Blog

MIMWAL Can run PowerShell 3.0 and beyond without PSRemoting or Start-Process!

I just discovered that a colleague had several years prior managed to get MIMWAL PowerShell Activity to run Get-ADUser and other commandlets from the Active Directory Module (which requires PowerShell 3.0 or later) without using PowerShell Remoting or starting a new Process with Start-Process. <Caution> Per Eugene Sergeev This breaks SSPR AuthN workflows. </Caution> So if you aren’t using SSPR through MIM this might be an option for you!

Continue reading

SSL v TLS with EntraID Sync and MIM's Generic LDAP Connector

Everyone knows that SSL is vulnerable and we should therefore use TLS. What isn’t well understood is the options presented for Binding (authentication) when using the Generic LDAP Connector with AADConnect or the Generic LDAP ECMA 2.x with MIM. We are presented 5 options: Anonymous Basic Kerberos SSL TLS When we tested we could get the SSL option to work over port 636, and we could get the TLS option to work on port 389 but we couldn’t get the TLS option to work over port 636.

Continue reading

What does MIM's StoreChk.exe do?

I watched through SQL Profiler to better understand what these checks do, and I found an error with check #10. It says it is “Checking Lineage Guid table for MV objects with invalid MV object ids” but the SQL query it issues is the same as the query for Check # 9 “Checking Lineage Date table for MV objects with invalid MV object ids.” It queries the Lineate Date table instead of the Lineage GUID table like it says.

Continue reading

MIM StoreChk.exe Assumes SQL is Local

On occasion you (usually with the help of PSS – Product Support Services) may need to verify the integrity of the MIM Synchronization Service Database. To do this you can use the Store Check tool, StoreChk.exe located in the bin folder under the root of your MIM Synchronization install. While the storechk tool does read the registry to find the name of the database (almost always is FIMSynchronizationService) it does not read the Server or Instance name registry values in the parameters key of the registry.

Continue reading

SQL Always On Availability Groups for MIM

Image from: https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/availability-group-overview Edited July 2 2022 after reviewing my Facebook discussion with Eugene Sergeev on Microsoft’s product team. MIM 2016 SP2 (and 4.4.1459.0 or later supports SQL Server Always On Availability Groups (AG))! Yeah! Ok let’s implement it! But wait! It won’t give us all we hope for! Up to the moment distributed backup of the data – yes! Automatic instant failover – not without a huge caveat! What do you mean it won’t give us Automatic Instant Failover?

Continue reading

Wanted: Up and coming Cyber Security Professionals

Cyber Security – Identity Management Implementer Secure your identities against the dangers of the Cyber World, automate the repetitive, and empower your users! Let’s Shut the front door on the most obvious vector for Cyber-attacks Reduce the IT department’s compliance burden (SOX, HIPAA, FERPA, GLBA, ISO etc). Free IT people to do tasks that require more brain power By Automating the drone-like work of managing user identities

Continue reading

MIM Portal Groups whose displayedOwner isn't among the Owners

In the MIM Portal it will create issues if you have a group whose displayedOwner isn’t among the objects in the multivalued reference attribute Owner. Querying this through XPath is just about impossible so here is the SQL query to do it. SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED GO​ USE FIMService​ GO​ ​ SELECT DOwn.* FROM (​ SELECT groupObjID = G.[objectID]  , GroupDisplayName = GAOVS.ValueString  , userDisplayName= UAOVS.ValueString

Continue reading

Latency vs the Cloud

“The cloud is so fast! We can spin up servers and services so quickly to extend our environment and then all the users across the globe can access these services, so why does it take so long for you to get our users into the cloud?” (Latency) x (# of Round Trips) Most Cloud Identity Management APIs are built so that consumers must retrieve the data one object at a time or load it one object at a time.

Continue reading

MIM Open Source Schedulers

Your MIM installation is in, the config is done, programming all set and now to automate the running of the Management Agents. Options? Most people use Windows Task Scheduler with a PowerShell script or VBScript – which works but can get cumbersome to maintain. With my SQL Server background, I often use SQL Server Agent Jobs because it has much better follow up and executing database commands. Task Scheduler – runs as a windows service

Continue reading

MIM Open Source Schedulers - Comments

A friend have point out that my run script was men… Andas - Apr 0, 2019A friend have point out that my run script was mentioned in you blog. Have new version that I have used some time but not update on Github, have done so now. The new version have some nice more functions, so you may script disconnects and previews. I also recommend take look on MIM-Powershell-Agent, that is powershell agent and is passible run rules extensions as powershell script in MIM for any other.

Continue reading