Step 7: Configure Forefront Identity Manager 2010 R2 Reporting Extensibility

Configuring Forefront Identity Manager 2010 R2 to demonstrate reporting extensibility consists of the following:

• Copy the ReportingExt folder to FIM1

• Extend the FIM Schema

• Verify the FIM Schema Additions

• Run the Import-FIMReportingReport PowerShell Cmdlet

• Run the Data Warehouse Management Pack Synchronization Job

• Verify the Management Packs and Group Extension Test Report has been deployed to SCSM

• Update Group management: Group administrators can update group resources MPR

• Update theDC for editing Groups in the FIM Portal

• Edit the Entitlements and Tier attributes of our Test Security Group

• Run Start-FIMReportingInitialSync PowerShell Cmdlet

• Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

• Run the ETLScript PowerShell Script

Copy the ReportingExt folder to FIM1

First we will copy the ReportingExt folder to FIM1. This folder is included in the documentation download from Connect.

To Copy the ReportingExt folder to FIM1

1. Log on to FIM1 as CORP\Administrator.

2. Copy the entire ReportingExt folder to C:\

3. 

   Important

   We need to ensure that all of the files are in C:\ReportingExt because some of the scripts use absolute paths.

Extend the FIM Schema

Next we are going to extend the FIM Schema with two changes to our Group object. These changes will be adding a Tier and Entitlement attribute.

To extend the FIM Schema

1. Click Start, select All Programs, select Accessories, Select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell

2. On the command line type the following and hit return Set-ExecutionPolicy unrestricted. This will bring up a message about the execution policy. Click Y.

3. On the command line type the following and hit return C:\ReportingExt\import-testschema. This will import several changes. Once this is finished move on to the next section but don’t close PowerShell as it will be used in the next section.

   

Verify the FIM Schema Additions

Now we will verify that the new Entitlements and Tier attributes are in FIM

To Verify the FIM Schema Additions

1. Log on to FIM1.corp.contoso.com as CORP\Administrator.

2. In Internet Explorer, in the address bar at the top, enter https://fim1/identitymanagement and hit enter. This should bring up the Forefront Identity Manager 2010 page.

3. On the right, under Administration, click Schema Management. This will bring up the Schema Management.

4. At the top, click All Attributes. This will bring up All Attributes.

5. Scroll to page 3 and verify Entitlements is there.

   

6. Scroll to page 9 and verify Tier is there.

Run the Import-FIMReportingSchemaDefinition PowerShell Cmdlet

Now that we have new objects in the FIM Schema we must associate those objects with the SCSM data warehouse. Using the Import-FIMReportingSchemaDefinition PowerShell cmdlet will accomplish this.

To Run the Import- FIMReportingSchemaDefinition PowerShell Cmdlet

1. Navigate to the C:\ReportingExt folder. In the folder, double-click on FIMReportingSchemaDefinitioncommand.txt. This will open a text file.

   Warning

   Ensure that Add-PSSnapIn FimReportingAdministration runs successfully before running Import-FimReportingSchemaDefinition. If you copy all of the contents of the FIMReportingSchemaDefinitioncommand.txt file into the powershell window, it should run automatically.

2. Copy the contents of the text file and paste it into our Windows PowerShell window. Hit enter. This will take a moment as the files are imported.

   

3. Once this is finished move on to the next section but don’t close PowerShell as it will be used in the next section.

Run the Import-FIMReportDefinition PowerShell Cmdlet

Now that we have associated these objects with the SCSM data warehouse, we will import our report binding.

To Run the Import- FIMReportDefinition PowerShell Cmdlet

1. Navigate to the C:\ReportingExt folder. In the folder, double-click on FIMReportDefinitioncommand.txt. This will open a text file.

2. Copy the contents of the text file and paste it into our Windows PowerShell window. Hit enter. This will take a moment as the files are imported.

   

3. Once this is finished move on to the next section but don’t close PowerShell as it will be used in the next section.

Run the Data Warehouse Management Pack Synchronization Job

Now we will run the SCSM Data Warehouse Management Pack Synchronization Job. This job instructs the Data Warehouse to look for any new Management Packs that have been added, create any new schema, and deploy any reports defined within them.

To run the Data Warehouse Management Pack Synchronization Job

1. On the command line type the following and hit return Add-PSSnapIn SMCmdletSnapIn. This will load the SCSM PowerShell Cmdlets into your current PowerShell session.

2. On the command line type the following and hit return Start-SCDWJob –JobName MPSyncJob –ComputerName APP3. This will begin the synchronization job. This may take up to 5 minutes to complete.

3. Now check the status of the MPSyncJob. On the command line type the following and hit return Get-SCDWJob –JobName MPSyncJob –ComputerName APP3. This will return information about the job. Note the Status.

   

4. You need to wait until this job completes before moving to the next part. If the status says running check it again in a minute or so. Once the status says Not Started move on to the next part.

Verify the Management Packs and Group Extension Test Report has been deployed to SCSM

Now we will verify that the new management pack and report have been successfully deployed in SCSM.

Verify the Management Packs and Group Extension Test Report has been deployed to SCSM

1. Click Start, select All Programs, select Microsoft System Center and select Service Manager Console. This will launch the Service Manager Console. This may take a moment.

2. It may take a moment for the Data Warehouse and Reporting nodes to populate.

3. Once they have populated, at the bottom of the console, click the Data Warehouse node on the Wunderbar.

4. At the top, click Management Packs. This will populate the center pane with a list of our management packs.

5. In the center pane, at the top, in the box that says Filter, enter FIM and click the magnifying glass.

6. Verify that the following management packs appear:

   • FIM Data Warehouse Extensibility Test Library – Schema MP

   • FIM Group Extension Test Report Library – Report MP and Definition.

   

7. At the bottom of the console, click the Reporting node on the Wunderbar.

8. Reporting should appear at the top, on the left. Click Forefront Identity Manager Reporting. This will populate reports in the center.

9. Verify that the following report appears:

   • Group Extension Test Report

   

   Warning

   If the management packs or reports do not appear at all, or are not in a complete deployment state, attempt to run the MPSyncJob again from PowerShell, or use the Restart Deployment link to the right of the Management Pack in the Tasks pane in the Data Warehouse > Management Packs node. You may need to refresh the view or close and re-open the console to see the reports appearing.

   Warning

   You may also wish to view the FIM Schema Binding File that was imported into FIM as part of the import process. You may do so by navigating to the Administration > All Resources node in the FIM Portal, and inspecting the Data Warehouse Binding schema elements that exist in the system. In this example, you should see a new schema binding called Test Extensibility.

10. Close Service Manager Console.

Update Group management: Group administrators can update group resources MPR

Now update the Group management: Group administrators can update group resources MPR. This will allow us to edit the Tier and Entitlement attributes on any pre-existing groups.

To update Group management: Group administrators can update group resources MPR

1. Click Start, select All Programs, and choose Internet Explorer (64-bit).

2. In Internet Explorer, in the address bar at the top, enter https://fim1/identitymanagement and hit enter. This should bring up the Forefront Identity Manager 2010 Portal page.

3. In the FIM Portal, on the left, click Management Policy Rules. This will bring up the Management Policy Rules page.

4. Locate the Group Management: Group administrators can update group resources MPR. It will be on the second screen. Click on it. This will bring up the Group Management: Group administrators can update group resources page.

5. At the top, click the Target Resources tab.

6. Down in the box under Select specific attributes, use the scroll bar and scroll to the end. After Account Name, enter ; Entitlements; Tier and click the green check mark so they resolve. Click OK. Click Submit.

   

Update theDC for editing Groups in the FIM Portal

Now we will update the Resource Control Display Configurations so that we can edit our new attributes directly in the FIM Portal.

To Update theDC for editing Groups in the FIM Portal

1. In the FIM Portal, on the left, click Home. This will take you to the home page.

2. On the right, under Administration, click Resource Control Display Configurations. This will bring up the Resource Control Display Configurations page.

3. Locate Configuration for Group Editing and click on it. This will bring up the Webpage dialog for Configuration for Group Editing.

4. Click the browse button and navigate to C:\ReportingExt\rcdc\configuration.xml tab. Click Open.

5. Click OK. Click Submit.

   

6. Close Internet Explorer and click Start and enter cmd in the Search Programs and files box. This will open a command prompt.

7. Type iisreset and hit enter. Once this completes successfully, you can close the command prompt window.

Edit the Entitlements and Tier attributes of our Test Security Group

Now we populate our attributes with some new values.

To Edit the Entitlements and Tier attributes of our Test Security Group

1. Click Start, select All Programs, and choose Internet Explorer (64-bit).

2. In Internet Explorer, in the address bar at the top, enter https://fim1/identitymanagement and hit enter. This should bring up the Forefront Identity Manager 2010 Portal page.

3. In the FIM Portal, on the left, on the left, click Security Groups. This will bring up the Security Groups page.

4. At the top, click the magnifying glass next to the box under Search for:. This should bring up our Test Security Group.

5. Click on Test Security Group. This will bring up the Test Security Group Webpage Dialog

   Warning

   You can ignore the error at the bottom that states there is an error in the Group display configuration.

6. At the top, click the Extended Attributes tab.

7. Scroll down to Entitlements and enter Test.

   

8. Scroll down to Tier and enter 1.

   

9. Click OK. Click Submit.

Run Start-FIMReportingInitialSync PowerShell Cmdlet

Now we will run the Start-FIMReportingInitialSync PowerShell Cmdlet. This will synchronize all of the new data in the FIM Portal with our Data Warehouse on APP3.

To Run Start-FIMReportingInitialSync PowerShell Cmdlet

1. Click Start, select All Programs, select Accessories, Select Windows PowerShell and click on Windows PowerShell. This will open Windows PowerShell

2. On the command line type the following and hit return Set-ExecutionPolicy unrestricted. This will bring up a message about the execution policy. Click Y.

3. On the command line type the following and hit return Start-FIMReportingInitialSync. It will briefly flash an Importing change 1 message.

   

4. To check the status of our job, go back into the FIM Portal.

5. On the left, at the bottom click Administration.

6. On the Administration page click All Resources.

7. On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Initial.

8. Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.

9. On the Extended Attributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes.

10. Minimize Internet Explorer.

Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

Now we will run the Start-FIMReportingIncrementalSync PowerShell Cmdlet. This will synchronize all deltas from the FIM Portal with our Data Warehouse on APP3.

To Run Start-FIMReportingIncrementalSync PowerShell Cmdlet

1. Back in Windows PowerShell, on the command line type the following and hit return Start-FIMReportingIncrementalSync. . It will briefly flash an Importing change 1 message.

   

2. To check the status of our job, go back into the FIM Portal.

3. On the left, at the bottom click Administration.

4. On the Administration page click All Resources.

5. On the All Resources page, scroll down and double-click Reporting Job. On the Reporting Job screen you will see our job with a Reporting Job Type of Incremental.

6. Double-click on Reporting Job under Display Name. This will bring up the attributes of this job. At the top click the Extended Attributes tab.

7. On the Extended Atttributes, note the Reporting Job Status. If this says Running then wait. Otherwise, if it says Completed close the Reporting Job attributes.

8. Minimize Internet Explorer.

Run the ETLScript PowerShell Script

Now run the ETLScript PowerShell Script.

To Run the ETLScript PowerShell Script

1. Back in Windows PowerShell, on the command line type the following and hit return Add-PSSnapin SMCmdletSnapIn.

2. On the command line type the following and hit return [environment]::SetEnvironmentVariable(“IMT.DataWarehouse”, “APP3”).

3. On the command line type the following and hit return C:\ETL\ETLScript.ps1.

   

   Warning

   This will take a while to run. It will take about 30-35 minutes and information will populate the PowerShell window.