How to: Find Specified Connector Space Objects
This topic contains code examples that search the connector space for a specified connector space object. You can use these examples to verify whether a specified connector space object exists in the connector space. These examples use the query feature of the MIIS_CSObject Class class. This class supports the following queries:
Search Using the Management Agent GUID and Distinguished Name
Search Using a Specified Domain and Account Name
Search Using a Specified Metaverse GUID
Search Using A Specified Domain and User Principal Name
Search Using A Specified GUID
To use these queries, you must be logged on as a member of the MIISPasswordSet security group or the MIISBrowse security group. If you try to run a query as a member of another security group, the following error message appears: Provider is not capable of the attempted operation.
Search Using the Management Agent GUID and Distinguished Name
In Forefront Identity Manager Synchronization Service (FIM Synchronization Service), you can use the query feature to search the connector space for a connector space object that has a specified management agent GUID and distinguished name by using the query feature of the MIIS_CSObject Class class. For management agents that do not have a distinguished name for objects, such as database or nonhierarchical file-based management agents, you can search by anchor attribute because FIM Synchronization Service treats anchor attributes as a distinguished name.
If the distinguished name contains a backslash (\) or straight quotation marks ("), the Windows Management Instrumentation (WMI) query requires that you escape these characters. To escape the backslash character, precede it with another backslash character.
For example, if the distinguished name of the connector space object is CN=billing\Jeff, the query should be CN=billing\\Jeff.
To escape quotation mark characters, precede these characters with another set of quotation marks.
For example, if the distinguished name of the connector space object is CN="Jeff Smith", the query should be CN=""Jeff Smith""
The following VBScript example searches the connector space for a connector space object that has a specified management agent GUID and distinguished name. The script combines the GUID of the management agent with the distinguished name and then creates a query that is used in the WMI query. If the script finds a connector space object, the properties of that object are shown.
Option Explicit
On Error Resume Next
Const PktPrivacy = 6 ' Authentication level
Dim Service ' Service object
Dim ManagementAgent ' Management agent object
Dim MaGuid ' Management agent GUID
Dim CsObject ' Connector space object
Dim CsObjects ' Collection of connector space objects
Dim WMIQuery ' WMI Query string
Dim DN ' Distinguished name string
' Create the service object.
Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")
If Err.number <> 0 then
Call ErrorHandler("Could not connect to computer.")
End If
WScript.Echo("Successfully created service object.")
' Get the Active Directory management agent object.
Set ManagementAgent = Service.Get("MIIS_ManagementAgent.Name='Active Directory MA'")
If Err.number <> 0 then
Call ErrorHandler("ERROR: Unable to locate management agent")
End If
' Get the GUID of the management agent.
MaGuid = ManagementAgent.GUID
' This is the distinguished name of the connector space object.
' Note that the distinguished name contains a backslash character that
' must be escaped.
DN= "CN=JeffSmith\\billing,DC=microsoft,DC=com"
' Create the WMI Query string.
WMIQuery = "Select * from MIIS_CSObject where MaGuid = '" & MaGuid & "' and DN = '" & DN & "'"
' Search for the connector space objects with the specified management
' agent GUID and distinguished name.
Set CsObjects = Service.ExecQuery(WMIQuery)
If Err.number <> 0 then
Call ErrorHandler("Could not create CSObjects collection.")
End If
If CsObjects.Count = 0 Then
If Err.number<>0 or IsNull(CsObjects) then
ErrorHandler("Error: No CsObject matched DN.")
Else
WScript.Echo "No CsObject matched DN."
WScript.Quit(2989)
End If
End If
' Display the connector space object properties.
WScript.Echo vbCrLf & "Successfully location CSObject..."
WScript.Echo vbCrLf & "CSObject Attributes:"
For Each CsObject IN CsObjects
WScript.Echo " Guid: " & CSObject.Guid
WScript.Echo " Dn: " & CSObject.Dn
WScript.Echo " ObjectType: " & CSObject.ObjectType
WScript.Echo " UserPrincipalName: " & CSObject.UserPrincipalName
WScript.Echo " Domain: " & CSObject.Domain
WScript.Echo " Account: " & CSObject.Account
WScript.Echo vbCrLF & " UnappliedExport"
WScript.Echo " " & CSObject.UnappliedExportHologram
WScript.Echo " EscrowedExport: " & CSObject.EscrowedExportHologram
WScript.Echo " UnconfirmedExport: " & CSObject.UnconfirmedExportHologram
WScript.Echo " PendingImport: " & CSObject.PendingImportHologram
WScript.Echo " Hologram: " & CSObject.Hologram
WScript.Echo " MvGuid: " & CSObject.MvGuid
WScript.Echo " MaGuid: " & CSObject.MaGuid
WScript.Echo " MaName: " & CSObject.MaName
WScript.Echo " PartitionGuid: " & CSObject.PartitionGuid
WScript.Echo " PartitionName: " & CSObject.PartitionName
WScript.Echo " PartitionDisplayName: " & CSObject.PartitionDisplayName
WScript.Echo " PasswordChangeHistory: " & CSObject.PasswordChangeHistory
Next
' Error handling subroutine.
