Tuesday, March 03, 2015

Installing MIM CTP2 using PowerShell DSC

Just downloaded Preview 2 for Microsoft Identity Manager (MIM) and installed it for the first time using PowerShell Desired State Configuration.

It comes with a Test Lab Guide, but I’m no button-monkey so decided to not bother doing it the lame way.

The DSC script below shows the salient points for getting MIM Sync, MIM Service and MIM Portal installed.

Happy testing!

$ConfigurationData = @{

    AllNodes = @(

        @{

            NodeName               = (hostname)

            CertificateFile        = "c:\Certificates\hoofhearted.cer"

         }

    )

}

 

configuration MimPreReqsInstall

{

 

    Import-DsCResource -ModuleName xPendingReboot

    Import-DscResource -ModuleName xPSDesiredStateConfiguration

 

    $localAdminCred         = New-Object System.Management.Automation.PSCredential administrator,            (ConvertTo-SecureString 'H00fHearted?' -AsPlainText -Force)

    $fimMaCred              = New-Object System.Management.Automation.PSCredential "$(hostname)\fimma",      (ConvertTo-SecureString 'H00fHearted?' -AsPlainText -Force)

    $fimSvcCred             = New-Object System.Management.Automation.PSCredential "$(hostname)\fimsvc",     (ConvertTo-SecureString 'H00fHearted?' -AsPlainText -Force)

    $fimSyncSvcCred         = New-Object System.Management.Automation.PSCredential "$(hostname)\fimsyncsvc", (ConvertTo-SecureString 'H00fHearted?' -AsPlainText -Force)

   

 

    node $AllNodes.NodeName

    {

        LocalConfigurationManager

        {

             CertificateId                  = "-----------------------"

             RebootNodeIfNeeded             = 'true'

             ConfigurationModeFrequencyMins = '15'

        }

 

        #region MIM Install

        User FimMA

        {

            Ensure   = "Present"

            UserName = $fimMaCred.GetNetworkCredential().UserName

            Password = $fimMaCred

        }

 

        User FimSvc

        {

            Ensure   = "Present"

            UserName = $fimSvcCred.GetNetworkCredential().UserName

            Password = $fimSvcCred

        }

 

        User FimSyncSvc

        {

            Ensure   = "Present"

            UserName = $fimSyncSvcCred.GetNetworkCredential().UserName

            Password = $fimSyncSvcCred

        }

 

        Group FimSyncAdmins

        {

            Ensure           = "Present"

            GroupName        = 'FimSyncAdmins'

            Description      = 'FIM Sychronization Administrators'

            MembersToInclude = $localAdminCred.UserName

        }

 

        Service SQLAgentService

        {

            Name = "SQLSERVERAGENT"

            StartupType = "Automatic"

            State = "Running"

        }

 

        Service SPAdminV4Service

        {

            Name = "SPAdminV4"

            StartupType = "Automatic"

            State = "Running"

        }

 

        Service MSSQLSERVER

        {

            Name = "MSSQLSERVER"

            StartupType = "Automatic"

            State = "Running"

        }

 

        xPendingReboot BeforeFimInstall

        {

            #NOTE - this warning can be safely ignored : "Unable to query CCM_ClientUtilities: Invalid namespace"

            Name = "BeforeFimInstall"

        }

 

        xPackage InstallMimSync

        {

            Ensure             = "Present"

            Name               = "Microsoft Identity Manager Synchronization Service"

            Path               = "c:\temp\mim\synchronization Service\synchronization Service.msi"

            RunAsCredential    = $localAdminCred

            ProductId          = '5A7CB0A3-7AA2-4F40-8899-02B83694085F'

            Arguments          = @(

                                    "ACCEPT_EULA=1"

                                    "serviceaccount=$($fimSvcCred.GetNetworkCredential().UserName)"

                                    "servicepassword=$($fimSvcCred.GetNetworkCredential().Password)"

                                    "servicedomain=$($fimSvcCred.GetNetworkCredential().Domain)"

                                    "storeserver=$(hostname)"

                                    "reboot=reallysuppress"

                                    "groupadmins=FIMSyncAdmins"

                                    "GROUPOPERATORS=FimSyncAdmins"

                                    "GROUPACCOUNTJOINERS=FimSyncAdmins"

                                    "GROUPBROWSE=FimSyncAdmins"

                                    "GROUPPASSWORDSET=FimSyncAdmins"

                                    ) -join ' '

            LogPath            = "C:\Windows\Temp\fimsync-install.log"

            DependsOn          = @(

                                    "[Service]MSSQLSERVER"

                                    "[User]FimSyncSvc"

                                    "[Group]FimSyncAdmins"

                                    "[xPendingReboot]BeforeFimInstall"

                                  )

        }

      

        xPackage MimService

        {

            Ensure             = "Present"

            Name               = "Microsoft Identity Manager Service and Portal"

            Path               = "C:\Temp\MIM\Service and Portal\service and portal.msi"

            RunAsCredential    = $localAdminCred

            Arguments          = @(

                                    "ADDLOCAL=CommonServices,WebPortals"

                                    "ACCEPT_EULA=1"

                                    "SQLSERVER_SERVER=localhost"

                                    "SERVICE_ACCOUNT_NAME=$($fimSvcCred.UserName)"

                                    "SERVICE_ACCOUNT_PASSWORD=$($fimSvcCred.GetNetworkCredential().Password)"

                                    "SERVICE_ACCOUNT_DOMAIN=$($fimSvcCred.GetNetworkCredential().Domain)"

                                    "SERVICE_ACCOUNT_EMAIL=foo@bar.baz"

                                    "SYNCHRONIZATION_SERVER=$(hostname)"

                                    "SYNCHRONIZATION_SERVER_ACCOUNT=$($fimMaCred.UserName)"

                                    "MAIL_SERVER=localhost"

                                    "MAIL_SERVER_USE_SSL=0"

                                    "MAIL_SERVER_IS_EXCHANGE=0"

                                    "SERVICEADDRESS=$(hostname)"

                                    "SHAREPOINT_URL=http://localhost"

                                ) -join ' '

            LogPath            = "C:\Windows\Temp\fimservice-install.log"

            ProductID          = "0782FB14-023A-430F-B0D5-4AE1D1CCFCAA"

            DependsOn          = @(

                                    "[xPendingReboot]BeforeFimInstall"

                                    "[Service]SQLAgentService"

                                    "[Service]SPAdminV4Service"

                                    "[User]FimMA"

                                  )     

        }

 

             Service FimService

             {

                   Name      = "FimService"

                   State     = "Running"

                   DependsOn = '[xPackage]MimService'

             }

 

             Registry HypervKvpForFimService

             {

                   Ensure    = "Present"

                   Key       = "HKLM:\SOFTWARE\Microsoft\Virtual Machine\Auto"

                   ValueName = "MimServiceStatus"

                   ValueData = "Running"

                   DependsOn = '[Service]FimService'

             }

 

        #endregion

    }

}

 

MimInstall -ConfigurationData $ConfigurationData -OutputPath C:\Windows\Temp\MimInstall

 

Set-DscLocalConfigurationManager -Path C:\Windows\Temp\MimInstall

 

Start-DscConfiguration -Verbose -Wait -Path C:\Windows\Temp\MimInstall -Force

 

No comments: