Documentation Home

Configuration management

The PowerShell module has its own built-in support for configuration management and control within the FIM service. Using an XML file, you can define how resources should appear in the FIM service, and use the [[Import-RMConfig]] cmdlet to create, update, and delete resources and attributes as appropriate. The module also supports the use of variables and placeholders to make transitioning configuration between environments as seamless as possible.

Ike Ugochuku has produced a getting started guide to introduce you to configuration management and [[Import-RMConfig]].

XML File Reference

Referencing within the XML file

The XML file structure allows you to not only reference objects in the FIM Service, but also to reference other resources described in XML. This can ensure referential integrity and maintain relationships between objects that may or may not have been created in the FIM service. See the topic on [[Building References]] for more information

Sample XML file

The following demonstrates how to describe a set, workflow and MPR in an XML file that can be applied using the Import-RMConfig cmdlet.

<?xml version="1.0" encoding="utf-8" ?>
<Lithnet.ResourceManagement.ConfigSync>
  <Variables>
    <Variable name="#domain#" value="%userdomain%"/>
    <Variable name="#PATH#" value =".\" />
  </Variables>
  
  <Operations>
    <!-- Create Set -->
    <ResourceOperation operation="Add Update" resourceType="Set" id="demoSet">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">___Demo Set</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Contains all the test users for the purpose of this demo</AttributeOperation>
        <AttributeOperation operation="replace" name="Filter" type="filter">/Person[starts-with(AccountName, 'testuser')]</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
	
  <!-- Create Email Template -->
  <ResourceOperation operation="Add Update" resourceType="EmailTemplate" id="demoEmailTemplate">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">___Demo Email Template</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">An email template created for the purpose of this demo</AttributeOperation>
        <AttributeOperation operation="replace" name="EmailTemplateType">Notification</AttributeOperation>
        <AttributeOperation operation="replace" name="EmailBody" type="file">#PATH#Templates\EmailTemplate.html</AttributeOperation>
        <AttributeOperation operation="replace" name="EmailSubject">Hello FIM user group</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
	
  <!-- Create Workflow Definition -->
  <ResourceOperation operation="Add Update" resourceType="WorkflowDefinition" id="demoWorkflowDefinition">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">___Demo Workflow Definition</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Sends an account expiry notification email to users email address2</AttributeOperation>
        <AttributeOperation operation="replace" name="XOML" type="file">#PATH#Templates\WFDemo.xml</AttributeOperation>
        <AttributeOperation operation="replace" name="RequestPhase">Action</AttributeOperation>
        <AttributeOperation operation="replace" name="RunOnPolicyUpdate">false</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
	
  <!-- Create MPR -->
  <ResourceOperation operation="Add Update" resourceType="ManagementPolicyRule" id="demoMPR">
      <AnchorAttributes>
        <AnchorAttribute>DisplayName</AnchorAttribute>
      </AnchorAttributes>
      <AttributeOperations>
        <AttributeOperation operation="replace" name="DisplayName">___Demo MPR - Triggers Workflow</AttributeOperation>
        <AttributeOperation operation="replace" name="Description">Triggers the "##xmlref:demoWorkflowDefinition:DisplayName##" workflow when a user account transitions into the "##xmlref:demoSet:DisplayName##" set</AttributeOperation>
        <AttributeOperation operation="replace" name="ActionParameter">*</AttributeOperation>
        <AttributeOperation operation="replace" name="ActionType">TransitionIn</AttributeOperation>
        <AttributeOperation operation="replace" name="ActionWorkflowDefinition" type="xmlref">demoWorkflowDefinition</AttributeOperation>
        <AttributeOperation operation="replace" name="Disabled">false</AttributeOperation>
        <AttributeOperation operation="replace" name="GrantRight">false</AttributeOperation>
        <AttributeOperation operation="replace" name="ManagementPolicyRuleType">SetTransition</AttributeOperation>
        <AttributeOperation operation="replace" name="ResourceFinalSet" type="xmlref">demoSet</AttributeOperation>
      </AttributeOperations>
    </ResourceOperation>
  </Operations>
</Lithnet.ResourceManagement.ConfigSync>

Default XSD Schema

The following is the complete XSD schema that can be used for validating a ResourceManagement Configuration file. Thanks to Thomas Weyermann for documenting this.