Sub ErrorHandler( errorText )
WScript.Echo(vbcrlf & errorText)
WScript.Echo("Error number: " & Err.number)
WScript.Echo("Error Description: " & Err.Description)
WScript.Quit(2989)
End Sub
Search Using a Specified Domain and Account Name
You can search for connector space objects that are imported from an Active Directory Domain Services (AD DS), GALSync, or Windows NT 4 management agent by using the domain and account name of the object in the query.
The query specifies the account name and the fully qualified domain name of the connector space object. For each connector space object that is found with the specified name and domain, a counter is incremented and the name of the management agent that imported that object is displayed. If the connector space does not contain any objects that have the specified name and domain, the script returns a message that the object was not found.
The following VBScript example searches the connector space for a connector space object that has a specified domain and account name. The script obtains the GUID of the management agent and then creates a query string along with the distinguished name that is used in the WMI query. If the script finds a connector space object, the properties of that object are displayed.
Option Explicit
On Error Resume Next
Const PktPrivacy = 6 ' Authentication level
Dim Service ' Service object
Dim CsObjects ' Collection of connector space objects
Dim CsObject ' Connector space object
Dim MAObjects ' Collection of management agent objects
Dim MAObject ' Management agent object
Dim ObjCount ' Counter object
Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")
Dim SAMName ' sAMAccount name of the object
SAMName = "JeffSmith"
Dim DomainName ' Domain name used in the search
DomainName = "fabrikam.com"
Dim Query
Query = "Select * from MIIS_CSObject where FullyQualifiedDomain = '"
Query = Query & DomainName & "' and account = '" & SAMName & "'"
Set CsObjects = Service.ExecQuery (Query)
ObjCount = 0
For Each CsObject in Csobjects
ObjCount = ObjCount + 1
Query = "Select * from MIIS_ManagementAgent where guid='"& CSObject.MaGuid &"'"
Set MAObjects = Service.ExecQuery(Query)
For Each MAObject in MAObjects
Wscript.Echo "Imported from the " & MAObject.Name & " management agent."
Next
Next
If ObjCount = 0 then
WScript.Echo "The object with the name " & SAMName & " was not found."
End If
Sub ErrorHandler (ErrorMessage)
WScript.Echo ErrorMessage
WScript.Quit(1)
End Sub
Search Using a Specified Metaverse GUID
When you want to know which connector space objects are connected to a metaverse object, you can search for connector space objects that have the same GUID as the metaverse object.
Search Using A Specified Domain and User Principal Name
You can search for connector space objects that are imported using the Active Directory Domain Services or GALSync management agent that has a specified domain and user principal name.
The following VBScript example searches the connector space for a connector space object that has a specified domain and user principal name. The script creates a query string that uses the specified domain and user principal name that is used in the WMI query. If the script finds a connector space object, the properties of that object are displayed.
Option Explicit
On Error Resume Next
Const PktPrivacy = 6 ' Authentication level
Dim Service ' Service object
Dim ManagementAgent ' Management agent object
Dim CsObject ' Connector space object
Dim CsObjects ' Collection of connector space objects
Dim WMIQuery ' WMI Query string
' Create the service object.
Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")
If Err.number <> 0 then
Call ErrorHandler("Could not connect to computer.")
End If
WScript.Echo("Successfully created service object.")
WMIQuery = "Select * from MIIS_CSObject where Domain = 'Fabrikam' And UserPrincipalName = 'JeffSmith'"
' Search for the connector space objects with the specified management
' agent GUID and distinguished name.
Set CsObjects = Service.ExecQuery(WMIQuery)
If Err.number <> 0 then
Call ErrorHandler("Could not create CSObjects collection.")
End If
If CsObjects.Count = 0 Then
If Err.number<>0 or IsNull(CsObjects) then
ErrorHandler("Error: No CsObject with matching MA GUID or DN.")
