CSExport and PowerShell

  • Article

One of the really useful tools that is often overlooked with FIM is the CSExport utility.  CSExport has been around for a long time and allows you to dump connector space object into an XML file.  Often times you might need to grab some piece of information from an export (or import) and consume the data to use for something else.  I ran into such a case today while at a customer location and wanted to share how you can make take advantage of this utility.

So let me give you an example of how I was able to put this to use in my environment.

As I was troubleshooting some provisioning issues in a lab environment today, I determined that I need to delete the objects from Active Directory so the provisioning code could be executed again.  From a PowerShell perspective all I really needed was the DN of the user object to pipe to the Remove-ADUser cmdlet.  Since all of the information is available in the error data, you just need to have a method for getting to it (this is where CSExport comes in).

CSExport will allow you to get to all of this data and dump it to an XML where you can then consume it with PowerShell in a pretty quick fashion!

For more info on the usage for the utility see the link below.

https://technet.microsoft.com/en-us/library/jj590346(v=ws.10).aspx

In my case, I had all of the export errors and just need to dump the data to an XML.  So I started by opening a command prompt (or PowerShell prompt) and navigating to the C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization\Bin folder and launching the CSExport utility.

To dump the data I used the command below.

. \CSExport.exe "ADMA" errorList.xml /fe

This actually gives an output XML file with all of the connector space information needed to feed to the AD cmdlet.

From here I was able to read the content of the file in using the following PowerShell command.

[xml]$CSErrorObjects = get-content .\errorList.xml

Now I have all of the information I need to work with, the next step is to select the XML nodes for consumption by PowerShell.

$csObjects = $CSErrorObjects.SelectNodes("/cs-objects/cs-object")

At this point all I need to do is loop through the collection and execute the command!

$csObjects | foreach-object {remove-aduser $_.'cs-dn' -confirm:$false}

As you can see this simple utility gives a great deal of flexibility for pulling information out of the connector spaces to take action on especially if you are running into errors that can be remediate in bulk.

Enjoy!