Tuesday, August 30, 2011
A quick search of the FIM wiki for Resource Control Display Configuration will show you the pre-requisites you need to appreciate before fully grasping the challenge at hand :-|
In short: RCDCs are a handy way of allowing FIM Portal customization by adding controls as XML stuffed into an attribute in an object that resides in the FIM Service. One challenge here is that the XML can be rather large, and it is not validated on import which leads to some pretty fun troubleshooting. Using this script approach you can prevent people from doing this manually by providing them with a script that automates the process.
The approach I took with this script was to edit an RCDC in place by adding the new control’s XML to the existing RCDC XML. I could have finished a lot sooner with a heavier hand if I’d just replaced the whole RCDC XML, instead of grafting my single control in. There’s something to be said for finishing earlier but I wanted to see if this could easily be done, and that is what I’m trying to show in this blog post.
Working with Namespaces
The main challenge I found in this script was working with namespaces. RCDC schema uses a few namespaces declared at the top of the document. Adding a new control by hand you don’t typically include these namespaces because they are already at the top of the document. I couldn’t find an easy way to do this, so I had to include the namespace declaration in my new control’s XML. It is redundant but AFAIK it is not incorrect (at least it doesn’t seem to make the server angry). Skipping this little trick took the simplicity out of the script and made it pretty ugly because I really wanted to use the XML functionality in .NET instead of doing string manipulation.
There’s one trick/function in the script below that I haven’t posted about yet. It is basically another wrapper for Import-FimConfig. Look for more on that later as I want to share and demo it at TEC Europe.
Anyhow, on with the script.
Woo-hoo! This time I’m giving talks on:
- Extending and Automating FIM with PowerShell
- Managing Active Directory with PowerShell
- Using SQL Reporting Services to Expose PowerShell Script Output
Needless to say I’m pretty excited about the PowerShell Deep Dive track, and hope to spend a lot of time learning from the extremely high concentration of PowerShell talent and excitement.
If you’re a FIM integrator in Europe, then this is a must-attend conference. You won’t find a more concentrated bunch of integration and automation folks in such an accessible setting.
Found this great testimonial on the event site:
“The best analogy I have for TEC is the video for “No Rain” from Blind Melon where that funky little bee-girl runs around seemingly confusing people as she dances around dressed like a bee in tap shoes. Identity and Access is just like that, we spend all year telling people about it, customers eventually get it, relatives just smile, and spouses do their best, but at TEC we find ourselves surrounded by people speaking the same jargon even if their native language is different, our acronyms are harmonic.”
- Craig Martin
Wednesday, August 17, 2011
I really like this post so thought I’d pass it on…
Testing FIM for customer deployments is near and dear to my heart because it is a target rich environment for automation (PowerShell!!!). I find it fascinatingly difficult to motivate anybody to spend time on it until thing are foo-bar.