Else
WScript.Echo "No CsObject with matching MA GUID or DN."
WScript.Quit(2989)
End If
End If
' Display the connector space object properties.
WScript.Echo vbCrLf & "Successfully located CSObject..."
WScript.Echo vbCrLf & "CSObject Attributes:"
For Each CsObject IN CsObjects
WScript.Echo " Guid: " & CSObject.Guid
WScript.Echo " Dn: " & CSObject.Dn
WScript.Echo " ObjectType: " & CSObject.ObjectType
WScript.Echo " UserPrincipalName: " & CSObject.UserPrincipalName
WScript.Echo " Domain: " & CSObject.Domain
WScript.Echo " Account: " & CSObject.Account
WScript.Echo " MvGuid: " & CSObject.MvGuid
WScript.Echo " MaGuid: " & CSObject.MaGuid
WScript.Echo " MaName: " & CSObject.MaName
WScript.Echo " PartitionGuid: " & CSObject.PartitionGuid
WScript.Echo " PartitionName: " & CSObject.PartitionName
WScript.Echo " PartitionDisplayName: " & CSObject.PartitionDisplayName
WScript.Echo " PasswordChangeHistory: " & CSObject.PasswordChangeHistory
Next
' Error handling subroutine.
Sub ErrorHandler( errorText )
WScript.Echo(vbcrlf & errorText)
WScript.Echo("Error number: " & Err.number)
WScript.Echo("Error Description: " & Err.Description)
WScript.Quit(2989)
End Sub
Search Using A Specified GUID
You can also use the GUID of a connector space object to search the connector space for it.
The following VBScript example searches the connector space for a connector space object that has a specified GUID. The script creates a query using the specified GUID that is used in the WMI query. If the script finds a connector space object with the specified GUID, the properties of that connector space object are shown.
Option Explicit
On Error Resume Next
Const PktPrivacy = 6 ' Authentication level
Dim Service ' Service object
Dim ManagementAgent ' Management agent object
Dim CsGuid ' Connector space object GUID
Dim CsObject ' Connector space object
Dim CsObjects ' Collection of connector space objects
Dim WMIQuery ' WMI Query string
' Create the service object.
Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")
If Err.number <> 0 then
Call ErrorHandler("Could not connect to computer.")
End If
WScript.Echo("Successfully created service object.")
' Create the WMI Query string
CsGUID = "{A67B447A-3788-419C-98B0-14B1D3CEE638}"
WMIQuery = "Select * from MIIS_CSObject where GUID = '" & CsGUID & "'"
' Search for the connector space objects with the specified management
' agent GUID and distinguished name.
Set CsObjects = Service.ExecQuery(WMIQuery)
If Err.number <> 0 then
Call ErrorHandler("Could not create CSObjects collection.")
End If
If CsObjects.Count = 0 Then
If Err.number<>0 or IsNull(CsObjects) then
ErrorHandler("Error: No CsObject with a matching GUID.")
Else
WScript.Echo "No CsObject with a matching GUID."
WScript.Quit(2989)
End If
End If
' Display the connector space object properties.
WScript.Echo vbCrLf & "Successfully located CSObject..."
WScript.Echo vbCrLf & "CSObject Attributes:"
For Each CsObject IN CsObjects
WScript.Echo " Guid: " & CSObject.Guid
WScript.Echo " Dn: " & CSObject.Dn
WScript.Echo " ObjectType: " & CSObject.ObjectType
WScript.Echo " UserPrincipalName: " & CSObject.UserPrincipalName
WScript.Echo " Domain: " & CSObject.Domain
WScript.Echo " Account: " & CSObject.Account
WScript.Echo " MvGuid: " & CSObject.MvGuid
WScript.Echo " MaGuid: " & CSObject.MaGuid
WScript.Echo " MaName: " & CSObject.MaName
WScript.Echo " PartitionGuid: " & CSObject.PartitionGuid
WScript.Echo " PartitionName: " & CSObject.PartitionName
WScript.Echo " PartitionDisplayName: " & CSObject.PartitionDisplayName
WScript.Echo " PasswordChangeHistory: " & CSObject.PasswordChangeHistory
Next
' Error handling subroutine.
Sub ErrorHandler( errorText )
WScript.Echo(vbcrlf & errorText)
WScript.Echo("Error number: " & Err.number)
WScript.Echo("Error Description: " & Err.Description)
WScript.Quit(2989)
End Sub
See Also
Reference
Concepts
Script Examples
Creating Scripts
How to: Enable Security in Scripts