In the MIM Portal it will create issues if you have a group whose displayedOwner isn’t among the objects in the multivalued reference attribute Owner. Querying this through XPath is just about impossible so here is the SQL query to do it. SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED GO USE FIMService GO SELECT DOwn.* FROM ( SELECT groupObjID = G.[objectID] , GroupDisplayName = GAOVS.ValueString , userDisplayName= UAOVS.ValueString
Over the years since FIM was first beta’d as ILM2 we have seen some cool workflows be released to open source. This is my review of the workflows I can find that are open source. First let me salute everyone who has contributed to the FIM and MIM community with these big undertakings. That said I am trying to give guidance to my readers as to what is the most useful in various situations and so I will make specific recommendations.
Have you ever found out that attribute flow precedence is messed up, wrong or otherwise in error just after you followed the steps to migrate your MIM/FIM configuration from Dev to Prod or vice-versa? Well I am finally blogging about a discovery I made. The list of steps (reproduced below from the above link) are incomplete: Back up the pilot and production environments by using the Backup and Restore procedures.
In using the SharePoint MA from Steve Kean I noticed that some of the fields I imported were coming in with some extra noise or crap at the beginning: String;#164 All I really wanted was the 164. While I can use the Word function in a sync rule to get past it Word(strAttribute,2,“2”) I really would prefer to bypass it altogether. Well thanks to Jermaine Snipe I found why this happens and how to bypass it:
At various times in my 10 years of Identity Management Consulting and 25 years working in the IT industry I have been asked to clean up various messes generated by those before me. Some of those messes involved disk failure or other issues that couldn’t be completely prevented. But some involved automated process that didn’t check their inputs. If garbage into a computer gives you garbage out, then garbage into an automated process that doesn’t check its inputs gives you a meltdown!
Recently, I needed to take Longitude and Latitude data that was given to me in the following format and break it into its individual components and then flow it out to AD. Let’s suppose the data looks like this: “Point -10.1223 45.945” I could just use the Left and Right functions to get out the Longitude and Latitude. The problem was it could also look like this depending on the level of precision:
Back in 2013 I published 5 posts about the Secrets of the Metaverse: Parts 1-5: What is the Metaverse? How is the Metaverse data stored? Is there a limit to how many Metaverse attributes I can have? Has access to the metaverse gotten faster with recent releases? How do I safely query the metaverse? Added (Aug 5 2015): How Many Metaverse Attributes can I have? The third post was about how many attributes you can have in the Metaverse in which I said that the mms_metaverse_lineageguid table limits us to 502 single valued non-reference attributes in the Metaverse.
MIM 2016 is now available MIM – Microsoft Identity Manager 2016 builds on and replaces Microsoft’s Forefront Identity Manager 2010 R2. On Microsoft’s site they include an introductory (2 min) video about Hybrid Identity but don’t mistake that for the MIM UI. So has anything been removed? No. While the list of deprecated features are still deprecated none of them have been removed from this new version. So what’s new?
‘Twas the night before Christmas, when all through the internet Not an identity was stirring, not even a Passport .NET The user accounts requests were submitted with care Hoping that their access would soon be there The users were nestled all snug in their beds While visions of being able to do their jobs danced in their heads The servers and computers were in sleep mode Awaiting someone to move a mouse and send the wake up code
Years ago, I walked into the client site a few months into an Identity Management project, and the PM told me his account had been deactivated by mistake as an employee with the same last name and same first initial was terminated, and they termed his account by mistake. Ironic. A few years before that I visited a client whose VP of HR had his account disabled when they let the janitor go.