Thursday, January 22, 2015

Using PowerShell to Find FIM Service Event Log Items

Turning FIM Service logging up to verbose yields some very useful detail, often revealing vital clues to a mystery problem.  The trouble is that verbose logging results in a heavy yield, making it very difficult to sift through manually with Event Viewer.

Here are a couple commands I had to use recently to find event log items relating to queries.  The command is very easy to use, the only trick is knowing what to look for.  Once you have an idea of what to look for you can use the Message parameter with wildcards to find it.

Find events regarding the FIM web service:

Get-EventLog -LogName 'Forefront Identity Manager' -Message 'WS*'

 

WS: Action.Get.Execute.Enter

WS: GetCurrentUserFromSecurityIdentifier.Exit

WS: GetCurrentUserFromSecurityIdentifier.Enter: S-1-5-21-2738960992-2406426622-3534036869-500

WS: ObjectID,CountXPath,CreatedTime,Creator,DeletedTime,Description,DetectedRulesList,DisplayName

WS: Get: enter

WS: Enumerate.Exit

WS: Action.Enumerate.Execute.Exit

WS: Action.Enumerate.Execute.Enter

WS: GetCurrentUserFromSecurityIdentifier.Exit

WS: GetCurrentUserFromSecurityIdentifier.Enter: S-1-5-21-2738960992-2406426622-3534036869-500

WS: Enumerate.Enter

 

Find events regarding the FIM Service enumeration (query):

Get-EventLog -LogName 'Forefront Identity Manager' -Message 'Enumerate*'

 

Enumerate(/AttributeTypeDescription[Name="Locale"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ListViewPagesToCache"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ListViewPageSize"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ListViewCacheTimeOut"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="LastResetAttemptTime"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="LastName"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="JobTitle"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsRASEnabled"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsConfigurationType"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsAuthorizationActivity"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsAuthenticationActivity"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsActionActivity"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IntegerMinimum"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IntegerMaximum"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="InitialFlow"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ImageUrl"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ILMObjectType"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="HasCollateralRequest"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GrantRight"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GateTypeId"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GateID"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GateData"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FunctionParameters"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FunctionName"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FreezeLevel"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FreezeCount"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ForestConfiguration"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ForeignSecurityPrincipalSet"]), Principal(7fb2b853-24f0-4498-9534-4e105897...

Enumerate(/AttributeTypeDescription[Name="FlowType"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FirstName"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="Filter"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExplicitMember"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExpirationTime"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExpectedRulesList"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExpectedRuleEntryAction"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExistenceTest"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="EndpointAddress"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="EmployeeStartDate"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

'@

Enumerate(/AttributeTypeDescription[Name="Locale"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ListViewPagesToCache"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ListViewPageSize"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ListViewCacheTimeOut"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="LastResetAttemptTime"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="LastName"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="JobTitle"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsRASEnabled"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsConfigurationType"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsAuthorizationActivity"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsAuthenticationActivity"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IsActionActivity"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IntegerMinimum"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="IntegerMaximum"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="InitialFlow"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ImageUrl"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ILMObjectType"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="HasCollateralRequest"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GrantRight"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GateTypeId"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GateID"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="GateData"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FunctionParameters"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FunctionName"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FreezeLevel"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FreezeCount"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ForestConfiguration"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ForeignSecurityPrincipalSet"]), Principal(7fb2b853-24f0-4498-9534-4e105897...

Enumerate(/AttributeTypeDescription[Name="FlowType"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="FirstName"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="Filter"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExplicitMember"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExpirationTime"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExpectedRulesList"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExpectedRuleEntryAction"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="ExistenceTest"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="EndpointAddress"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

Enumerate(/AttributeTypeDescription[Name="EmployeeStartDate"]), Principal(7fb2b853-24f0-4498-9534-4e10589723c4)

 

No comments: