PowerShell Connector

Last modified 13 Apr 2021 17:52 +02:00

Identity connector for PowerShell script execution on Windows servers.

Functionalitystable
Development statusdormant (not developed actively, but still somehow maintained)
Support statusdeprecated
OriginEvolveum
Support provided byEvolveum
Target systemsMicrosoft Windows Server 2012R2
Source codehttps://github.com/Evolveum/connector-powershell

Specialized connector that provides PowerShell scripting capabilities.

This connector is designed to be used as additional connector together with other connectors, usually Active Directory connector.

This connector is deprecated in favor of SSH connector.

Capabilities and Features

Schema

NO

Provisioning

NO

Live Synchronization

NO

Password

NO

Activation

NO

Paging support

NO

Native attribute names

NO

Scripting

YES

Command execution and Powershell by using WinRM (WS-MAN)

History

Version Origin Binary Sources Build Date ConnId Framework Bundled with midPoint Description

1.0

Evolveum

download jar

GitHub

3 Apr 2020

1.5.0.0

None

Initial version.
Separated from AD connector version 2.4

1.1

Evolveum

download jar

GitHub

21 July 2020

1.5.0.0

None

Option to disable certificate checks.

1.1.1

Evolveum

download jar

GitHub

6 August 2020

1.5.0.0

None

Fixing disableCertificateChecks: allowing FQDN and CN mismatch.

This connector was part of the LDAP Connector bundle. It was distributed together with LDAP Connector and eDirectory Connector. However, it was "unbundled" and it is now a separate connector.

This connector was "separated" from Active Directory Connector (LDAP) version 2.4.

Interoperability

Following versions of Windows servers are supported:

  • Microsoft Windows Server 20012R2

This connector is deprecated. The Win-RM services proved to be very problematic and unstable while using this connector. Fortunatelly, recent Windows servers have an option to install SSH servers. Use of SSH instead of Win-RM is strongly recommended. Please use SSH Connector instead of this connector whenever possible.

Connector is supported only in Java 11 environment.

MS Exchange Interoperability

Technically, this connector can be used to provision Microsoft Exchange servers in a indirect way by using PowerShell scripts.

Firstly, the Exchange attributes are accessible in Active Directory when the Exchange software is installed. The Active Directory Connector (LDAP) is needed to manage those attributes.

Secondly, this connector can be used to execute powershell scripts remotely using the WinRM interface. This feature can be used to manage Exchange mailboxes and additional settings. Please see Powershell Support in AD/LDAP Connector page for more details.

However, support for MS Exchange is not included in standard support for this connector (see below).

Support

This connector was deprecated in favor of SSH Connector.

This connector is still supported (but it is not bundled with midPoint support, it has to be purchased separately). However, there are limitations:

  • Only some Windows server versions are supported (see above)

  • PowerShell scripting implemented in this connector is supposed to be used to supplement creation of Active Directory (windows) accounts by using simple scripts. It is not supposed to be used to manage Microsoft Exchange accounts. Management of Exchange accounts can be quite a complex matter, requiring complicated PowerShell scripts. You can use this connector to manage Exchange accounts if you want to. However, when it comes to the content of the scripts you are on your own. You are responsible for the content of the scripts that the connector executes. Therefore if the script does not do what you think it should be doing then you have to fix it. This is not covered by support contract. If the script is not executed at all because of a bug in the connector then it is part of the support contract. But we are not responsible for the content of the scripts, we do not provide any official guidance on how those scripts should look like and what they should do. There may be some examples or hints in the documentation. But those should be considered to be examples only. We do not guarantee that they work.

Licensing

The connector itself is available under the terms of Apache License 2.0. We are not using any Microsoft library or any other component that might be subject to Microsoft licensing. To our best knowledge no extra license is needed to use the connector with Windows servers. However the Microsoft license texts are not entirely clear and we are not lawyers. Therefore it is recommended for each user to make his own analysis of the licensing issues. Please use your Microsoft support program and contact Microsoft with the licensing question when in doubt.