<?xml version="1.0" encoding="utf-8"?>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:element name="Lithnet.ResourceManagement.ConfigSync">
    <xs:complexType>
      <xs:sequence>
        <xs:element name="Variables" type="xs:string" />
        <xs:element name="Operations">
          <xs:complexType>
            <xs:sequence>
              <xs:element maxOccurs="unbounded" name="ResourceOperation">
                <xs:complexType>
                  <xs:sequence>
                    <xs:element name="AnchorAttributes">
                      <xs:complexType>
                        <xs:sequence>
                          <xs:element maxOccurs="unbounded" name="AnchorAttribute" type="xs:string" />
                        </xs:sequence>
                      </xs:complexType>
                    </xs:element>
                    <xs:element name="AttributeOperations">
                      <xs:complexType mixed="true">
                        <xs:sequence>
                          <xs:element maxOccurs="unbounded" name="AttributeOperation">
                            <xs:complexType>
                              <xs:simpleContent>
                                <xs:extension base="xs:string">
                                  <xs:attribute name="operation" use="required">
                                    <xs:simpleType>
                                      <xs:restriction base="xs:string">
                                        <xs:enumeration value="none"/>
                                        <xs:enumeration value="add"/>
                                        <xs:enumeration value="replace"/>
                                        <xs:enumeration value="delete"/>
                                      </xs:restriction>
                                    </xs:simpleType>
                                  </xs:attribute>
                                  <xs:attribute name="name" type="xs:string" use="required" />
                                  <xs:attribute name="type" use="optional">
                                    <xs:simpleType>
                                      <xs:restriction base="xs:string">
                                        <xs:enumeration value="file"/>
                                        <xs:enumeration value="xmlref"/>
                                        <xs:enumeration value="filter"/>
                                        <xs:enumeration value="ref"/>
                                      </xs:restriction>
                                    </xs:simpleType>
                                  </xs:attribute>
                                </xs:extension>
                              </xs:simpleContent>
                            </xs:complexType>
                          </xs:element>
                        </xs:sequence>
                      </xs:complexType>
                    </xs:element>
                  </xs:sequence>
                  <xs:attribute name="operation" use="required">
                    <xs:simpleType>
                      <xs:restriction base="xs:string">                        
                        <xs:enumeration value="Add"/>
                        <xs:enumeration value="Add Update"/>
                        <xs:enumeration value="Delete"/>
                        <xs:enumeration value="Update"/>
                        <xs:enumeration value="None"/>
                      </xs:restriction>
                    </xs:simpleType>
                  </xs:attribute>
                  <xs:attribute name="resourceType" type="xs:string" use="required" />
                  <xs:attribute name="id" type="xs:string" use="required" />
                  <xs:attribute name="refresh-schema" use="optional" >
                    <xs:simpleType>
                      <xs:restriction base="xs:string">
                        <xs:enumeration value="before-operation"/>
                        <xs:enumeration value="after-operation"/>
                      </xs:restriction>
                    </xs:simpleType>
                  </xs:attribute>
                  <xs:attribute name="locale" type="xs:string" use="optional" />
                </xs:complexType>
              </xs:element>
            </xs:sequence>
          </xs:complexType>
          <xs:unique name="idUniqueKey">
            <xs:selector xpath="ResourceOperation" />
            <xs:field xpath="@id" />
          </xs:unique>
        </xs:element>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
</xs:schema>
PreviousInstalling the PowerShell moduleNextConfigSync File

Last updated