Thursday, August 28, 2014

Find FIM Approval Actions

We recently had to move the FIM Service to a new computer.  FIM Approval objects are stamped with an EndpointAddress, which is constructed with details from the FIM Service configuration file (Microsoft.ResourceManagement.Service.exe.config).  If care is not taken with the configuration file, then pending Approval objects from before the move will not be actionable (users will not be able to approve/deny).

To check that Approvals are working, you can use an XPath query looking for Approvals created before the server move and Requests targeting those Approvals after the server move.  The query looks like this:

 

 

###

### Find Approvals acted on since a certain date

###

Export-FimConfig -OnlyBaseResources -Custom "/Request

[

    TargetObjectType = 'Approval'

    and

    CreatedTime >= '2014-08-27T23:00:00'

]/Target

[

    CreatedTime <= '2014-08-27T23:00:00'

]

"

 

That query will return the Approval objects, so you will be able to determine what action the user took, and if there were issues.

To output the Request objects instead of the Approval objects, use this filter:

 

 

"/Request

[

    TargetObjectType = 'Approval'

    and

    CreatedTime >= '2014-08-27T23:15:00'

    and

    Target = /Approval

    [

        CreatedTime <= '2014-08-27T23:15:00'

    ]

]

"

 

 

 

No comments: