Monday, September 26, 2011

debug.MakeCurrentUserAdministrator

<WARNING>

!!! DO NOT DO THIS ON A PRODUCTION FIM SERVER !!!

</WARNING>

If you have accidently whacked your FIM administrator object in the FIM Service, there is a rescue utility in the FIM Service database in the form of a stored procedure named ‘debug.MakeCurrentUserAdministrator’.

From what I can see, this procedure will add the current user to the Administrator Set in the FIM Service database.  It does not require any parameters, so is quite easy to execute. 

Caveats:

1. The current user must exist in the FIM Service database already

2. The operation is not logged in the FIM Service request history

This is a good rescue utility for a lab environment, but I would not use it on a production server because I’m pretty sure Microsoft doesn’t support it.

5 comments:

Carol Wapshere said...

That's a good find Craig. I'd actually written a powershell script to go in and change the Portal Admin account directly in the DB and this would be easier. Though saying that, the reason I wrote the script was for copying a FIMService DB into a dev environment in a different domain so to new account won't be in the DB, and I guess I'll still need it after all.

Craig Martin said...

Very interesting Carol, we should talk more about 'copying a FIMService DB into a dev environment in a different domain'

That is a creative way to produce a dev environment ;-)

Maybe we can crash Jorge's session (ask intelligent questions) at TEC in Frankfurt!

Mujeeb Shaikh said...

Thanks a TON Craig !!!

This BLOG helped me solve my issue...

:)

Michael G said...

Does not work anymore because they screwed up the StoredProcs in 2010 R2 SP1 :-(

Unknown said...

hello Michael,

you are right, it doesnt work anymore.

You need to change following Stored Procedure:

"[debug].[AddSetMember]"

Add column: "Multivalued" with the value "1" into both insert statement within the stored procedure. Than it should work again.