Step 6: Configure Forefront Identity Manager 2010 R2 Reporting

Configuring Forefront Identity Manager 2010 R2 to demonstrate reporting consists of the following:

  • Create test users in the FIM Portal

  • Create a test group and add users in the FIM Portal

  • Run Start-FIMReportingInitialSync PowerShell Cmdlet

  • Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

  • Create and Run ETLScript PowerShell Script

Create test users in the FIM Portal

First we will create to test users in the FIM Portal. These users will be added to our test group and used to demonstrate the Group Membership Change History report.

To Create test users in the FIM Portal

  1. Log on to FIM1 as CORP\Administrator.

  2. Click Start, select All Programs, and choose Internet Explorer (64-bit).

  3. In Internet Explorer, in the address bar at the top, enter https://fim1/identitymanagement and hit enter. This should bring up the Forefront Identity Manager 2010 Portal page.

  4. In the FIM Portal, on the left, click Users. This will bring up the Users page.

  5. At the top, select New. This will bring up the Create User webpage dialogue.

  6. On the Create User webpage dialogue, in the box next to Display Name: enter Test User1

  7. On the Create User webpage dialogue, in the box next to Account Name: enter tuser1

  8. On the Create User webpage dialogue, in the box next to E-mail Alias: enter tuser1

  9. At the bottom click Finish. On the Summary page click Submit.

  10. Repeat these steps for all of the accounts in the table below.

    Display Name

    Account Name

    Email Alias

    Test User1

    tuser1

    tuser1

    Test User 2

    tuser2

    tuser2

    Create Test Users

Create a test group and add users in the FIM Portal

Now we will create a test security group and add our two new users to it.

To create a test group and add users in the FIM Portal

  1. In the FIM Portal, on the left, click Security Groups. This will bring up the Security Groups page.

  2. At the top, select New. This will bring up the Create Security Group webpage dialogue.

  3. On the General screen, in the box next to Display Name: enter Test Security Group

  4. On the General screen, dialogue, in the box next to Account Name: enter tsecgroup. Click Next.

  5. On the Members screen, in the box that contains Administrator, enter ; tuser1; tuser2 after Administrator. Click the green check mark to resolve the users.

    Create Security Group 1

  6. At the bottom click Finish. On the Summary page click Submit.

  7. Back on the Security Groups page, click the magnifying glass next to Search for: to show our new group.

    Create Security Group 2

  8. Minimize Internet Explorer. We will be coming back to the portal to check the status of our PowerShell sync jobs in the next sections.

Run Start-FIMReportingInitialSync PowerShell Cmdlet

Now we will run the Start-FIMReportingInitialSync PowerShell Cmdlet. This will synchronize all of the data in the FIM Portal with our Data Warehouse on APP3.

To Run Start-FIMReportingInitialSync PowerShell Cmdlet

  1. Click Start, select All Programs, select Accessories, Select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell

  2. On the command line type the following and hit return Set-ExecutionPolicy unrestricted. This will bring up a message about the execution policy. Click Y.

  3. On the command line type the following and hit return Start-FIMReportingInitialSync. It will briefly flash an Importing change 1 message.

    FIMReportingInitialSync

    Important

    If the script is not in the users PATH, you can access it by navigating to C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell

  4. To check the status of our job, go back into the FIM Portal.

  5. On the left, at the bottom click Administration.

  6. On the Administration page click All Resources.

  7. On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Initial.

  8. Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.

  9. On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes.

    Check Initial Status

  10. Minimize Internet Explorer.

Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

Now we will run the Start-FIMReportingIncrementalSync PowerShell Cmdlet. This will synchronize all deltas from the FIM Portal with our Data Warehouse on APP3.

To Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

  1. Back in Windows PowerShell, on the command line type the following and hit return Start-FIMReportingIncrementalSync. . It will briefly flash an Importing change 1 message.

    Start-FIMReportingIncrementalSync

  2. To check the status of our job, go back into the FIM Portal.

  3. On the left, at the bottom click Administration.

  4. On the Administration page click All Resources.

  5. On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Incremental.

    Reporting Jobs

  6. Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.

