ILM

How many attributes can you have in the Metaverse?

Back in 2013 I published 5 posts about the Secrets of the Metaverse:

Parts 1-5:

1. What is the Metaverse?
2. How is the Metaverse data stored?
3. Is there a limit to how many Metaverse attributes I can have?
4. Has access to the metaverse gotten faster with recent releases?
5. How do I safely query the metaverse?
6. Added (Aug 5 2015): How Many Metaverse Attributes can I have?

The third post was about how many attributes you can have in the Metaverse in which I said that the mms_metaverse_lineageguid table limits us to 502 single valued non-reference attributes in the Metaverse. This is still correct but a client told me of a scenario they encountered where the lineageguid table prevented them from getting to over 450 attributes and they encouraged me to blog about how they solved it.

Continue reading

The MVP 7 year itch

Congratz, David…

Søren Granfeldt - Jul 1, 2013

Congratz, David…

Continue reading

The MVP 7 year itch

This morning I received an email letting me know that for the 7th time (every year since 2007) I have been honored by Microsoft with the Microsoft Most Valuable Professional (MVP) Award. All 7 times I have received the award for my “outstanding contributions in Forefront Identity Manager technical communities” and its predecessors.

In 2007 despite the product rename Identity Lifecycle Manager (ILM) 2007 the MVP award was for Microsoft Identity Integration Server (MIIS) 2003. By 2008 it was changed to ILM, in 2010 it was changed to FIM.

Continue reading

FIM Pitfall for old ILM hands

In the days of MIIS 2003 and ILM 2007 we usually wrote our provisioning code to provision a new AD account only when the particular metaverse object didn’t already have any connectors in the AD connector space. With FIM your outbound synchronization rule is quite happy to provision another AD account if the existing one it is joined to doesn’t meet the relationship criteria. So I have usually been in the habit of not worrying about extraneous provisioning if I already had an account connected to that metaverse object.

Continue reading

FIM 2010 RTM Today!

Today, March 2, at the RSA conference Microsoft announced the release to manufacturing of Forefront Identity Manager 2010 (FIM, formerly codenamed ILM “2”) with General Availability starting next month.

Download the eval here:

Microsoft® Forefront™ Identity Manager 2010 Evaluation Version

Yeah!

FIM gives us capabilities for User provisioning (and deprovisioning), Group management, Self-Service Password Reset, Password Synchronization, Workflows with Approvals, User profile self-service management, and accomplishing these items through Declarative Provisioning. Yet FIM retains an incredible set of extensibility points, allows customization of the Portal, schema of the objects, managing new systems, custom workflows, custom clients to the FIM web service.

Continue reading

Final Update for FIM RC1 released

On Friday the product group released Update 3 for Forefront Identity Manager 2010 RC1 available through connect

https://connect.microsoft.com/site433/Downloads

Major changes as part of Update 3 (my regurgitation and comments from the release notes):

• Fewer trips to the FIM Service event log – since the FIM MA export errors will now show up in the Synchronization Service Manager! Hallelujah!
• Less need for custom old style code
  • Now more than 1 MA can be authoritative for deleting an object (resource)
  • New functions for Sync Rules (Declarative Provisioning) – I guess I will have to update my function cheatsheet
    • Null – not certain what they mean by this – null out the value or let another sync rule provide the value.
    • ReplaceString
• New type of MPR – Set Transition MPRs vs. request based MPRs
  • Run on Policy Update only applies to this type
  • All other MPRs are – request based MPRs
  • This should easy some of the difficulty in wrapping heads around MPRs.
• DBA’s will love these:
  • Backups without stopping the FIM Service and now supported!
  • SQL Failover Clusters are now supported! (I don’t know if this means that clustering the Synchronization Service is supported)
• Prereqs have changed
  • Server Components
    • Windows Installer 4.5 is required,
  • FIM Service requires SQL 2008 SP 1
  • The addin for Outlook now needs Outlook 2007 SP 2

Even the certificate management side got some improvements: Windows Server 2008 R2

Continue reading

FIM Hand on Labs

More Hands on Labs for Forefront Identity Manager will be coming up (similar to the one I did in Irvine, CA) – Phoenix April 7th and 8th and then Dallas sometime in May.

http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices

Continue reading

FIM RCDC explained in brief

In this post I attempt to give you the reader a quick overview of how the FIM RCDC works conceptually. As for the mechanics of modifying the RCDC the nearly complete but growing collection of documents downloadable from MSFT will suffice.

As you will recall FIM is the new abbreviation for ILM, since it has been renamed Forefront Identity Manager, and RCDC is the Resource Control Display Configuration formerly known as the Object Visualization Configuration (OVC). RCDC is the way you custom how FIM displays objects (now called resources) in the portal. Now for English: If you need to change the options and information users see in the FIM portal when they create new users, groups (security or distribution), or edit or view these resources you do it by modifying the RCDC. The RCDC is an XML object, and each resource type (user, group, request, etc) has three: Create, Edit and View. To get a handle on the terms take a look at the figure below:

Continue reading

Answering my FIM RC 1 question

Thanks to Darryl Russi for answering my questions in my earlier post An Update to FIM RC1 where I was asked about something I had read in the release notes:

Some of those items raise a few questions, like how to setup a FIM service that only takes requests from the sync service? Do we setup multiple FIM Service instances and then configure the FIM MA to talk to one of them, and not make that one available to web clients?

Continue reading

Identity Synchronization FIM 2010 HOL Irvine California

I will be at the Microsoft Technical Center in Irvine on Dec 1 and 2 presenting this HOL with Marvin Tansley of Gemalto.

Identity Synchronization – Hands on Training

Date: December 1-2, 2009

Location:   3 Park Plaza, Suite 1800   Irvine, CA  92614     949-263-3000

Microsoft, Gemalto and Ensynch invite you to a free 2-day training seminar and hands-on-lab on Microsoft’s Forefront Lifecycle Manager (FIM 2010).

Come and learn how FIM 2010 can help you by delivering simplicity, agility and efficiency while increasing security and compliance within your enterprise identity infrastructure.

Continue reading