Jeremy and Craig had an interesting shoot out showing off their differing versions of reporting from FIM. Jeremy has an “agent” that he uses to pull the data out of FIM and store it in SQL, after which doing SSRS reports is not terribly difficult. Craig’s approach was to start off by creating a generic SSRS Data Processing extension for PowerShell, and then adjusted to pull data from FIM. Both approaches look very slick.
This session at TEC was quite interesting. Ikrima presented quite a lot of material about how to extend FIM with your own authentication activities, demonstrating a OTP password reset approach. Code is available at https://github.com/ikrima/Public-Development http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
Hey readers, our Identity Practice at Ensynch is keeping us very busy. We would like to have more Identity consultants as part of our team. Come work with me and the rest of our fantastically talented Identity Team. We are looking for people with experience in Forefront Identity Manager 2010 and people with experience in ADFS 2.0. We are looking for both Full Time Employees as well as people interested in being contractors for us.
After I introduced Brad Turner and turned the time over to him, he showed off some really cool FIM extensions to enable RBAC. He even showed how it fits the NIST RBAC definitions even through level 3. The key design decision was to extend the Set and Group objects. The Set then functions as a role. This allows for both explicit and criteria based membership. A new object type for a Role Membership allows for the user’s membership in a role to expire at an individual time.
I had a lot of fun presenting this session. Largely based on chapter 5 in volume 1 I showed how to decide on your High availability approach, how that impacts your topology choice, and then how to estimate your scale, load, and complexity points. Then based on those factors figure out how big to make your SQL Server that hosts the FIM service database. In the middle I did enjoy putting in a plug for our Ensynch sponsored green, dishwasher safe water bottles, as I took a drink of my fruit punch Gatorade mix.
I was looking forward to this one, but got called away. I hope to look at the slides soon. http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
At TEC 2011, Andreas Kjellman of Microsoft, who “owns” the FIM synchronization engine, showed off the upcoming EZMA framework. The problem: The existing eXtensible Management Agent (XMA) does not have a call based import method, we are limited to using GUIDs as the initial anchors, and we don’t have partitions in an XMA. Solution EZMA – which, IMO, will actually be a little harder to do than an XMA but will allow the developer to do much more that will make the FIM admin’s life easier.
James Booth former Microsoft Group Program Manager for MIIS (precursor to FIM) presented on using PowerShell to process files in preparation for consumption by FIM. James points out that “In the beginning, it was all files.” These call based MA’s are the new kids on the block, also said that at Microsoft in 2000 the philosophy was “XML is the answer, now what is your question?” James has posted his new commandlets to GitHub https://github.
I am already in Las Vegas, prepping to assist my fellow Ensynch coworkers, Joe Zamora, and Rebecca Croft as they lead an awesome value packed pre-conference workshop tomorrow (Sunday) morning at 8 AM to 12 PM (noon). Jerry Camel and Brad Turner will also be around to assist. There are so many good sessions to attend this time here are some of the ones I am looking forward to: Monday morning gets the FIMsters off to a great start with a choice of two great sessions:
After listening to many pleas for an e-book version of FIM Best Practices Volume 1, I have relented and created an e-book version. List price is $22.00 but here is a 10% off discount for the next week to $19.80. Most of the requests were for speed of delivery, searching, but the one that got me was a request based on eyesight made by Bill Singh. So you can all thank him for there being an e-book of volume 1.
