Monday, May 11, 2015

Microsoft MVP Virtual Conference

Pretty excited to be doing a presentation on PowerShell Desired State Configuration this week for the Microsoft MVP Virtual Conference: PowerShell Desired State Configuration (DSC) - Custom Resource Development

The Microsoft MVP Virtual Conference is a free event that Microsoft and the MVPs are putting on, May 14th & 15th.  Join Microsoft MVPs from the Americas’ region as they share their knowledge and real-world expertise during a free event, the MVP Virtual Conference.

The conference will showcase 95 sessions of content for IT Pros, Developers and Consumer experts designed to help you navigate life in a mobile-first, cloud-first world.  Microsoft’s Corporate Vice President of Developer Platform, Steve Guggenheimer, will be on hand to deliver the opening Key Note Address.

Why attend MVP V-Conf? The conference will have 5 tracks, IT Pro English, Dev English, Consumer English, Portuguese mixed sessions & Spanish mixed sessions, there is something for everyone! Learn from the best and brightest MVPs in the tech world today and develop some great skills!

Be sure to register quickly to hold your spot and tell your friends & colleagues.

The conference will be widely covered on social media, you can join the conversation by following @MVPAward and using the hashtag #MVPvConf.

Tuesday, May 05, 2015

Using ConvertFrom-Json to View MIM Reporting Log Detail

Been playing with the new MIM reporting feature which I think is really cool.  The feature logs events to an event log named ‘Identity Manager Request Log’.  The log can be viewed with this handy PowerShell command:

Get-EventLog -LogName 'Identity Manager Request Log'

    Index Time          EntryType   Source                 InstanceID Message                                                                                           

   ----- ----          ---------   ------                 ---------- -------                                                                                           

       5 May 05 15:48  Information Microsoft.Identit...         4121 {"HybridObjectID":"851ff609-9383-4ad6-9e1e-8578e6ef12f3","ObjectType":"Request","Creator":{"Hybr...

       4 May 05 15:47  Information Microsoft.Identit...         4121 {"HybridObjectID":"322fa4e4-036a-4999-88b4-62f68c7daefa","ObjectType":"Request","Creator":{"Hybr...

       3 May 04 19:05  Information Microsoft.Identit...         4121 {"HybridObjectID":"a54f326c-e816-4cd9-84a0-e95eae0bb6db","ObjectType":"Request","Creator":{"Hybr...

       2 May 04 19:02  Information Microsoft.Identit...         4121 {"HybridObjectID":"c586ca82-a2ab-4a42-9cf0-b1d915073e58","ObjectType":"Request","Creator":{"Hybr...

       1 May 04 18:47  Information Microsoft.Identit...         4121 {"HybridObjectID":"56c3d42b-6540-4a26-8795-ea8006e239a5","ObjectType":"Request","Creator":{"Hybr...

 

 

Looking at the event message property it isn’t very easy to read, but it does contain a ton of detail:

Event Message

{"HybridObjectID":"851ff609-9383-4ad6-9e1e-8578e6ef12f3","ObjectType":"Request","Creator":{"HybridObjectID":"95604f19-cc4b-453b-a69b-82086027408b","CreatedTime":"Apr 30 2015  6:48PM","Creator":"2340","DomainConfiguration":"2730","ObjectID":"13418","AccountName":"TieDomi","Description":"Have any grapes?","DisplayName":"Tie Domi","Domain":"CMMIM001","Email":"TieDomi@cmmim001.ca","EmployeeType":"Contractor","FirstName":"Tie","JobTitle":"Enforcer","LastName":"Domi","ObjectType":"Person"},"Operation":"Put","Target":{"HybridObjectID":"fafff0d3-0e63-4084-9253-d74855ed2275","MembershipLocked":"0","CreatedTime":"Apr 30 2015  7:55PM","ComputedMember":["2340","13418"],"Creator":"2340","DisplayedOwner":"2340","ExplicitMember":["2340","13418"],"Owner":"2340","DomainConfiguration":"2730","ObjectID":"13426","DisplayName":"Leafs Fans","Domain":"cmmim001","MailNickname":"LeafsFans","MembershipAddWorkflow":"None","ObjectType":"Group","Scope":"Universal","Type":"Distribution"},"RequestStatus":"Completed","ManagementPolicy":[{"HybridObjectID":"fc53fd3c-92fa-4235-bbb7-2b21df6b98a0","Disabled":"0","GrantRight":"1","CreatedTime":"Apr 30 2015  8:17AM","PrincipalSet":"2733","ResourceCurrentSet":"2830","ResourceFinalSet":"2830","ObjectID":"2858","ActionParameter":"ExplicitMember","ActionType":["Add","Remove"],"Description":"Distribution list management: Users can add or remove any members of groups that don't require owner approval","DisplayName":"Distribution list management: Users can add or remove any members of groups that don't require owner approval","ObjectType":"ManagementPolicyRule","ManagementPolicyRuleType":"Request"},{"HybridObjectID":"5d94d491-e7dc-4da3-8026-fb125cfb3f2a","Disabled":"0","GrantRight":"0","CreatedTime":"Apr 30 2015  8:17AM","AuthorizationWorkflowDefinition":"2485","PrincipalSet":"2835","ResourceCurrentSet":"2836","ResourceFinalSet":"2836","ObjectID":"2913","ActionParameter":"ExplicitMember","ActionType":"Add","Description":"Group management workflow: Validate requestor on add member to open group","DisplayName":"Group management workflow: Validate requestor on add member to open group","ObjectType":"ManagementPolicyRule","ManagementPolicyRuleType":"Request"}],"AuthorizationWorkflowInstance":[{"HybridObjectID":"b85a56c8-cd08-408f-9464-3e2860177ce9","CreatedTime":"May  5 2015  3:48PM","WorkflowDefinition":"2485","Creator":"13418","Requestor":"13418","Target":"13426","Request":"33424","ObjectID":"33425","DisplayName":"Requestor Validation Without Owner Authorization","ObjectType":"WorkflowInstance","WorkflowStatus":"Completed"}],"DisplayName":"Update to Group:  'Leafs Fans' Request","CreatedTime":"5/5/2015 3:48:19 PM","TargetObjectType":"Group","CommittedTime":"5/5/2015 3:48:26 PM","RequestParameter":[{"Calculated":"false","PropertyName":"ExplicitMember","Value":{"HybridObjectID":"95604f19-cc4b-453b-a69b-82086027408b","CreatedTime":"Apr 30 2015  6:48PM","Creator":"2340","DomainConfiguration":"2730","ObjectID":"13418","AccountName":"TieDomi","Description":"Have any grapes?","DisplayName":"Tie Domi","Domain":"CMMIM001","Email":"TieDomi@cmmim001.ca","EmployeeType":"Contractor","FirstName":"Tie","JobTitle":"Enforcer","LastName":"Domi","ObjectType":"Person"},"Operation":"Create","Mode":"Add"}]}

