FIM Workflows with PowerShell

Slides:



Advertisements
Similar presentations
Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS
Advertisements

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Welcome Course 20410B Module 0: Introduction Audience
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Microsoft Identity and Access Solutions Market Trends and Futures
Sage CRM Developers Course
Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
Deploying and Managing Windows Server 2012
Electronically approve and create Suppliers in Oracle Financials using a combination of APEX and Oracle Workflow. NZOUG Conference 2010 Brad Sayer Team.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Module 14: Configuring Server Security Compliance
Common Servers in a Workplace Environment Brandon Reynolds Computer Electronic Networking Dept. of Technology, Eastern Kentucky University.
Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.
QuickBooks, Hosted by Reckon Online – Linking with your client Presented by Cole Atkinson.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Project 2003 Presentation Ben Howard 15 th July 2003.
Process Content Packs consist of ready-to-use static pre-defined data sets. Packs fill the gap between the OOTB product and a full customized services.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
I Copyright © 2007, Oracle. All rights reserved. Module i: Siebel 8.0 Essentials Training Siebel 8.0 Essentials.
Guide to MCSE , Enhanced1 Activity 1-1: Determining the Windows Server 2003 Edition Installed on a Server Objective is to determine the edition of.
Microsoft Management Seminar Series SMS 2003 Change Management.
Lesson 12: Configuring Remote Management
Corey Hynes HynesITe, Inc Session Code: SRV317 Objectives Let you walk out of here, being able to run a script against an OU of computers, to make some.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.
1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.
Microsoft ® Forefront ™ Identity Manager 2010 Infrastructure Planning and Design Published: June 2010.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
TE002 Coming to grips with management with Sage CRM Robert Tan.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
SharePoint Workflow Prepared By: Eng. Rasha Farouk.
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
Workflow in Microsoft Office SharePoint Server Jessica Gruber Consultant Microsoft Corporation.
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
Windows Certification Paths OR MCSA Windows Server 2012 Installing and Configuring Windows Server 2012 Exam (20410) Administering Windows Server.
Internal developer tools and bug tracking Arabic / Hebrew Windows 3.1Win95 Japanese Word, OneNote, Outlook
Mikael Deurell Senior Consultant Microsoft Mail: Blog: blogs.msdn.com/deurell.
Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine.
Pass Microsoft Installing and Configuring Windows Server 2012 exam in just 24 HOURS! 100% REAL EXAM QUESTIONS ANSWERS Microsoft Installing.
MCSA Windows Server 2012 Pass Upgrading Your Skills to MCSA Windows Server 2012 Exam By The Help Of Exams4Sure Get Complete File From
Exam : Upgrading Your Skills to MCSA: Windows Server 2016
Developing Hybrid Apps on Microsoft Azure Stack
Exam : Identity with Windows Server 2016
Securing the Network Perimeter with ISA 2004
Enterprise Library Overview
SERVICE NOW online Training at GoLogica
Download dumps - Microsoft Real Exam Questions Dumps4download
DevOps Database Administration
Rapid Connect® Getting Started
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
DevOps Database Administration
Managing Exchange Online using Office 365 Admin Console
Real World Scenarios with Service Manager and Orchestrator – Best in Breed Together
DAT381 Team Development with SQL Server 2005
Outsourcing Database Administration
Designing IIS Security (IIS – Internet Information Service)
MS-202 Exam Questions Answers Dumps 2019
MS-200 Planning and Configuring a Messaging Platform Pass Your Exam in One Attempt.
Presentation transcript:

FIM Workflows with PowerShell Identity Management | Data Protection | Authentication Strategies FIM Workflows with PowerShell Presented by Craig Martin October 2013 © 2013 Edgile, Inc. – All Rights Reserved

Edgile Introduction Established in 2001 by Partners and Senior Managers from Deloitte to Deliver Security Solutions to Leading Companies: Microsoft Security Solutions from the boardroom to the network Addressing the most challenging security issues confronting our customers Long-term relations driving solutions from strategy to deployment Edgile Exceeds Big-4 in Quality and Style: Senior resources with real world experience Small, focused and capable teams Senior technologist High Low Boutiques MS Expertise VARS Competitors Junior Resources, High % of Clients Not Reference-able Big 4 Low High Professionalism

1 2 3 4 5 FIM PowerShell Workflows Table of Contents FimPowerShellWF.codeplex.com 2 Installing the Activity 3 The FIM Request Processor 4 Creating Workflow Scripts 5 Debugging Workflow Scripts

FIM PowerShell Workflow Activity announcing FIM PowerShell Workflow Activity

FimPowerShellWF.codeplex.com I use it in production on some very large deployments

