Running MSOnline module with fimpowershellwf

Jun 27, 2014 at 11:42 AM
Hi Everyone,

I am a student and actually working on FIM project.
I have written a script that connects to msonline in order to retrieve users information on office365 but when I add the script to the workflow and run it no thing happens!
When I run the same script outside the workflow it works perfectly!

I will be grateful if you could help.
Kind regards.
Louban.
Jun 27, 2014 at 4:51 PM
Hello Louban59,

I also encountered the same situation when I tried to execute my first PowerShell Workflow Activity from FIM (2010 r2 sp1). I found that there are many things that can cause a script to fail to execute and that the tools available to diagnose these issues (IMO) are sparse and inconclusive.

Since you say that the script executes perfectly outside the workflow, but you don't say under what user's session, I will point out that FIM normally executes PowerShell scripts under the install admin account (unless you specify impersonate in the workflow definition).

If the script executes successfully under your login but fails when logged in as the service account, then I recommend that you check whether PowerShell script execution (for the admin user account that FIM is using to execute your script under) has permissions to execute PowerShell scripts on that FIM server. This is because PowerShell script execution is disabled for all users (including admins) by default but that policy can (and usually is) changed by one, or more, of the 4 PowerShell Profile scripts that can be used (by an admin) to change the Execution Policy default setting from "Restricted" to a sufficient setting (e.g. "RemoteSigned"), and to a sufficient scope (that includes the admin user executing the script).

Log on to the FIM system as the involved service account and open up a PowerShell command or ISE window and run Get-ExecutionPolicy and see if it returns "Restricted" (the Windows default). If so, it can be changed (for the current session) by an administrator by running the PowerShell cmdlet Set-Execution Policy -ExecutionPolicy remotesigned. The user executing the script must also be a valid FIM user and a member of the FIM admin. Run Get-Help Set-ExecutionPolicy -Full to find out more about the options available for PowerShell Script permissions. I also found Ed Wilson's "Microsoft Windows PowerShell Best Practices" (pages 139-146) to be extremely helpful.

Added Notes:
 1.  FIM Authentication workflows cannot utilize the FIM PowerShell Workflow Activity.
 2.  PowerShell write-host functionality will fail in a FIM PowerShell Activity script since there is no PowerShell console in FIM.
I hope that the above helps.

Regards,

Mike Lane
Jun 27, 2014 at 5:22 PM
Hi Mike,

Thanks a lot for your quick reply.
I found solution to the problem this afternoon.

Exactly you are right the problem was about FIM user account rights.

Kind regards.