Skip to content

HomeDirectory management

Jump to bottom
Søren Granfeldt edited this page Dec 1, 2017 · 4 revisions

WORK IN PROGRESS

This sample page is currently being written This page shows working sample scripts for managing the lifecycle of home directories for users in your Active Directory.

The idea is to use the PSMA for reading user from Active Directory (AD) and joining these to existing users in the Metaverse. Therefore, no provisioning is done to this MA, but instead you provision users through the normal built-in AD MA and after users have been created in AD, the next import read users from AD to this HomeDir MA they will join and and export flow will queue and export that handles creation of theier home directory (or moving/deleting).

Import users

The import script reads all user candidates from Active Directory using the Get-ADUser Powershell CMDlet. It supports delta imports using the usnChanged attribute. The overall steps for this script is -

  1. Uses the Get-ADRootDSE CMDlet to find the domain and a Domain Controller (DC). It keeps a record of the highestCommittedUSN for each DC (until each DC in the domain has been used, you will effectively get a Full Import for a DC the first time, it is used for import; if you want to avoid this, you could prepopulate the files with highestCommittedUSN or use a specific DC for all imports)
  2. Uses the Get-ADUser CMDlet to read all changed users since last read / import
  3. It returns all found users to the pipeline and the PSMA for importing to the Connector Space (CS) / FIM
  4. Lastly, it saves the highest USN for the used DC for next run

Import script with delta support

param
(
	$username = "",
	$password = "",
	$operationtype = "Full",
	[bool] $usepagedimport,
	$PageSize
)
import-module ActiveDirectory

$debugpreference = "Continue"

$rootdse = Get-ADRootDSE
$dc = $rootdse.dnsHostName
$newusn = $rootdse.highestCommittedUSN
$filename = "C:\FIM\psma-homedir\_lastusn.$dc.txt"
write-debug "dc: $dc"

if ( test-path $filename )
{
	$oldusn = (get-content $filename) 
}
else
{
	$oldusn = 0
}

if ( $operationtype -eq "Full" )
{
	$oldusn = 0
}
write-debug "oldusn: $oldusn"
write-debug "newusn: $newusn"
$users = Get-ADUser -Server $dc -Filter {(samaccountname -like "*") -and(usnChanged -gt $oldusn)} -Properties "mail", "samaccountname", "homedirectory", "homedrive", "employeenumber", "useraccountcontrol", "extensionAttribute1", "extensionAttribute2", "usnChanged", "objectguid", "objectSid", "isdeleted" -SearchScope Subtree -SearchBase "DC=contoso,DC=net"

if ( $users )
{
	# the MASchemaProperties are the properties that this script will return to FIM on objects found
	$maschemaproperties = @( "objectguidstring", "distinguishedname", "homedirectory", "homedrive", "samaccountname" )
	
	foreach ($user in $users)
	{
		# we always add objectGuid and objectClass to all objects
		$obj = @{}
		$obj.id = $user.objectguid.tobytearray()
		$obj."[DN]" = $user.distinguishedname
		$obj.objectClass = "person"
		$obj.objectguidstring = $user.objectguid.tostring()
		$obj.objectsidstring = $user.objectSid.tostring()
		
		$maschemaproperties | foreach-object `
		{
			if ( $user.$_ )
			{
				$obj.$_ = $user.$_
			}
		}
		$obj
	}
}

# lastly write new high usn
$newusn | out-file $filename

$global:runstepcustomdata = $newusn
Clone this wiki locally