{
    AccountName = 'Craig'
    DisplayName = 'Craig Martin'
    Domain      = 'Litware'
    ObjectSID   = (Get-ObjectSid craig)
} -ApplyNow

###
### Add the new person to the FIM Administrators Set
###
New-FimImportObject -State Put -ObjectType Set -Anchor @{DisplayName='Administrators'} -Changes @(
    New-FimImportChange -Operation Add -AttributeName ExplicitMember -AttributeValue ('Person', 'AccountName', 'craig')
) -ApplyNow

Last edited May 7, 2015 at 5:09 PM by CraigMartin, version 1

Comments

No comments yet.