PowerShell Connector
Identity connector for PowerShell script execution on Windows servers.
| Functionality | stable |
| Development status | dormant (not developed actively, but still somehow maintained) |
| Support status | obsolete |
| Origin | Evolveum |
| Support provided by | Evolveum |
| Target systems | Microsoft Windows Server 2012R2 |
| Source code | https://github.com/Evolveum/connector-powershell |
Specialized connector that provides PowerShell scripting capabilities.
This connector is designed to be used as additional connector together with other connectors, usually Active Directory connector.
|
Obsolete
This connector is obsolete.
It is no longer supported or maintained.
Please use SSH Connector instead.
|
Capabilities and Features
Schema |
NO |
|
|---|---|---|
Provisioning |
NO |
|
Live Synchronization |
NO |
|
Password |
NO |
|
Activation |
NO |
|
Paging support |
NO |
|
Native attribute names |
NO |
|
Scripting |
YES |
Command execution and Powershell by using WinRM (WS-MAN) |
History
| Version | Origin | Binary | Sources | Build Date | ConnId Framework | Bundled with midPoint | Description |
|---|---|---|---|---|---|---|---|
1.0 |
Evolveum |
3 Apr 2020 |
1.5.0.0 |
None |
Initial version. |
||
1.1 |
Evolveum |
21 July 2020 |
1.5.0.0 |
None |
Option to disable certificate checks. |
||
1.1.1 |
Evolveum |
6 August 2020 |
1.5.0.0 |
None |
Fixing disableCertificateChecks: allowing FQDN and CN mismatch. |
This connector was part of the LDAP Connector bundle. It was distributed together with LDAP Connector and eDirectory Connector. However, it was "unbundled" and it is now a separate connector.
This connector was "separated" from Active Directory Connector (LDAP) version 2.4.
Interoperability
Following versions of Windows servers are supported:
-
Microsoft Windows Server 20012R2
This connector is obsolete. It is not supported. The Win-RM services proved to be very problematic and unstable while using this connector. Fortunately, recent Windows servers have an option to install SSH servers. Use of SSH instead of Win-RM is strongly recommended. Please use SSH Connector instead of this connector whenever possible.
MS Exchange Interoperability
Technically, this connector can be used to provision Microsoft Exchange servers in an indirect way by using PowerShell scripts.
Firstly, the Exchange attributes are accessible in Active Directory when the Exchange software is installed. The Active Directory Connector (LDAP) is needed to manage those attributes.
Secondly, this connector can be used to execute powershell scripts remotely using the WinRM interface. This feature can be used to manage Exchange mailboxes and additional settings. Please see Powershell Support in AD/LDAP Connector page for more details.
However, support for MS Exchange is not included in standard support for this connector (see below).
Support
This connector was deprecated in favor of SSH Connector.
This connector is not supported any more (but it is not bundled with midPoint support, it has to be purchased separately).
Even when the connector was supported, there were limitations:
-
Only some Windows server versions were supported (see above)
-
PowerShell scripting implemented in this connector was supposed to be used to supplement creation of Active Directory (windows) accounts by using simple scripts. It was not supposed to be used to manage Microsoft Exchange accounts. Management of Exchange accounts can be quite a complex matter, requiring complicated PowerShell scripts. You can use this connector to manage Exchange accounts if you want to. However, when it comes to the content of the scripts you are on your own. You are responsible for the content of the scripts that the connector executes. Therefore if the script does not do what you think it should be doing then you have to fix it. This is not covered by support contract. If the script is not executed at all because of a bug in the connector then it is part of the support contract. But we are not responsible for the content of the scripts, we do not provide any official guidance on how those scripts should look like and what they should do. There may be some examples or hints in the documentation. But those should be considered to be examples only. We do not guarantee that they work.
Licensing
The connector itself is available under the terms of Apache License 2.0. We are not using any Microsoft library or any other component that might be subject to Microsoft licensing. To our best knowledge no extra license is needed to use the connector with Windows servers. However the Microsoft license texts are not entirely clear and we are not lawyers. Therefore it is recommended for each user to make his own analysis of the licensing issues. Please use your Microsoft support program and contact Microsoft with the licensing question when in doubt.