Post-installation and Configuration for FIM 2010 R2 Reporting

  • Article

Post-Installation and Configuration for FIM 2010 R2 Reporting

Once the installation has completed, the following additional steps must be performed. The Data Warehouse Support Scripts must be run on the Data Warehouse. After this a series of PowerShell scripts need to be run. The following tasks need to be completed after FIM Reporting is installed

  1. Verify Initial MPSynch Job has completed for Reporting

  2. Deploy the FIM Data Warehouse Support Scripts

  3. Verify SQL Agent Jobs have been installed

  4. Run Start-FIMReportingInitialSync PowerShell Cmdlet

  5. Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

  6. Run ETLScript PowerShell Script

Verify Initial MPSynch Job has completed for Reporting

Prior to deploying the FIM Data Warehouse Support Scripts we must ensure that the initial MPSynch job has completed and that the reports are visible within SCSM.

Warning

This initial process can take some time put is required before continuing on to the next section.

To Verify Initial MPSyncJob has completed for Reporting

  1. Log on to the SCSM Management Server with the appropriate credentials.

  2. Click Start, select All Programs, select Microsoft System Center and select Service Manager Console. This will launch the Service Manager Console. This may take a moment.

  3. In the Service Manager Console, at the bottom on the left, click Data Warehouse.

  4. At the top, on the left, double-click Data Warehouse Jobs. This will populate the center with the Data Warehouse Jobs.

  5. Double-click MPSyncJob. This will bring up a window with the job details.

  6. At the top of this window, click Management Pack to sort the jobs by Management Pack.

  7. Scroll down to the jobs that have a Management Pack name that begins with Microsoft.FIM_ and Microsoft.Forefront. Verify the status of these jobs as either Associated or Imported. If any of these jobs have a status of Pending Association you must wait until the status becomes Associated or Imported.

    MPSyncJob

  8. Close the job details.

  9. Back in the System Center Service Manager Console, on the left, at the bottom, click Reporting.

  10. Verify that at the top, on the left, Forefront Identity Manager Reporting is visible.

  11. Click on Forefront Identity Manager Reporting and verify that 8 reports are present in the center pane.

    FIM Reports

  12. Close the System Center Service Manager Console.

Deploy the FIM Data Warehouse Support Scripts

Once the installation has completed the Data Warehouse Support Scripts must be run on the Data Warehouse. Use the following procedure to run the Data Warehouse Support script. These scripts are included on the Forefront Identity 2010 R2 installation media.

Warning

You need to ensure that you have administrative permissions on the following databases prior to running this script:

  • DWDataMart

  • DWStagingAndConfig

  • DWRepository

To Deploy FIM Data Warehouse Support Scripts

  1. Log on to the Data Warehouse server as a user with the appropriate credentials.

  2. Copy the entire Data Warehouse Support Scripts folder to a location on the local disk of the Data Warehouse machine.

    Warning

    You must ensure that your Data Warehouse machine has PowerShell v2 installed. If it does not, please install PowerShell v2 by downloading and installing the Windows Update package found here: https://support.microsoft.com/kb/968930

  3. On the Data Warehouse server, open a PowerShell v2 prompt and navigate to the Data Warehouse Support Scripts directory you just copied. In this directory, you will notice a PowerShell script called FIMPostInstallScriptsForDataWarehouse.ps1. Run this script.

    Important

    This script must be run with an account that has DBOwner privileges on the following Data Warehouse Databases: DWStagingAndConfig, DWDataMart, and DWRepository.

    Note

    Depending on your environment’s settings, you may need to run the PowerShell command Set-ExecutionPolicy Unrestricted before being able to execute these scripts.

  4. You will be prompted for the name of your Data Warehouse server, the Data Warehouse SQL instance, and the FIM Service Account name. If you are running the scripts locally on to the DW, enter localhost for the DataWarehouseServerInstance.

    For the DataWarehouseDatabaseServerInstance enter localhost.

    For the FIM Service account, enter the FIM Service account. Hit enter. You will be prompted to backup the database prior to continuing. Enter Y.

    Warning

    The account executing this script must be a different account than the FIM Service account. If you receive an error when executing, please ensure that you not logged in with the FIM Service account and that you are logged on with account with administrative privileges to the databases specified above.

    Data Warehouse Support Scripts

For a complete step-by-step installation see Test Lab Guide: Installing Forefront Identity Manager 2010 R2.

Verify SQL Agent Jobs have been installed

When FIM 2010 R2 Reporting is installed an several SQL Agent jobs are created on the FIMService instance. In instances where there is more than one FIM Service installed, the FIM services which have reporting installed will periodically check for a reporting object that is not yet running.  The first service that finds the job will pick up the token for that job and process till the job is complete or a failure occurs.  While the job is being processed no new jobs can be created nor can the job be taken over by another FIM Service.

