I think I found a bug in FIM Version 4.0.3576.2 take a look: It appears that when you have a multi-valued string attribute when you add more than 1 value at a time and you need approval to create the object or to update the attribute, the request will fail. In the event log you will see an error (UnwillingToPerformException … CREATE UNIQUE INDEX statement terminated because a duplicate key was found for the object).
Rebecca, a fellow Ensynchian, presented at TEC 2011 on the limitations of the standard out of the box SQL Management and how she overcame them by writing a very fast eXtensible Management Agent (XMA). First attempt use ado.net sql reader to read data (really fast) and write one row at a time to the AVP file (but that gets slow when dealing with large data sets). Second attempt use the T-SQL “FOR XML” clause to transform the data to XML and then use an XSLT to transform to LDIF.
As previously discussed the RCDC is a very powerful tool for customizing FIM without writing your own front-end and web client. There are several drawbacks to the RCDC. The worst is that you have to export the RCDC to an xml file, open it up in your favorite XML editor, modify it by hand, load it back into the FIM Portal and then run iisreset. All of which means that mistakes are quite painful, as it can take you several minutes to discover your mistake.
Ok I just had to blog this. I created a custom resource type in FIM for resource mailboxes (Room and Equipment) with accompanying RCDC’s. Based on a Boolean attribute I hide or make visible a tab of info about Room resources on the edit and view RCDC’s. (You can’t do that to the create RCDC because the object doesn’t yet exist) But, I would like to make room number on the Hidden tab to be required when the tab is visible, and not when the tab isn’t.
At Tech Ed Atlanta Brjann Brekkan and Mark Wahl discussed FIM 2010 R2 in a public forum – so here is a lot of info that is now in the public forum. Mark covered the new items that will come out in R2: Web Based Password reset (no need for a domain joined computer, no need to install Password Client no need for Active X, support for Firefox)
Now you can be informed about FIM 2010 hotfixes through an RSS newsfeed http://services.social.microsoft.com/feeds/feed/FIM2010_Hotfixes http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
Carol presented a solution to a very thorny problem – how to overcome the lack of delegation in BPOS. In BPOS a user is either an admin or a user. So she used FIM to provide the delegation. Very detailed, very complete solution. She illustrated some of the scripts she has posted on her blog such as http://www.wapshere.com/missmiis/a-script-to-create-sets-and-mprs-from-templates Well done Carol! http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
Link to Jeremy and Craig’s solution please? Sami - Jul 1, 2011Link to Jeremy and Craig’s solution please? http://www.identitytrench.com/2010/11/simple-reporting-in-fim-2010-with-ssrs.html
Jeremy and Craig had an interesting shoot out showing off their differing versions of reporting from FIM. Jeremy has an “agent” that he uses to pull the data out of FIM and store it in SQL, after which doing SSRS reports is not terribly difficult. Craig’s approach was to start off by creating a generic SSRS Data Processing extension for PowerShell, and then adjusted to pull data from FIM. Both approaches look very slick.
This session at TEC was quite interesting. Ikrima presented quite a lot of material about how to extend FIM with your own authentication activities, demonstrating a OTP password reset approach. Code is available at https://github.com/ikrima/Public-Development http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
