Who has Registered for SSPR

The Following script can be used to determine who has Registered for Self Service Password Reset for Forefront Identity Manager 2010 R2 Special thanks to Markus Vilcinskas

### http://social.technet.microsoft.com/wiki/contents/articles/3616.how-to-use-powershell-to-export-all-users-who-have-registered-for-self-service-password-reset-sspr.aspx ###

set-variable -name URI -value “http://localhost:5725/resourcemanagementservice’ ” -option constant

set-variable -name CSV -value “RegistredResetPassUsers.csv”


If(@(Get-PSSnapin | Where-Object {$_.Name -eq “FIMAutomation”} ).count -eq 0) {Add-PSSnapin FIMAutomation}

$WFDFilter = “/WorkflowDefinition[DisplayName=’Password Reset AuthN Workflow’]”

$curObjectWFD = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($WFDFilter) -ErrorVariable Err -ErrorAction SilentlyContinue

$WFDObjectID = (($curObjectWFD.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq “ObjectID”}).value).split(“:”)[2]

$Filter = “/Person[AuthNWFRegistered = ‘$WFDObjectID’]”

$curObject = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($Filter) -ErrorVariable Err -ErrorAction SilentlyContinue

[array]$users = $null

foreach($Object in $curObject)


 $ResetPass = New-Object PSObject

 $UserDisplayName = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq “DisplayName”}).Value)

 $ResetPass | Add-Member NoteProperty “DisplayName” $UserDisplayName

 $Users += $ResetPass


$users | export-csv -path $CSV


## http://blogs.msdn.com/connector_space ##


Comments (4)

  1. @ Heather

    I just tested the script again in my environment and it creates the RegisteredResetPassUsers.csv file in the directory that you ran the script from

    Are you still getting the error?

    Are you running the script on the server that host the FIMService?

    Are you running the script in a powershell console running under an account that has permissions to read the FIMService?

  2. Heather says:

    I'm running this script, but only getting this in my csv file


    "Password Reset AuthN Workflow"

    How do we make it so it actually returns the user's information in the csv?

  3. Joe F are you still getting this error?

  4. Joe F says:

    keep getting error running script:

    You cannot call a method on a null-valued expression.

    At E:PSRegistredResetPassUsersTEST.ps1:11 char:148

    + $WFDObjectID = (($curObjectWFD.ResourceManagementObject.ResourceManagementAtt

    ributes | Where-Object {$_.AttributeName -eq "ObjectID"}).value).split <<<< (":


       + CategoryInfo          : InvalidOperation: (split:String) [], RuntimeExce


       + FullyQualifiedErrorId : InvokeMethodOnNull

    Enter 1 for Registered   or   2 for NOT Registered:

Skip to main content