The following table provides a list of the SQL Agent jobs that are installed:

SQL Agent Job Description

FIM_CheckAndUpdateReportingJobStatusJob

Periodically checks reporting jobs (incremental or initial) and determines and writes their status.

FIM_TerminateStuckRequestsJob

Fails a reporting job if the check and update determines that the reporting job is stuck and markes the reporting job object.

FIM_ScheduleReportingIncrementalSynchronizationJob

Creates runnable reporting job object that FIMSerivce instance will poll for periodically and when it finds this object it spins up the job process to perform the reporting job. Runs every 8 hours. Will fail with an error until initial synchronization has been completed. This is by design.

FIM_TruncateExportLogJob

This periodically will determine the portion of the export log available for deletion and will delete accordingly.

Use the following procedure to verify the SQL Agent jobs have been installed

To Verify the SQL Agent Jobs using SQL Server Management Studio

  1. Log on to the server that has the FIMService database with the appropriate credentials.

  2. Click Start, click All Programs, click Microsoft SQL Server 2008 R2, and then click SQL Server Management Studio. This will launch SQL Server Management Studio.

  3. On the Connect to Server dialog box, under Server Type select Database Engine.

  4. On the Connect to Server dialog box, under Server name select <nameofserver>.

  5. On the Connect to Server dialog box, under Authentication select Windows Authentication.

  6. Click Connect. This should be successful and the database information will be displayed on the left. The SQL Server Agent should have a green arrow.

  7. On the left, at the bottom, expand SQL Server Agent.

  8. Expand, Jobs and verify that the SQL Agent jobs are there.

  9. Close Microsoft SQL Server Management Studio.

Verify SQL

Run Start-FIMReportingInitialSync PowerShell Cmdlet

Now we will run the Start-FIMReportingInitialSync PowerShell Cmdlet. This will synchronize all of the data in the FIM Portal with our Data Warehouse.

To Run Start-FIMReportingInitialSync PowerShell Cmdlet

  1. Click Start, select All Programs, select Accessories, Select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell

  2. On the command line type the following and hit return Set-ExecutionPolicy unrestricted. This will bring up a message about the execution policy. Click Y.

  3. On the command line type the following and hit return Start-FIMReportingInitialSync. It will briefly flash an Importing change 1 message.

    FIMReportingInitialSync

    Important

    If the script is not in the users PATH, you can access it by navigating to C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell

  4. To check the status of our job, go back into the FIM Portal.

  5. On the left, at the bottom click Administration.

  6. On the Administration page click All Resources.

  7. On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Initial.

  8. Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.

  9. On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes.

    Check Initial Status

  10. Minimize Internet Explorer.

Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

Now we will run the Start-FIMReportingIncrementalSync PowerShell Cmdlet. This will synchronize all deltas from the FIM Portal with our Data Warehouse on APP3.

To Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

  1. Back in Windows PowerShell, on the command line type the following and hit return Start-FIMReportingIncrementalSync. . It will briefly flash an Importing change 1 message.

    Start-FIMReportingIncrementalSync

  2. To check the status of our job, go back into the FIM Portal.

  3. On the left, at the bottom click Administration.

  4. On the Administration page click All Resources.

  5. On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Incremental.

    Reporting Jobs

  6. Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.

  7. On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes. You will have to close and re-open the job in the FIM Portal to see the status change. It will not change automatically.

    Incremental Status

  8. Minimize Internet Explorer.

Run ETLScript PowerShell Script

Now we will create and run the ETLScript PowerShell Script. This step is an optional step but it allows us to see the data immediately in the reporting store. For additional information about managing the data warehouse see Managing the Data Warehouse in Service Manager (https://technet.microsoft.com/en-us/library/ff460931.aspx).

For this procedure, use the script that is in the FIM 2010 R2 Reporting ETL Process section below.

Note

You can speed up your initial reporting load process by running this script in a loop while FIM Initial ETL is running.

Run ETLScript PowerShell Script

  1. Click Start, select All Programs, select Accessories, select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell.

  2. On the command line type the following and hit return Add-PSSnapin SMCmdletSnapIn.

  3. On the command line type the following and hit return [environment]::SetEnvironmentVariable(“IMT.DataWarehouse”, “APP3”).

    Note

    For your environment, change APP3 to the name of your Data Warehouse server.

  4. On the command line type the following and hit return C:\ETL\ETLScript.ps1.

    ETLScript

    Warning

    This will take a while to run. It will take about 30-35 minutes and information will populate the PowerShell window.