The FIM CM MA uses SQL to query for the CM Profile and Request objects. Turns out this isn’t simple to do with the FIM CM Provision API, so going to the database seems justifiable in this case.
The PowerShell snippets below uses the .NET SQL Client to query the FIM CM database using queries similar to the full import from the FIM CM MA.
Some differences include:
The FIM CM MA does not execute the SQL from the FIM Sync box. Instead it asks a proxy object on the FIM CM server to do this. While this is elegant from a security POV (we are just doing what the CM server already does, instead of pulling the SQL back to the FIM Sync box) it is a pain in production environments where best practice dictates we don’t run FIM CM and SQL on the same server, introducing a kerberos delegation scenario.
The script below initiates the query from ‘localhost’ but could easily be modified to run from a remote server, eliminating the kerberos delegation issue.
Finding the SQL Server
The FIM CM MA by default asks FIM CM where the CM database is located. This data is stored in the registry on the CM server, and the FIM CM MA queries for it. The script below simply hard codes the database name and database server name.