Tips for using PowerShell scripts
For examples of syntax and usage for PowerShell scripts in One Identity Manager, see https://github.com/OneIdentity/IdentityManager.PoSh. Take note of the installation prerequisites and information given there.
By default, the PowerShell module tries to load all referenced DLLs from a valid One Identity Manager installation. In the default installation, One Identity Manager is installed under:
Using dollar ($) notation
$ notation is used to access object properties in .
Syntax
$<definition>:<data type>{<format>}$
If you are using dollar notation you need to ensure that the value is allocated the correct data type. Dollar notation returns a String type by default.
Permitted data types are:
Binary
Bool
Byte
Date
Decimal
Double
Int
Long
Short
String (default)
Text
The format specification is optional. If the format is specified, the target type of the expression is a string. If the format is not specified, it is the specified data type.
The format specifications correspond to the format strings of the string.format function for the individual types. For more information about the format string, see https://docs.microsoft.com/en-us/dotnet/standard/base-types/composite-formatting#format-string-component.
Example: Use of dollar ($) notation with format specification
$MaxValidDays:Int{000}$
with the value 42 give the result "042"
$XDateUpdated:Date{t}$
gives "11:16"
$DateLastWorked:Date{o}$
gives "2025-12-15T22:59:00.0000000Z"
NOTE: If you want to use a dollar $ sign in scripts, without it representing access to a column name, you must mask it by doubling.
Example:
In PowerShell scripts, instead of:
theScript.AppendLine("foreach ($Domain in $Domains)")
use:
theScript.AppendLine("foreach ($$Domain in $$Domains)")
Detailed information about this topic
Accessing local object columns
Syntax
$<column name>:<data type>{<format>}$
Examples for use in templates
The Active Directory user display name should comprise of the first and last name of the Active Directory user. The template for ADSAccount.Displayname is:
If $Givenname$<>"" And $Surname$<>"" Then
Value = $Surname$ & " " & $Givenname$
ElseIf $Givenname$<>"" Then
ElseIf $Surname$<>"" then
End If
If an identity is disabled, the leaving date should be set. The template for Person.Exitdate is:
If $IsInActive:bool$ Then
End If
Accessing columns of an object connected by a relation
The only relation currently permitted is the foreign key relation.
Syntax
$FK(<foreign key column>).<column name>:<data type>{<format>}$
Example for use in templates:
An Active Directory user’s first name should based on the assigned identity. The template for ADSAccount.Givenname is:
Value = $FK(UID_Person).Firstname$