Tuesday, May 05, 2015

Using ConvertFrom-Json to View MIM Reporting Log Detail

Been playing with the new MIM reporting feature which I think is really cool.  The feature logs events to an event log named ‘Identity Manager Request Log’.  The log can be viewed with this handy PowerShell command:

Get-EventLog -LogName 'Identity Manager Request Log'

    Index Time          EntryType   Source                 InstanceID Message                                                                                           

   ----- ----          ---------   ------                 ---------- -------                                                                                           

       5 May 05 15:48  Information Microsoft.Identit...         4121 {"HybridObjectID":"851ff609-9383-4ad6-9e1e-8578e6ef12f3","ObjectType":"Request","Creator":{"Hybr...

       4 May 05 15:47  Information Microsoft.Identit...         4121 {"HybridObjectID":"322fa4e4-036a-4999-88b4-62f68c7daefa","ObjectType":"Request","Creator":{"Hybr...

       3 May 04 19:05  Information Microsoft.Identit...         4121 {"HybridObjectID":"a54f326c-e816-4cd9-84a0-e95eae0bb6db","ObjectType":"Request","Creator":{"Hybr...

       2 May 04 19:02  Information Microsoft.Identit...         4121 {"HybridObjectID":"c586ca82-a2ab-4a42-9cf0-b1d915073e58","ObjectType":"Request","Creator":{"Hybr...

       1 May 04 18:47  Information Microsoft.Identit...         4121 {"HybridObjectID":"56c3d42b-6540-4a26-8795-ea8006e239a5","ObjectType":"Request","Creator":{"Hybr...

 

 

Looking at the event message property it isn’t very easy to read, but it does contain a ton of detail:

Event Message

{"HybridObjectID":"851ff609-9383-4ad6-9e1e-8578e6ef12f3","ObjectType":"Request","Creator":{"HybridObjectID":"95604f19-cc4b-453b-a69b-82086027408b","CreatedTime":"Apr 30 2015  6:48PM","Creator":"2340","DomainConfiguration":"2730","ObjectID":"13418","AccountName":"TieDomi","Description":"Have any grapes?","DisplayName":"Tie Domi","Domain":"CMMIM001","Email":"TieDomi@cmmim001.ca","EmployeeType":"Contractor","FirstName":"Tie","JobTitle":"Enforcer","LastName":"Domi","ObjectType":"Person"},"Operation":"Put","Target":{"HybridObjectID":"fafff0d3-0e63-4084-9253-d74855ed2275","MembershipLocked":"0","CreatedTime":"Apr 30 2015  7:55PM","ComputedMember":["2340","13418"],"Creator":"2340","DisplayedOwner":"2340","ExplicitMember":["2340","13418"],"Owner":"2340","DomainConfiguration":"2730","ObjectID":"13426","DisplayName":"Leafs Fans","Domain":"cmmim001","MailNickname":"LeafsFans","MembershipAddWorkflow":"None","ObjectType":"Group","Scope":"Universal","Type":"Distribution"},"RequestStatus":"Completed","ManagementPolicy":[{"HybridObjectID":"fc53fd3c-92fa-4235-bbb7-2b21df6b98a0","Disabled":"0","GrantRight":"1","CreatedTime":"Apr 30 2015  8:17AM","PrincipalSet":"2733","ResourceCurrentSet":"2830","ResourceFinalSet":"2830","ObjectID":"2858","ActionParameter":"ExplicitMember","ActionType":["Add","Remove"],"Description":"Distribution list management: Users can add or remove any members of groups that don't require owner approval","DisplayName":"Distribution list management: Users can add or remove any members of groups that don't require owner approval","ObjectType":"ManagementPolicyRule","ManagementPolicyRuleType":"Request"},{"HybridObjectID":"5d94d491-e7dc-4da3-8026-fb125cfb3f2a","Disabled":"0","GrantRight":"0","CreatedTime":"Apr 30 2015  8:17AM","AuthorizationWorkflowDefinition":"2485","PrincipalSet":"2835","ResourceCurrentSet":"2836","ResourceFinalSet":"2836","ObjectID":"2913","ActionParameter":"ExplicitMember","ActionType":"Add","Description":"Group management workflow: Validate requestor on add member to open group","DisplayName":"Group management workflow: Validate requestor on add member to open group","ObjectType":"ManagementPolicyRule","ManagementPolicyRuleType":"Request"}],"AuthorizationWorkflowInstance":[{"HybridObjectID":"b85a56c8-cd08-408f-9464-3e2860177ce9","CreatedTime":"May  5 2015  3:48PM","WorkflowDefinition":"2485","Creator":"13418","Requestor":"13418","Target":"13426","Request":"33424","ObjectID":"33425","DisplayName":"Requestor Validation Without Owner Authorization","ObjectType":"WorkflowInstance","WorkflowStatus":"Completed"}],"DisplayName":"Update to Group:  'Leafs Fans' Request","CreatedTime":"5/5/2015 3:48:19 PM","TargetObjectType":"Group","CommittedTime":"5/5/2015 3:48:26 PM","RequestParameter":[{"Calculated":"false","PropertyName":"ExplicitMember","Value":{"HybridObjectID":"95604f19-cc4b-453b-a69b-82086027408b","CreatedTime":"Apr 30 2015  6:48PM","Creator":"2340","DomainConfiguration":"2730","ObjectID":"13418","AccountName":"TieDomi","Description":"Have any grapes?","DisplayName":"Tie Domi","Domain":"CMMIM001","Email":"TieDomi@cmmim001.ca","EmployeeType":"Contractor","FirstName":"Tie","JobTitle":"Enforcer","LastName":"Domi","ObjectType":"Person"},"Operation":"Create","Mode":"Add"}]}

