-
Notifications
You must be signed in to change notification settings - Fork 11
Configuring
The Management Agent (MA) is built on the Extensible Connectivity 2.0 Management Agent Framework (ECMA 2.0), provided as part of the Forefront Identity Manager 2010/R2.
It operates as an import/export MA, enabling PowerShell scripts to collect objects for import and an export script for each Connector Space (CS) object of the MA. The names of the PowerShell scripts are defined in the global parameter section of the MA configuration (see below).
The MA functions in a state-based manner, implying that imports should confirm exports.
It utilizes three distinct PowerShell scripts (in addition to a schema script), all of which must be located in a directory on the FIM Synchronization Service server. It's recommended that these scripts be stored in paths without spaces.
The MA supports two sets of credentials (both optional); one set of credentials is passed to all the scripts (no change from earlier versions), while the other set of credentials is used as the security context under which all scripts are run. This provides you with some nice options for mixing and matching credentials to build scripts that work under the correct security context.
All scripts are executed in the security context of the FIM Synchronization Service account if you do not specify impersonation credentials. Otherwise, scripts are run under the context of the user specified in the Impersonation credentials. The account that runs the script must have the necessary permissions to read the script file location and execute PowerShell scripts.
It is also recommended to specify a full path for each script. If no path is specified, then C:%SystemRoot%\System32 will be assumed (which is not desirable).
You should have a fair amount of experience with PowerShell to write solid scripts that will work with this MA. In the download section, you'll find sample scripts to help you get started.
Provisioning to the MA can be done through traditional provisioning code or through Synchronization Rules. It’s up to the user of the MA to specify the anchor attribute value. Also, the MA support datasource constructed anchors. You can find more on specifying anchor values in import and schema documentation.
There are no requirements for initial flow attributes other than populating the DN or anchor attribute (specified in the schema). However, you should of course consider requirements for initial values for the system that you are managing through the scripts.
You can flow any available attribute from the metaverse to the connector space (even multi-valued attributes) and they are all discoverable through the objects passed in the pipeline to the export script.