Re-synchronizing FIM Configuration

I was whipping up a quick and dirty script, to list the explicit connectors (or explicit disconnectors) in a given connector space, for a colleague and had to go poking around in the MSDN documentation for the MIIS/ILM/FIM WMI provider. I was looking at the MIIS_ManagementAgent class specifically when I noticed that Craig had done additional snooping and digging and discovered MIIS_ManagementAgent::ResyncSyncConfigObjects. When troubleshooting issues like “I’ve created a new attribute for the person class in the FIM Synchronization Service and it’s not showing up in the Synchronization Rule designer” (I paraphrase to get the point across but you know what I mean) we often see people advising to refresh the schema of the management agent, or make an inconsequential change, etc. Well, we no longer have to. The method discovered by Craig means we can trivially script the resynchronization of the ma-data and mv-data objects.

I’ve therefore written a very simplistic PowerShell script to do this. Truthfully this is little more than the example posted by Craig. The major difference is I’ve wrapped some text output and coloured the results.  J


## ResyncFimConfiguration.ps1 v1.0
##   Paul Williams ( Microsoft Services Jan 2011
## Noddy script that invokes a method of a WMI object to delete and recreate the
## MA and MV data objects.
## Status is output - yellow for success; red for failure
## This should take several seconds and should always complete.  If it doesn't complete
## you've probably got a version mismatch between FIMSYNC and FIMSVC or the FIMMA
## account is different to that defined during installation.

# Returns a ManagementObject instance of the FIMSVC MA
function GetFimMa
    return ( `
        Get-WmiObject -Class MIIS_ManagementAgent `
            -Namespace root/MicrosoftIdentityIntegrationServer `
            -Filter ("Type='Forefront Identity Management (FIM)'") `

Write-Host "`nDeleting and creating ma-data and mv-data resources..." -NoNewline;
[String]$resyncReturnValue = (GetFimMa).ResyncSyncConfigObjects().ReturnValue;

if($resyncReturnValue -eq "success")
    Write-Host "Completed successfully.`n" -ForegroundColor Yellow;
    Write-Host "Failed: " -NoNewline;
    Write-Host "$resyncReturnValue`n" -ForegroundColor Red;

Example usage

Figure 1 illustrates my PowerShell console and the output of the script (there’s not much). Figure 2 illustrates the FIM Request Log. As you can see executing the script first deletes some of the ma-data resources and then creates all the ma-data and the mv-data resources.

Figure 1: PowerShell console

Figure 2: Request log

What’s interesting is that only the HRCSV and FIMSVC ma-data resources were deleted, yet the HR, AD, ADAM, SQL and FIM ma-data resources were created as well as the mv-data resource. I guess that’s a topic for another blog post…


About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in FIM, Scripting and tagged , , , , , , , , . Bookmark the permalink.

One Response to Re-synchronizing FIM Configuration

  1. Pingback: Resynchronising ma-data and mv-data resources | Yet another identity management blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s