Installing the Activity Add the DLL to the GAC Update the FIM Service configuration file Create a FIM Person object for the FIM Service service account [Optional] Enable Tracing [Optional] Create a Windows EventLog Source

Installing the Activity ### ### Add the FIM snap-in and the super-awesome FIM PowerShell Module Add-PSSnapin fimautomation Import-Module .\FimPowerShellModule.psm1 ### Install the FIM PowerShell WF Activity .\Install-FimPowerShellWF.ps1 .\Update-FimServiceConfigFile.ps1 .\Create-FimServiceAccountAsFimPerson.ps1

FIM Service Pipeline Every request to the FIM Services passes through the request pipeline Workflows can be triggered via policy at each step New Request Permissions Validation Authentication Authorization Action (Response) Access control policies applied Defined in management policy rules User identity validation Self-service password reset One-time pass code integration Manager approval Data input validation Last chance to reject a request Successful request response workflow Most common extensibility point

Why PowerShell Workflow Scripts? Once you get PowerShell, these are very quick to produce Easy to develop, test and debug Good Instrumentation

Why –not PowerShell Workflow Scripts? Your team already has WF/C# skills You need the FIM building block activities Performance penalty of a PowerShell WF is not acceptable

What can you do from that script? Pretty much anything PowerShell will let you do (limited mostly by your imagination) Integrate with Active Directory Integrate with O365 Integrate with the FIM Service For example, using the FIM PowerShell Module

What can’t you do from that script? Authentication Activities Collateral FIM Requests FIM Impersonation Custom Approvals *Use .NET Framework 4.0 and above *Use PowerShell V3+ modules *workaround is to use WinRM

AuthZ WF Sample throw "Solve My Riddle!"

Viewing the Workflow in FIM

View a FIM Request that hit AuthZ

DEMO AuthZ Workflows

Anatomy of a FIM Request Property Description $fimwf.RequestID The GUID of the Request object in FIM $fimwf.TargetID The GUID of the FIM object being acted on $fimwf.ActorID The GUID of the FIM object that submitted the Request $fimwf.WorkflowDefinitionID The GUID of the Workflow being executed $fimwf.WorkflowDictionary The dictionary of items for the current Request phase

Reading FIM Request Details MyPowerShellWorkflow.PS1 ### Get the GUID of the Request object in FIM $fimwf.RequestID ### Get the GUID of the FIM object being acted on $fimwf.TargetID ### Get the GUID of the FIM object that submitted the Request $fimwf.ActorID ### Get the GUID of the Workflow being executed $fimwf.WorkflowDefinitionID ### Get the dictionary of items for the current Request phase $fimwf.WorkflowDictionary

Getting Objects from FIM MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 ### Get the Request Write-Verbose ("Getting the Request by ObjectID: {0}" -F $fimwf.RequestId.Guid) $Request = Export-FimConfig -Custom ("/*[ObjectID='{0}']" -F $fimwf.RequestId.Guid)| Convert-FimExportToPSObject

Getting Request Parameters MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 ### Get the Request Write-Verbose ("Getting the Request by ObjectID: {0}" -F $fimwf.RequestId.Guid) $Request = Export-FimConfig -Custom ("/*[ObjectID='{0}']" -F $fimwf.RequestId.Guid)| Convert-FimExportToPSObject ### Get the Request Parameters $Request | Get-FimRequestParameter

Viewing PowerShell Trace Output DEMO Viewing PowerShell Trace Output

Debugging a Workflow Script MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 <# ### Mock objects for testing $RequestId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $TargetId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $ActorId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $WorkflowDefinitionId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $fimwf = New-Object PSObject -Property @{ TargetId = $TargetId RequestID = $RequestId ActorId = $ActorId WorkflowDefinitionId = $WorkflowDefinitionId } #>

Debugging a Workflow Script (Sneaking Code Into Comments) MyPowerShellWorkflow.PS1 ### ### Load the FIM PowerShell Module Write-Verbose "Loading the FIM PowerShell Module" Import-Module C:\CodePlex\FimPowerShellModule\FimPowerShellModule.psm1 <# ### Mock objects for testing $RequestId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $TargetId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $ActorId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $WorkflowDefinitionId = New-Object PSObject -Property @{Guid='00000000-0000-0000-0000-000000000000'} $fimwf = New-Object PSObject -Property @{ TargetId = $TargetId RequestID = $RequestId ActorId = $ActorId WorkflowDefinitionId = $WorkflowDefinitionId } #>

Debugging a Workflow Script DEMO Debugging a Workflow Script

PowerShell WF Activity Roadmap Implementation of script retry and delay ETW tracing Event log integration Better AuthZ model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.