Step 6: Configure Forefront Identity Manager 2010 R2 Reporting
Configuring Forefront Identity Manager 2010 R2 to demonstrate reporting consists of the following:
Create test users in the FIM Portal
Create a test group and add users in the FIM Portal
Run Start-FIMReportingInitialSync PowerShell Cmdlet
Run Start-FIMReportingIncrementalSync PowerShell Cmdlet
Create and Run ETLScript PowerShell Script
Create test users in the FIM Portal
First we will create to test users in the FIM Portal. These users will be added to our test group and used to demonstrate the Group Membership Change History report.
To Create test users in the FIM Portal
Log on to FIM1 as CORP\Administrator.
Click Start, select All Programs, and choose Internet Explorer (64-bit).
In Internet Explorer, in the address bar at the top, enter https://fim1/identitymanagement and hit enter. This should bring up the Forefront Identity Manager 2010 Portal page.
In the FIM Portal, on the left, click Users. This will bring up the Users page.
At the top, select New. This will bring up the Create User webpage dialogue.
On the Create User webpage dialogue, in the box next to Display Name: enter Test User1
On the Create User webpage dialogue, in the box next to Account Name: enter tuser1
On the Create User webpage dialogue, in the box next to E-mail Alias: enter tuser1
At the bottom click Finish. On the Summary page click Submit.
Repeat these steps for all of the accounts in the table below.
Display Name
Account Name
Email Alias
Test User1
tuser1
tuser1
Test User 2
tuser2
tuser2
Create a test group and add users in the FIM Portal
Now we will create a test security group and add our two new users to it.
To create a test group and add users in the FIM Portal
In the FIM Portal, on the left, click Security Groups. This will bring up the Security Groups page.
At the top, select New. This will bring up the Create Security Group webpage dialogue.
On the General screen, in the box next to Display Name: enter Test Security Group
On the General screen, dialogue, in the box next to Account Name: enter tsecgroup. Click Next.
On the Members screen, in the box that contains Administrator, enter ; tuser1; tuser2 after Administrator. Click the green check mark to resolve the users.
At the bottom click Finish. On the Summary page click Submit.
Back on the Security Groups page, click the magnifying glass next to Search for: to show our new group.
Minimize Internet Explorer. We will be coming back to the portal to check the status of our PowerShell sync jobs in the next sections.
Run Start-FIMReportingInitialSync PowerShell Cmdlet
Now we will run the Start-FIMReportingInitialSync PowerShell Cmdlet. This will synchronize all of the data in the FIM Portal with our Data Warehouse on APP3.
To Run Start-FIMReportingInitialSync PowerShell Cmdlet
Click Start, select All Programs, select Accessories, Select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell
On the command line type the following and hit return Set-ExecutionPolicy unrestricted. This will bring up a message about the execution policy. Click Y.
On the command line type the following and hit return Start-FIMReportingInitialSync. It will briefly flash an Importing change 1 message.
Important
If the script is not in the users PATH, you can access it by navigating to C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell
To check the status of our job, go back into the FIM Portal.
On the left, at the bottom click Administration.
On the Administration page click All Resources.
On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Initial.
Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.
On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes.
Minimize Internet Explorer.
Run Start-FIMReportingIncrementalSync PowerShell Cmdlet
Now we will run the Start-FIMReportingIncrementalSync PowerShell Cmdlet. This will synchronize all deltas from the FIM Portal with our Data Warehouse on APP3.
To Run Start-FIMReportingIncrementalSync PowerShell Cmdlet
Back in Windows PowerShell, on the command line type the following and hit return Start-FIMReportingIncrementalSync. . It will briefly flash an Importing change 1 message.
To check the status of our job, go back into the FIM Portal.
On the left, at the bottom click Administration.
On the Administration page click All Resources.
On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Incremental.
Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.
On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes. You will have to close and re-open the job in the FIM Portal to see the status change. It will not change automatically.
Minimize Internet Explorer.
Create and Run ETLScript PowerShell Script
Now we will create and run the ETLScript PowerShell Script. Be aware that if you are using this script in your own test environment, you will need to change the line RunJob “Extract_Contoso” to your DW name. This step is an optional step but it allows us to see the data immediately in the reporting store. For additional information about managing the data warehouse see Managing the Data Warehouse in Service Manager (https://technet.microsoft.com/en-us/library/ff460931.aspx).
To Create and Run ETLScript PowerShell Script
On FIM1, in the root C:\ drive, create a folder named ETL.
Click Start, select All Programs, select Accessories, and click on Notepad. This will open Notepad.
Copy the contents of the following code into Notepad.
if (@(get-pssnapin | where-object {$_.Name -eq "SMCmdletSnapIn"} ).count -eq 0) { Add-PSSnapin SMCmdletSnapIn } $dwMachine = [environment]::GetEnvironmentVariable("IMT.DataWarehouse") Function WaitForId($id) { Write-Host ("Waiting on the job " + $id) do { $job = Get-SCDWJob -ComputerName $dwMachine -JobBatchId $id Start-Sleep -milliseconds 5000 Write-Host (".") -nonewline } while ($job.EndTime -eq $null) Write-Host ("Job " + $id + " is done") } Function FindId($jobName) { $job = Get-SCDWJob -ComputerName $dwMachine -JobName $jobName if($job.Status -eq "Running") { return $job.BatchId } else { return $null } } Function GetExtractJobNames { $results = New-Object System.Collections.ArrayList $jobs = Get-SCDWJob -ComputerName $dwMachine foreach ($job in $jobs) { if($job.CategoryName -eq "Extract") { [void]$results.Add($job.Name) } } return $results; } Function RunJob($jobName) { $currentId = FindId($jobName) if($currentId -ne $null) { Write-Host ("Waiting for the previous job " + $jobName) WaitForId($currentId) } Write-Host ("Starting the new job " + $jobName) Start-SCDWJob -ComputerName $dwMachine -JobName $jobName $currentId = FindId($jobName) if($currentId -ne $null) { Write-Host ("Waiting for the new job " + $jobName) WaitForId($currentId) } } Function RunETL() { $extractJobs = GetExtractJobNames foreach($jobName in $extractJobs) { RunJob $jobName } RunJob "Transform.Common" RunJob "Load.Common" } if ( $dwMachine -eq $null) { Write-Error ( "IMT.DataWarehouse was not set ") } else { $start = Get-Date RunETL $end = Get-Date $ts = New-TimeSpan -Start $start -End $end Write-Host ("Took " + $ts.TotalMinutes + " total minutes for ETL") }
At the top of Notepad, click File, and select Save As.. This will bring up the Save As dialogue.
Navigate to the C:\ETL folder, in the box next to File Name enter ETLScript.ps1, and in the box next to Save as type, use the drop-down and select All files. Click Save.
Click Start, select All Programs, select Accessories, select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell.
On the command line type the following and hit return Add-PSSnapin SMCmdletSnapIn.
On the command line type the following and hit return [environment]::SetEnvironmentVariable(“IMT.DataWarehouse”, “APP3”).
On the command line type the following and hit return C:\ETL\ETLScript.ps1.
Warning
This will take a while to run. It will take about 30-35 minutes and information will populate the PowerShell window.