Creating Scripts to Run Management Agents

  • Article

The Identity Manager can create a Visual Basic Scripting Edition (VBScript) script that you can use to run a management agent from a command line or at a scheduled time. The generated script has all the commands needed to connect to the WMI Service of a local or remote server and run a specified management agent.

This topic describes the following procedures:

  • To create a script to connect to a local server
  • To specify alternative credentials
  • To modify the script to connect to a remote server

Caution  Do not run a management agent through a script when deleting any management agent as you can cause a failed run and/or corrupt a management agent configuration.

ms695395.wedge(en-us,VS.85).gifTo create a script to connect to a local server

  1. On the Tools menu, click Management Agents.
  2. In Management Agent, click the management agent for which you want to create a script for a run profile.
  3. On the Actions menu of Management Agent , click Configure Run Profiles.
  4. In the Configure Run Profiles dialog box, in Management agent run profiles, click the run profile for which you want to create a script, and then click Script
  5. In the Save As dialog box, type a name and location for the script, and then click Save.

The following example shows a script that was created using the previous procedure to connect to the WMI Service on a local server and then run the full import run profile of the Fabrikam HR MA management agent.

Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when Microsoft Identity Integration Server is on remote system.
rem
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
rem
Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set MASet   = Service.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{1D99EC00-87BC-41BF-A65D-AF46217AC686}'")

for each MA in MASet
    WScript.Echo "Running " + MA.name + ".Execute(""Full Import"")..."
    WScript.Echo "Run completed with result: " + MA.Execute("Full Import")
next

The script uses the credentials of the current user to run the script. If the current user is not a member of a group that has permissions to run the scripts, you can use the Run Ascommand to specify alternative credentials to run the script.

ms695395.wedge(en-us,VS.85).gifTo specify alternative credentials

  • At a command prompt, type the following command: "runas /user:<domain>\<user name> <script name>"

Substitute the appropriate user name and script name. For example, if the script name is fullimport.vbs and the alternative user name is Jeff, authenticated by the Fabrikam domain controller, you run the following at the command prompt: "runas /user:Fabrikam\Jeff fullimport.vbs"

You can modify the script to connect to a remote server by taking the following steps:

ms695395.wedge(en-us,VS.85).gifTo modify the script to connect to a remote server

  1. Open the script file in a text editor, such as the one in Visual Studio 2005 or in Notepad.

  2. Remove the text rem to enable the following line:

    rem Set Service = GetObject("MyServer", "root\MicrosoftIdentityIntegrationServer")

  3. Change MyServer to the name of your Microsoft Identity Lifecycle Manager 2007, Feature Pack 1 server.

  4. Add the text rem to the beginning of the following line to disable the line.

    Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")

  5. Save the file.

The following example shows a script that was modified to connect to a remote server using the current user credentials to run a management agent. The name of the server is FabrikamDomainSvr:

Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when Microsoft Identity Integration Server is on remote system.
rem

Set Service = Locator.ConnectServer("FabrikamDomainSvr", "root\MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
rem
rem Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set MASet   = Service.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{1D99EC00-87BC-41BF-A65D-AF46217AC686}'")

for each MA in MASet
    WScript.Echo "Running " + MA.name + ".Execute(""Full Import"")..."
    WScript.Echo "Run completed with result: " + MA.Execute("Full Import")
next

If you want to use alternative credentials to run the script remotely, use the runas command, as shown in the previous procedure.

Caution  We do not recommend storing user credentials in a script. If you need to run a script under a different user context, in most cases you should use the runas command to run the script. If you must include the user name and password in the script, store the script in a secure folder that has the same security level as the ILM 2007 FP1 folder. Limit access to that folder.

Caution  Do not use a script that connects to a remote server to connect to a local server. Specifying the user name and password in a script intended to connect to a remote server causes the connection to fail. For more information, see the strUser parameter in the topic SWbemLocator.ConnectServer in the Platform SDK.

You can use the Task Scheduler in Windows Server 2003 to run your scripts automatically. For more information about the Task Scheduler, see the Windows Server 2003 Help.

See Also

Creating an Executable File to Run a Management Agent

Send comments about this topic to Microsoft

Build date: 2/16/2009