Turns out that is just a pile of JSON which we can easily turn back into a useful object, like this:

Get-EventLog -LogName 'Identity Manager Request Log' -Newest 1 |

Select-Object -ExpandProperty Message |

ConvertFrom-Json

 

HybridObjectID                : 851ff609-9383-4ad6-9e1e-8578e6ef12f3

ObjectType                    : Request

Creator                       : @{HybridObjectID=95604f19-cc4b-453b-a69b-82086027408b; CreatedTime=Apr 30 2015  6:48PM; Creator=2340; DomainConfiguration=2730;

                                ObjectID=13418; AccountName=TieDomi; Description=Have any grapes?; DisplayName=Tie Domi; Domain=CMMIM001; Email=TieDomi@cmmim001.ca;

                                EmployeeType=Contractor; FirstName=Tie; JobTitle=Enforcer; LastName=Domi; ObjectType=Person}

Operation                     : Put

Target                        : @{HybridObjectID=fafff0d3-0e63-4084-9253-d74855ed2275; MembershipLocked=0; CreatedTime=Apr 30 2015  7:55PM;

                                ComputedMember=System.Object[]; Creator=2340; DisplayedOwner=2340; ExplicitMember=System.Object[]; Owner=2340;

                                DomainConfiguration=2730; ObjectID=13426; DisplayName=Leafs Fans; Domain=cmmim001; MailNickname=LeafsFans; MembershipAddWorkflow=None;

                                ObjectType=Group; Scope=Universal; Type=Distribution}

RequestStatus                 : Completed

ManagementPolicy              : {@{HybridObjectID=fc53fd3c-92fa-4235-bbb7-2b21df6b98a0; Disabled=0; GrantRight=1; CreatedTime=Apr 30 2015  8:17AM; PrincipalSet=2733;

                                ResourceCurrentSet=2830; ResourceFinalSet=2830; ObjectID=2858; ActionParameter=ExplicitMember; ActionType=System.Object[];

                                Description=Distribution list management: Users can add or remove any members of groups that don't require owner approval;

                                DisplayName=Distribution list management: Users can add or remove any members of groups that don't require owner approval;

                                ObjectType=ManagementPolicyRule; ManagementPolicyRuleType=Request}, @{HybridObjectID=5d94d491-e7dc-4da3-8026-fb125cfb3f2a; Disabled=0;

                                GrantRight=0; CreatedTime=Apr 30 2015  8:17AM; AuthorizationWorkflowDefinition=2485; PrincipalSet=2835; ResourceCurrentSet=2836;

                                ResourceFinalSet=2836; ObjectID=2913; ActionParameter=ExplicitMember; ActionType=Add; Description=Group management workflow: Validate

                                requestor on add member to open group; DisplayName=Group management workflow: Validate requestor on add member to open group;

                                ObjectType=ManagementPolicyRule; ManagementPolicyRuleType=Request}}

AuthorizationWorkflowInstance : {@{HybridObjectID=b85a56c8-cd08-408f-9464-3e2860177ce9; CreatedTime=May  5 2015  3:48PM; WorkflowDefinition=2485; Creator=13418;

                                Requestor=13418; Target=13426; Request=33424; ObjectID=33425; DisplayName=Requestor Validation Without Owner Authorization;

                                ObjectType=WorkflowInstance; WorkflowStatus=Completed}}

DisplayName                   : Update to Group:  'Leafs Fans' Request

CreatedTime                   : 5/5/2015 3:48:19 PM

TargetObjectType              : Group

CommittedTime                 : 5/5/2015 3:48:26 PM

RequestParameter              : {@{Calculated=false; PropertyName=ExplicitMember; Value=; Operation=Create; Mode=Add}}