Turns out that is just a pile of JSON which we can easily turn back into a useful object, like this:

Get-EventLog -LogName 'Identity Manager Request Log' -Newest 1 |

Select-Object -ExpandProperty Message |

ConvertFrom-Json

 

HybridObjectID                : 851ff609-9383-4ad6-9e1e-8578e6ef12f3

ObjectType                    : Request

Creator                       : @{HybridObjectID=95604f19-cc4b-453b-a69b-82086027408b; CreatedTime=Apr 30 2015  6:48PM; Creator=2340; DomainConfiguration=2730;

                                ObjectID=13418; AccountName=TieDomi; Description=Have any grapes?; DisplayName=Tie Domi; Domain=CMMIM001; Email=TieDomi@cmmim001.ca;

                                EmployeeType=Contractor; FirstName=Tie; JobTitle=Enforcer; LastName=Domi; ObjectType=Person}

Operation                     : Put

Target                        : @{HybridObjectID=fafff0d3-0e63-4084-9253-d74855ed2275; MembershipLocked=0; CreatedTime=Apr 30 2015  7:55PM;

                                ComputedMember=System.Object[]; Creator=2340; DisplayedOwner=2340; ExplicitMember=System.Object[]; Owner=2340;

                                DomainConfiguration=2730; ObjectID=13426; DisplayName=Leafs Fans; Domain=cmmim001; MailNickname=LeafsFans; MembershipAddWorkflow=None;

                                ObjectType=Group; Scope=Universal; Type=Distribution}

RequestStatus                 : Completed

ManagementPolicy              : {@{HybridObjectID=fc53fd3c-92fa-4235-bbb7-2b21df6b98a0; Disabled=0; GrantRight=1; CreatedTime=Apr 30 2015  8:17AM; PrincipalSet=2733;

                                ResourceCurrentSet=2830; ResourceFinalSet=2830; ObjectID=2858; ActionParameter=ExplicitMember; ActionType=System.Object[];

                                Description=Distribution list management: Users can add or remove any members of groups that don't require owner approval;

                                DisplayName=Distribution list management: Users can add or remove any members of groups that don't require owner approval;

                                ObjectType=ManagementPolicyRule; ManagementPolicyRuleType=Request}, @{HybridObjectID=5d94d491-e7dc-4da3-8026-fb125cfb3f2a; Disabled=0;

                                GrantRight=0; CreatedTime=Apr 30 2015  8:17AM; AuthorizationWorkflowDefinition=2485; PrincipalSet=2835; ResourceCurrentSet=2836;

                                ResourceFinalSet=2836; ObjectID=2913; ActionParameter=ExplicitMember; ActionType=Add; Description=Group management workflow: Validate

                                requestor on add member to open group; DisplayName=Group management workflow: Validate requestor on add member to open group;

                                ObjectType=ManagementPolicyRule; ManagementPolicyRuleType=Request}}

AuthorizationWorkflowInstance : {@{HybridObjectID=b85a56c8-cd08-408f-9464-3e2860177ce9; CreatedTime=May  5 2015  3:48PM; WorkflowDefinition=2485; Creator=13418;

                                Requestor=13418; Target=13426; Request=33424; ObjectID=33425; DisplayName=Requestor Validation Without Owner Authorization;

                                ObjectType=WorkflowInstance; WorkflowStatus=Completed}}

DisplayName                   : Update to Group:  'Leafs Fans' Request

CreatedTime                   : 5/5/2015 3:48:19 PM

TargetObjectType              : Group

CommittedTime                 : 5/5/2015 3:48:26 PM

RequestParameter              : {@{Calculated=false; PropertyName=ExplicitMember; Value=; Operation=Create; Mode=Add}}

 

No comments: