Batch Process an Array via Powershell for FIMService write back (Or any PS scenario)


A long time ago I wrote a post showing how you can do Composite write-back to FIMService via Powershell. That used “Search-ResourcePaged” command from the Lithnet Module. But it’s not helpful in the scenario where you already have a list of users (say an exported CSV or a text file) you want to perform some action on. In that scenario, XPath is not needed (and might not help if there is no pattern to search) as you already have your objects to work on.

So say, for example, I have a list of 10000 objectID from FIM and want to delete them.

Simple way will be

Pretty simple but will take about 1/sec and take 10000 seconds to do it.

Yeah I am not going to wait that long…

Did some RnD (and Google) and found some different ways of going about it..

One way was doing ForEach -Parallels flag. I tried it but actually had a reverse affect for me… I did it wrong obviously.. It worked but took long/er for some reason (Even with -throttlelimit set)… Moved on… Went above my head for the limited time I had to do the job.

Then found a pretty simple way to do it online and made some modification to suit my scenario


Voila!!! it’s done in seconds. It will send batch of 1000 objects at a time to FIMService as a composite request and do them quickly. I did like 10000 in 10-15 seconds or so. You can also import a csv/txt file and create an array as well.

I am not a powershell expert and it may not be perfect or most elegant way of doing it but gets the job done quickly.

You can use the logic for virtually anything and not just to write back to FIMService. But yeah helped me to do large modifications / deletes pretty quickly.

Till the next time…

Powershell Tip: FIM/MIM Explicit Disconnectors be gone… quickly!!!

Happy New Year!!! Hope everyone had a great 2017 and hopefully an even better 2018

If you know disconnectors then you definitely know how irritating the FIM/MIM GUI can be to convert a disconnector from explicit to normal or vice versa when you have potentially 10’s or 100’s of them… Joiner tab isn’t really friendly to select multiple disconnectors and “batch” convert them.

Thanks to Lithnet MIIS Powershell you can do the conversion of 100’s of them in 1 line and in couple of seconds

If you have a MA with 100’s of explicit disconnectors just run the following command (replacing the <MA NAME> with the ….. MA Name )

Done… Simples…¬†You can ofcourse do the opposite as well if you wish i.e. Normal disconnectors -> Explicit Disconnectors.

MIM AD Sync Error: Unable to update the password – Another POV

So we sync AD users from cross-domain (not a single forest). So say from “DC=contoso,DC=com” to “DC=fabrikam,DC=com”. Not getting too much into it, we do some matching and rules extension to convert a few value to match the destination domain.

Have recently been seeing the following error when sync engine is trying to enable a disabled user in fabrikam domain.


Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.

Although the password policy is the same between the two domains.

After a tip, for some reason after the user was synced but for some reason the password was not set. And when it was trying to enable the users, it didn’t have a password and failing the domain policy.

Fix: I got the list of users failing from MIM and set their password manually in the destination by using the following script


After this, the sync engine fixed the user up automatically.

Powershell Tip: Send quick Email when a service goes down [Update: And bring it back up]

Yes we have SCOM monitoring and stuff, but if some testing or debugging is going on and do don’t want to do down the hassle of setting up alerts and just simply want to get notified when a service goes down, here is a simple script


It’s pretty self explanatory.

You can also send it to multiple recipients


Voila!! It will check every 10 seconds and if the service is in any other state apart from “Running”, it will send you an email and stop execution.

Update: And easy to bring it back up when it goes down. Run the following in PS as Admin. It will send a mail when service is down and bring it back up.



AzureAD: Get List of all users with a particular license

You might have to do reporting and want a list of all users in Azure AD which have a particular license..

Following is an easy way to do so

Get-MsolAccountSku will give you a table of all the License Types you have and count

AccountSkuId ActiveUnits WarningUnits ConsumedUnits

You can then choose the AccountSkuId you want to report on and pass that in the “TENANTNAME:AAD_PREMIUM” of the Get-MSOLUser command

It took me about 20 min to run this report for about 155000 users

%d bloggers like this: