Karchworld Identity

Adventures in identity management, federation, directory services, software engineering, computer science...

Automating the Clearing of a FIM Synchronization Server's of Run History

Automating the Clearing of a FIM Synchronization Server's of Run History

Rate This
  • Comments 1

As many of you know, periodically clearing of the FIM Synchronization Server's Run History is not only a good idea, it's a recommended practice. Since the run history is stored in the FIMSynchronizationService database, doing so serves to minimize the growth of it, which otherwise can grow to extreme sizes after a period of time if left unchecked. Doing so not only conserves space, but also serves to ensure that there is no degradation of performance in the moving between Management Agents and Operations tabs in the Synchronization Server Console. Anyway, enough with the sermon to the choir.

This blog entry contains three parts:

  • Part I - Instructions on how to set up the automate the clearing of the run history on the first of each month.
  • Part II - The scheduled task XML file that you can simply import into yoru scheduled task library and turn on
  • Part III - The PowerShell script that will the scheduled task will call to clear the logs.

BUT! Before we begin, a special thanks is due to one of the best FIM consultants with whom I have ever had the pleasure of working. His name is Oren Kwiatek and he is the author of the original script detailed in Part III of this post. He has since left Microsoft to form his own Washington DC based consulting firm specializing in FIM and IdM called Intellectix and he can be contacted at oren@intellectix.com

Part I - Instructions:

  1. Save the XML document in Part II to a file called FIM Clear History Runs.xml
  2. Save the PowerShell document in Part III to a file called FIMClearRuns.ps1
  3. Login the FIM Synchronization server with an account that is a member of the Domain Admins security group.
  4. Open Windows Explorer and create a new folder called Scripts under the following path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service. (Note: Do not change the location of this folder without also updating the XML file in Part II)
  5. Into the previously created folder, copy the following files from the deployment package:
    • FIMClearRuns.ps1
    • FIM Clear History Runs.xml
  6. Open the Windows Task Scheduler by navigating, Start --> Administrator Tools --> Task Scheduler.
  7. From the tree view on the left of the Task Scheduler, select and then right-click on the Task Scheduler Library entry and select New Folder. In the textbox on the modal dialog that appears, enter in the name FIM Automation and then click the OK button. The dialog will close and the folder will be created.
  8. From the tree view on the left of the Task Scheduler, select and then right-click on the newly created FIM Automation folder and select Import Task. An Open File dialog will appear.
  9. From the Open File dialog, navigate to the FIM Incremental Sync.xml file located in the following folder: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Scripts. The Create Task dialog will appear.
  10. On the Create Task dialog, click the Change User button and update the service account that should be used to execute the PowerShell file. I recommend the user of the FIM Sync Service account.
  11. On the Create Task dialog, click OK button. A dialog will appear to prompt you for the password for the service account specified to run this task. Enter the password for this account and click the OK button. Both dialogs will then close and the scheduled task ought to appear in the list under this folder.

Part II - FIM Clear History Runs.xml 

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2013-04-12T12:59:00.5037425</Date>
    <Author>NMIS\karcher_adm</Author>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>2011-02-28T01:00:00</StartBoundary>
      <Enabled>true</Enabled>
      <ScheduleByMonth>
        <DaysOfMonth>
          <Day>1</Day>
        </DaysOfMonth>
        <Months>
          <January />
          <February />
          <March />
          <April />
          <May />
          <June />
          <July />
          <August />
          <September />
          <October />
          <November />
          <December />
        </Months>
      </ScheduleByMonth>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>DOMAIN\FIM-SYNC-ACCOUNT</UserId>
      <LogonType>Password</LogonType>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT4H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>powershell.exe</Command>
      <Arguments>-command "&amp; 'C:\Program Files\Microsoft Forefront Identity Manager\Scripts\FIMClearRuns.ps1'"</Arguments>
    </Exec>
  </Actions>
</Task>

Part III - FIMClearRuns.ps1

####################################################################################################
# Script Name: FIMClearRuns.ps1
# Author: Oren Kwiatek
# Company: Microsoft Corporation
# Date:  03/24/2011
# Description: Performs a backup of the FIM run history then clears the runs
####################################################################################################

# Define Variables

$filePath = "C:\Program Files\Microsoft Forefront Identity Manager\Logs\Run History"

# Script Logic

$today = Get-Date
[datetime]$clearRunsEndingBefore = $today.ToString("yyyy-MM-01")
$fileName = "Run History for " + $clearRunsEndingBefore.AddDays(-1).ToString("yyyy-MM") + ".log"

if ((Test-Path $filePath) -eq $false)
{
 New-Item $filePath -type Directory
}

New-Item -path $filePath -name $fileName -type File

$runs = Get-WmiObject -Class MIIS_RunHistory -Namespace root/MicrosoftIdentityIntegrationServer

$runs | ForEach-Object {
 $run = $_

 If ([datetime]$run.RunEndTime -lt $clearRunsEndingBefore)
 {
  Write-Host ('Exporting ' + $run.RunEndTime)

  $run.RunDetails().ReturnValue >> $filePath\$fileName
 }
}

$mc = Get-WmiObject MIIS_Server -Namespace 'ROOT\MicrosoftIdentityIntegrationServer'
$inParams = $mc.psbase.GetMethodParameters('ClearRuns')
$inParams.EndingBefore = $clearRunsEndingBefore
$mc.psbase.InvokeMethod('ClearRuns', $inParams, $null)

Comments
  • In step 9, I assume you mean "FIM Clear History Runs.xml" instead of "FIM Incremental Sync.xml" ?

Page 1 of 1 (1 items)
Leave a Comment
  • Please add 4 and 5 and type the answer here:
  • Post