Getting started writing your first Forefront/Microsoft Identity Manager Granfeldt PowerShell Management Agent can be a bit daunting. Before you can do pretty much anything you need to define the schema for the PSMA. Likewise if you have written many, the generation of the schema file often seems to take longer than it should and can be a little tedious when all you want to do is write the logic for the Import and Export scripts.
After a few chats with Soren around enhancements for the PSMA I suggested it would be awesome if the generation of the schema.ps1 file could be (semi)automated. So here is my first stab at doing just that.
My approach is;
Below I provide four examples covering the script that generates the schema definition along with the output. The four examples cover;
The example below utilises the AzureAD PowerShell Module to connect to Azure AD. It then gets a User Object (update line 7 for a user to retrieve) and enumerates the properties of the User to generate the Schema file.
The output looks like this:
$obj = New-Object -Type PSCustomObject $obj | Add-Member -Type NoteProperty -Name "Anchor-YourAnchorATTR|String" -Value "" $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "YourObjectClass" $obj | Add-Member -Type NoteProperty -Name "AccountEnabled|boolean" -Value $true $obj | Add-Member -Type NoteProperty -Name "AgeGroup|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "AssignedLicenses|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "AssignedPlans|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "City|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "CompanyName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ConsentProvidedForMinor|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Country|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "CreationType|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "DeletionTimestamp|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Department|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "DirSyncEnabled|boolean" -Value $true $obj | Add-Member -Type NoteProperty -Name "DisplayName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ExtensionProperty|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "FacsimileTelephoneNumber|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "GivenName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ImmutableId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "IsCompromised|boolean" -Value $true $obj | Add-Member -Type NoteProperty -Name "JobTitle|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "LastDirSyncTime|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "LegalAgeGroupClassification|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Mail|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "MailNickName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Mobile|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ObjectId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ObjectType|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "OnPremisesSecurityIdentifier|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "OtherMails|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "PasswordPolicies|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "PhysicalDeliveryOfficeName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "PostalCode|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "PreferredLanguage|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ProvisionedPlans|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "ProvisioningErrors|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "ProxyAddresses|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "RefreshTokensValidFromDateTime|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ShowInAddressList|boolean" -Value $true $obj | Add-Member -Type NoteProperty -Name "SignInNames|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "SipProxyAddress|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "State|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "StreetAddress|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Surname|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "TelephoneNumber|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "UsageLocation|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "UserPrincipalName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "UserType|string" -Value "string"
Update the Anchor for the attribute you’d like to use. I recommend ObjectId and give the ObjectClass a name for how you’d like it represented on your MA (User, AADUser or similar) and save it as something like schema.ps1 in you MA folder and you can get started.
The example below utilises the AzureAD PowerShell Module to connect to Azure AD. It then gets a Group Object (update line 7 for a group to retrieve) and enumerates the properties of the Group to generate the Schema file
The output looks like this:
$obj = New-Object -Type PSCustomObject $obj | Add-Member -Type NoteProperty -Name "Anchor-YourAnchorATTR|String" -Value "" $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "YourObjectClass" $obj | Add-Member -Type NoteProperty -Name "DeletionTimestamp|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Description|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "DirSyncEnabled|boolean" -Value $true $obj | Add-Member -Type NoteProperty -Name "DisplayName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "LastDirSyncTime|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Mail|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "MailEnabled|boolean" -Value $true $obj | Add-Member -Type NoteProperty -Name "MailNickName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ObjectId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ObjectType|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "OnPremisesSecurityIdentifier|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "ProvisioningErrors|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "ProxyAddresses|String[]" -Value ("","") $obj | Add-Member -Type NoteProperty -Name "SecurityEnabled|boolean" -Value $true
Update the Anchor for the attribute you’d like to use. I recommend ObjectId and give the ObjectClass a name for how you’d like it represented on your MA (Group, AADGroup or similar) and save it as something like schema.ps1 in you MA folder and you can get started.
The example below utilises the Workday PowerShell Module to connect to Workday. It then gets a User Object (update line 7 for a user to retrieve) and enumerates the properties of the User to generate the Schema file.
Update
This script differs from AAD User and Group above in that the PowerShell Object returned uses NoteProperty as the type. So I updated Line 14 for that. Also the attribute when parsed by Get-Member includes a value so I had to get a substring of the result for the attribute name. That is what this change does:
$d[1].substring(0,$d[1].indexof("="))
The output looks like this:
$obj = New-Object -Type PSCustomObject $obj | Add-Member -Type NoteProperty -Name "Anchor-YourAnchorATTR|String" -Value "" $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "YourObjectClass" $obj | Add-Member -Type NoteProperty -Name "BusinessTitle|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "FirstName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "JobProfileName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "LastName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "Location|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "PreferredName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "UserId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerDescriptor|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerType|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerTypeReference|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkSpace|string" -Value "string"
The example below utilises a sample CSV file with headers. It uses the Header row to generate the Schema file. It defaults all columns to strings.
Update;
The output looks like this (for my CSV File):
$obj = New-Object -Type PSCustomObject $obj | Add-Member -Type NoteProperty -Name "Anchor-YourAnchorATTR|String" -Value "" $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "YourObjectClass" $obj | Add-Member -Type NoteProperty -Name "id|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "name|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "displayName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "comments|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "created|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "endDate|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "lastLogon|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "modified|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "startDate|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "status|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "type|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "groups|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "costCenter|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "country|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "department|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "division|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "email|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "employeeNumber|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "familyName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "givenName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "honorificPrefix|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "honorificSuffix|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "locale|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "location|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "manager|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "middleName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "organization|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "phoneNumber|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "preferredLanguage|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "preferredName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "secondaryEmail|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "secondaryPhoneNumber|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "timezone|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "title|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "risk|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerWid|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerDescriptor|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "OtherId|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "JobProfileName|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkSpace|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerTypeReference|string" -Value "string" $obj | Add-Member -Type NoteProperty -Name "WorkerType|string" -Value "string" $obj
Using a simple script and an example object we can quickly create the basis for a Granfeldt PSMA Schema Definition script.
As shown with the Workday example a minor tweak was required, but it was still a lot quicker than generating manually.
Hopefully this helps you get started quickly with your first, or next PSMA that you are building.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.