Microsoft Identity Integration Server 2003 Developer Reference

Creating Scripts to Run Management Agents

The Identity Manager can create a Visual Basic Scripting Edition (VBScript) script that you can use to run a management agent from a command line or at a scheduled time. The generated script has all the commands needed to connect to the WMI Service of a local or remote server and run a specified management agent.

This topic describes the following procedures:

Caution  Do not run a management agent through a script when deleting any management agent as you can cause a failed run and/or corrupt a management agent configuration.

To create a script to connect to a local server

  1. On the Tools menu, click Management Agents.
  2. In Management Agent, click the management agent for which you want to create a script for a run profile.
  3. On the Actions menu of Management Agent , click Configure Run Profiles.
  4. In the Configure Run Profiles dialog box, in Management agent run profiles, click the run profile for which you want to create a script, and then click Script
  5. In the Save As dialog box, type a name and location for the script, and then click Save.

The following example shows a script that was created using the previous procedure to connect to the WMI Service on a local server and then run the full import run profile of the Fabrikam HR MA management agent.

Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when Microsoft Identity Integration Server is on remote system.
rem
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
rem
Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set MASet   = Service.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{1D99EC00-87BC-41BF-A65D-AF46217AC686}'")

for each MA in MASet
	WScript.Echo "Running " + MA.name + ".Execute(""Full Import"")..."
	WScript.Echo "Run completed with result: " + MA.Execute("Full Import")
next

The script uses the credentials of the current user to run the script. If the current user is not a member of a group that has permissions to run the scripts, you can use the Run As command to specify alternative credentials to run the script.

To specify alternative credentials

Substitute the appropriate user name and script name. For example, if the script name is fullimport.vbs and the alternative user name is Jeff, authenticated by the Fabrikam domain controller, you run the following at the command prompt:runas /user:Fabrikam\Jeff fullimport.vbs

You can modify the script to connect to a remote server by taking the following steps:

To modify the script to connect to a remote server

  1. Open the script file in a text editor, such as the one in Visual Studio .NET or in Notepad.
  2. Remove the text rem to enable the following line: 
    rem Set Service = GetObject("MyServer", "root\MicrosoftIdentityIntegrationServer")
  3. Change MyServer to the name of your Microsoft Identity Integration Server 2003 server.
  4. Add the text rem to the beginning of the following line to disable the line. 
    Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
  5. Save the file.

The following example shows a script that was modified to connect to a remote server using the current user credentials to run a management agent. The name of the server is FabrikamDomainSvr:

Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when Microsoft Identity Integration Server is on remote system.
rem

Set Service = Locator.ConnectServer("FabrikamDomainSvr", "root\MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
rem
rem Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set MASet   = Service.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{1D99EC00-87BC-41BF-A65D-AF46217AC686}'")

for each MA in MASet
	WScript.Echo "Running " + MA.name + ".Execute(""Full Import"")..."
	WScript.Echo "Run completed with result: " + MA.Execute("Full Import")
next

If you want to use alternative credentials to run the script remotely, use the runas command, as shown in the previous procedure.

Caution  We do not recommend storing user credentials in a script. If you need to run a script under a different user context, in most cases you should use the runas command to run the script. If you must include the username and password in the script, store the script in a secure folder that has the same security level as the Microsoft Identity Integration Server 2003 folder. Limit access to that folder.

Caution  Do not use a script that connects to a remote server to connect to a local server. Specifying the user name and password in a script intended to connect to a remote server causes the connection to fail. For more information, see the strUser parameter in the topic SWbemLocator.ConnectServer in the Platform SDK.

You can use the Task Scheduler in Windows Server 2003 to run your scripts automatically. For more information about the Task Scheduler, see the Windows Server 2003 Help.

See Also

Creating an Executable File to Run a Management Agent