  7. On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes. You will have to close and re-open the job in the FIM Portal to see the status change. It will not change automatically.

    Incremental Status

  8. Minimize Internet Explorer.

Create and Run ETLScript PowerShell Script

Now we will create and run the ETLScript PowerShell Script. Be aware that if you are using this script in your own test environment, you will need to change the line RunJob “Extract_Contoso” to your DW name. This step is an optional step but it allows us to see the data immediately in the reporting store. For additional information about managing the data warehouse see Managing the Data Warehouse in Service Manager (https://technet.microsoft.com/en-us/library/ff460931.aspx).

To Create and Run ETLScript PowerShell Script

  1. On FIM1, in the root C:\ drive, create a folder named ETL.

  2. Click Start, select All Programs, select Accessories, and click on Notepad. This will open Notepad.

  3. Copy the contents of the following code into Notepad.

    if (@(get-pssnapin | where-object {$_.Name -eq "SMCmdletSnapIn"} ).count -eq 0)
    {
        Add-PSSnapin SMCmdletSnapIn
    }
    
    $dwMachine = [environment]::GetEnvironmentVariable("IMT.DataWarehouse")
    
    Function WaitForId($id)
    {
    Write-Host ("Waiting on the job " + $id)
        do
        {
            $job = Get-SCDWJob -ComputerName $dwMachine -JobBatchId $id
            Start-Sleep -milliseconds 5000
            Write-Host (".") -nonewline
        }
        while ($job.EndTime -eq $null)
        Write-Host ("Job " + $id + " is done")
    }
    
    Function FindId($jobName)
    {
        $job = Get-SCDWJob -ComputerName $dwMachine -JobName $jobName
        if($job.Status -eq "Running")
        {
            return $job.BatchId
        }
        else
        {
            return $null
        }
    }
    
    Function GetExtractJobNames
    {
        $results = New-Object System.Collections.ArrayList
        $jobs = Get-SCDWJob -ComputerName $dwMachine 
        foreach ($job in $jobs)
        {
            if($job.CategoryName -eq "Extract")
            {
                [void]$results.Add($job.Name)
            }
        }
        return $results;
    }
    
    Function RunJob($jobName)
    {
        $currentId = FindId($jobName)
        if($currentId -ne $null)
        {
            Write-Host ("Waiting for the previous job " + $jobName)
            WaitForId($currentId)
        }
        Write-Host ("Starting the new job " + $jobName)
    
        Start-SCDWJob -ComputerName $dwMachine -JobName $jobName
    
        $currentId = FindId($jobName)
        if($currentId -ne $null)
        {
            Write-Host ("Waiting for the new job " + $jobName)
            WaitForId($currentId)
        }
    }
    
    Function RunETL()
    {
        $extractJobs = GetExtractJobNames
        foreach($jobName in $extractJobs)
        {
            RunJob $jobName
        }
        RunJob "Transform.Common"
        RunJob "Load.Common"
    }
    
    if ( $dwMachine -eq $null)
    {
    Write-Error ( "IMT.DataWarehouse was not set ")
    }
    else
    {
    $start = Get-Date
    RunETL
    $end = Get-Date
    $ts = New-TimeSpan -Start $start -End $end
    Write-Host ("Took " + $ts.TotalMinutes + " total minutes for ETL")
    }
    
  4. At the top of Notepad, click File, and select Save As.. This will bring up the Save As dialogue.

  5. Navigate to the C:\ETL folder, in the box next to File Name enter ETLScript.ps1, and in the box next to Save as type, use the drop-down and select All files. Click Save.

  6. Click Start, select All Programs, select Accessories, select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell.

  7. On the command line type the following and hit return Add-PSSnapin SMCmdletSnapIn.

  8. On the command line type the following and hit return [environment]::SetEnvironmentVariable(“IMT.DataWarehouse”, “APP3”).

  9. On the command line type the following and hit return C:\ETL\ETLScript.ps1.

    ETLScript

    Warning

    This will take a while to run. It will take about 30-35 minutes and information will populate the PowerShell window.