Skip to content

Instantly share code, notes, and snippets.

@darrenjrobinson darrenjrobinson/Import.ps1
Last active Nov 17, 2018

Embed
What would you like to do?
Microsoft Identity Manager Terminal Services PowerShell Management Agent Schema Script. Supporting blog post is located here https://blog.darrenjrobinson.com/managing-ad-terminal-services-configuration-with-fim-mim-using-the-granfeldt-powershell-management-agent/
param (
$Username,
$Password,
$Credentials,
$OperationType,
[bool] $usepagedimport,
$pagesize
)
#Needs reference to .NET assembly used in the script.
Add-Type -AssemblyName System.DirectoryServices.Protocols
$CookieFile = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\TermServ\ts\TSCookie.bin"
$DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\TermServ\ts\DebugTSMA.txt"
#Getting Cookie from file
If (Test-Path $CookieFile –PathType leaf)
{
[byte[]] $Cookie = Get-Content -Encoding byte –Path $CookieFile
}
else
{
$Cookie = $null
}
if(!(Test-Path $DebugFilePath))
{
$DebugFile = New-Item -Path $DebugFilePath -ItemType File
}
else
{
$DebugFile = Get-Item -Path $DebugFilePath
}
"Starting Import : " + (Get-Date) | Out-File $DebugFile -Append
#region User
$Properties = @("objectGuid","sAMAccountName","userPrincipalName","userParameters","isDeleted")
#Running as FIM MA Account
$RootDSE = [ADSI]"LDAP://RootDSE"
$LDAPDirectory = New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier($RootDSE.dnsHostName)
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($LDAPDirectory, $Credentials)
$Request = New-Object System.DirectoryServices.Protocols.SearchRequest($RootDSE.defaultNamingContext, "(&(objectClass=user)(sAMAccountName=u*))", "Subtree", $Properties)
#Defining the object type returned from searches for performance reasons.
[System.DirectoryServices.Protocols.SearchResultEntry]$entry = $null
if ($OperationType -eq "Full")
{
$Cookie = $null
"Full Sync Run" | Out-File $DebugFile -Append
}
else
{
# delta run and we should use the cookie we already found
"Delta Sync Run" | Out-File $DebugFile -Append
}
$DirSyncRC = New-Object System.DirectoryServices.Protocols.DirSyncRequestControl($Cookie, [System.DirectoryServices.Protocols.DirectorySynchronizationOptions]::IncrementalValues, [System.Int32]::MaxValue)
$Request.Controls.Add($DirSyncRC) | Out-Null
$MoreData = $true
$Guids = @()
while ($MoreData)
{
$Response = $LDAPConnection.SendRequest($Request)
ForEach($entry in $Response.Entries)
{
#Check if this GUID already been handled to avoid adding duplicate objects
If($Guids -contains ([GUID] $entry.Attributes["objectguid"][0]).ToString()){continue}
# always add objectGuid and objectClass to all objects
$obj = @{}
$obj.Add("objectguid", ([GUID] $entry.Attributes["objectguid"][0]).ToString())
$obj.Add("objectClass", "user")
if ( $entry.distinguishedName.Contains("CN=Deleted Objects"))
{
# this is a deleted object, so we return a changeType of 'delete'; default changeType is 'Add'
$obj.Add("changeType", "Delete")
}
else
{
$obj.Add("accountName",$entry.Attributes["sAMAccountName"][0])
if ($entry.Attributes["userParameters"][0]){$obj.Add("TSUserParameters",$entry.Attributes["userParameters"][0])}
# we need to get the directory entry to get the additional attributes
[ADSI]$TSUser = "LDAP://$($entry.distinguishedName)"
if ($entry.Attributes["userParameters"][0])
{
Try
{
if ($TSUser.terminalServicesProfilePath.length -gt 0)
{
$obj.Add("TSProfilePath",$TSUser.terminalServicesProfilePath)
}
if ($TSUser.allowlogon.length -gt 0)
{
$obj.Add("TSAllowLogon",$TSUser.allowlogon)
}
if ($TSUser.terminalServicesHomeDirectory.length -gt 0)
{
$obj.Add("TSHomeDir",$TSUser.terminalServicesHomeDirectory)
}
if ($TSUser.terminalServicesHomeDrive.length -gt 0)
{
$obj.Add("TSHomeDrive",$TSUser.terminalServicesHomeDrive)
}
}
Catch
{
$obj.Add("[ErrorName]", "Import Error")
$obj.Add("[ErrorDetail]", $Error)
Write-Progress "Caught Exception processing: $DirEntry" | Out-File $DebugFile -Append
}
}
#Add Guid to list of processed guids to avoid duplication
$Guids += ,([GUID] $entry.Attributes["objectguid"][0]).ToString()
#Return the object to the MA
$obj
}
}
ForEach ($Control in $Response.Controls)
{
If ($Control.GetType().Name -eq "DirSyncResponseControl")
{
$Cookie = $Control.Cookie
$MoreData = $Control.MoreData
}
}
$DirSyncRC.Cookie = $Cookie
}
#Saving cookie file
Set-Content -Value $Cookie -Encoding byte –Path $CookieFile
$global:RunStepCustomData = [System.Convert]::ToBase64String($Cookie)
#endregion
"Ending Import : " + (Get-Date) | Out-File $DebugFile -Append
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.