Status
| Functionality | Deprecated (if favor of SSH Connector) |
|---|---|
| Support status | Supported |
| Support provided by | Evolveum |
| Origin | Evolveum |
| Target systems | Microsoft Windows Server 2012R2 |
| Notes | Only scripting operations are supported |
Description
Specialized connector that provides PowerShell scripting capabilities.
Protocol | Win-RS (WS-MAN) |
|---|---|
Framework | ConnId 1.5.x |
Bundle name | com.evolveum.polygon.connector.powershell |
Connector name | com.evolveum.polygon.connector.powershell.PowerShellConnector |
Capabilities and Features
| Schema | NO | |
|---|---|---|
Provisioning | NO | |
Live Synchronization | NO | |
Password | NO | |
Activation | NO | |
Paging support | NO | |
| Native attribute names | NO | |
| Scripting | YES | Command execution and Powershell by using WinRM (WS-MAN) |
History
This connector was "separated" from Active Directory Connector (LDAP) version 2.4.
Versions
This connector is part of the LDAP Connector bundle. It is distributed together with LDAP Connector and eDirectory Connector.
Version | Origin | Binary | Sources | Build Date | ConnId Framework | Bundled with midPoint | Description |
|---|---|---|---|---|---|---|---|
| 1.0 | Evolveum | 3 Apr 2020 | 1.5.0.0 | None | Initial version. | ||
| 1.1 | Evolveum | 21 July 2020 | 1.5.0.0 | None | Option to disable certificate checks. | ||
| 1.1.1 | Evolveum | 6 August 2020 | 1.5.0.0 | None | Fixing disableCertificateChecks: allowing FQDN and CN mismatch. |
Interoperability
Following versions of Windows servers are supported:
- Microsoft Windows Server 20012R2
This connector is deprecated. The Win-RM services proved to be very problematic and unstable while using this connector. Fortunatelly, recent Windows servers have an option to install SSH servers. Use of SSH instead of Win-RM is strongly recommended. Please use SSH Connector instead of this connector whenever possible.
Connector is supported only in Java 11 environment.
MS Exchange Interoperability
Technically, this connector can be used to provision Microsoft Exchange servers in a indirect way by using PowerShell scripts.
Firstly, the Exchange attributes are accessible in Active Directory when the Exchange software is installed. The Active Directory Connector (LDAP) is needed to manage those attributes.
Secondly, this connector can be used to execute powershell scripts remotely using the WinRM interface. This feature can be used to manage Exchange mailboxes and additional settings. Please see Powershell Support in AD/LDAP Connector page for more details.
However, support for MS Exchange is not included in standard support for this connector (see below).
Support
This connector was deprecated in favor of SSH Connector.
This connector is still supported (but it is not bundled with midPoint support, it has to be purchased separately). However, there are limitations:
- Only some Windows server versions are supported (see above)
- PowerShell scripting implemented in this connector is supposed to be used to supplement creation of Active Directory (windows) accounts by using simple scripts. It is not supposed to be used to manage Microsoft Exchange accounts. Management of Exchange accounts can be quite a complex matter, requiring complicated PowerShell scripts. You can use this connector to manage Exchange accounts if you want to. However, when it comes to the content of the scripts you are on your own. You are responsible for the content of the scripts that the connector executes. Therefore if the script does not do what you think it should be doing then you have to fix it. This is not covered by support contract. If the script is not executed at all because of a bug in the connector then it is part of the support contract. But we are not responsible for the content of the scripts, we do not provide any official guidance on how those scripts should look like and what they should do. There may be some examples or hints in the documentation. But those should be considered to be examples only. We do not guarantee that they work.
Licensing
The connector itself is available under the terms of Apache License 2.0. We are not using any Microsoft library or any other component that might be subject to Microsoft licensing. To our best knowledge no extra license is needed to use the connector with Windows servers. However the Microsoft license texts are not entirely clear and we are not lawyers. Therefore it is recommended for each user to make his own analysis of the licensing issues. Please use your Microsoft support program and contact Microsoft with the licensing question when in doubt.