Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 3

11th of August, 2017 / / No Comments

Introduction

As the title suggests this is Part 3, and the final part in a three-part post on configuring FIM/MIM to synchronise users passwords from AD to the Domino ID Vault via PCNS and FIM/MIM.
Part 1 here detailed the creation of a PowerShell Management Agent to join users from Domino to the MIM Sync Metaverse.
Part 2 here detailed the creation and configuration of the Domino Agents to receive password changes via the PS MA into the ID Vault.… [Keep reading] “Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 3”

UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager

10th of August, 2017 / / No Comments

Earlier this week I posted this blog post that showed a working example of using a custom Pwned Password FIM/MIM Management Agent to flag a boolean attribute in the MIM Service to indicate whether a users password is in the pwned password dataset or not. If you haven’t read that post this won’t make a lot of sense, so read that then come back.
The solution when receiving a new password for a user (via Microsoft Password Change Notification Service) was checking against the Have I Been Pwned API.… [Keep reading] “UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager”

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 2

10th of August, 2017 / / No Comments

Introduction

As the title suggests this is Part 2 of a three-part post on configuring FIM/MIM to synchronise users passwords from AD to the Domino ID Vault via PCNS and FIM/MIM.
Part 1 here detailed the creation of a PowerShell Management Agent to join users from Domino to the MIM Sync Metaverse.
This post details the creation and configuration of the Domino Agents to receive password changes via the PS MA into the ID Vault.
Part 3 here  details calling the Domino Agents on password sync events (from PCNS via MIM)

Creating a New Domino Application

As mentioned above and in Part 1 we need to create Domino Agents to process password change events into the ID Vault.… [Keep reading] “Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 2”

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 1

9th of August, 2017 / / No Comments

Introduction

Recently I wrote about getting started with the latest IBM/Lotus Notes/Domino Management Agent for Microsoft Identity Manager. In a recent engagement we are using that MA to provision and manage identities into Domino. We are also using the MA to synchronise passwords via PCNS and MIM to the Notes users’ Internet (HTTP) password.
What you may or may not be aware of is that IBM introduced a new feature with Domino 8.5 called the ID Vault.… [Keep reading] “Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 1”

Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager

8th of August, 2017 / / No Comments

Update: An element of this solution details checking passwords online (using the Have I Been Pwned API). Troy explains succinctly in his blog-post announcing the pwned passwords list why this is a bad idea. If you are looking to implement the concept I detail in this post then WE STRONGLY recommend using a local copy of the pwned password list.
THIS POST HERE details using a local SQL Database to hold the Pwned Passwords Datasets and the change to the Management Agent to query the SQL DB instead of the HIBP API.  [Keep reading] “Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager”

Error Synchronising passwords to users IBM/Lotus Domino HTTP Password with FIM/MIM – System.NotImplementedException: The method or operation is not implemented

4th of August, 2017 / / No Comments

Recently I posted about implementing the Microsoft IBM/Lotus Domino Management Agent.
In the implementation I needed to synchronise password changes from Active Directory to Lotus Notes (HTTP Password).  After configuring PCNS to send password change events to the FIM/MIM server, and configuring the IBM Domino MA as a password target I was hoping everything would just fire up like it normally does with PCNS.
However on a “password change event” I encountered the following error in the FIM/MIM Event Log.… [Keep reading] “Error Synchronising passwords to users IBM/Lotus Domino HTTP Password with FIM/MIM – System.NotImplementedException: The method or operation is not implemented”

Enabling and Scripting Azure Virtual Machine Just-In-Time Access

24th of July, 2017 / / No Comments

Last week (19 July 2017) one of Microsoft’s Azure Security Center’s latest features went from Private Preview to Public Preview. The feature is Azure Just in time Virtual Machine Access.

What is Just in time Virtual Machine access ?

Essentially JIT VM Access is a wrapper for automating an Azure Network Security Group rule set for access to an Azure VM(s) for a temporal period on a set of network ports restricted to a source IP/Network.… [Keep reading] “Enabling and Scripting Azure Virtual Machine Just-In-Time Access”

Resolving Microsoft Identity Manager "sync-rule-validation-parsing-error" error

18th of July, 2017 / / 2 Comments

A couple of weeks back I inherited a Microsoft Identity Manager development environment that wasn’t quite complete. When I performed a sync on a user object I got the following error;  sync-rule-validation-parsing-error

Looking into the error for further details, Details and Stack Trace were both greyed out as shown below.

I looked at the object being exported on the MA and the awaiting export details and found slightly different information. The error was CS to MV to CS synchronization failed 0x8023055a 
Still not a lot to go on.… [Keep reading] “Resolving Microsoft Identity Manager "sync-rule-validation-parsing-error" error”

Getting started with Azure Cloud Shell

16th of July, 2017 / / 2 Comments

A few weeks back I noticed that I now had the option for the Azure Cloud Shell in the Azure Portal.

What is Azure Cloud Shell?

Essentially rather than having the Azure CLI installed on your local workstation, you can now initiate it from the Portal and you have automatically assigned (initiated as part of the setup) 5Gbytes of storage associated with it. So you can now create, manage and delete Azure resources using a centrally hosted CLI session.… [Keep reading] “Getting started with Azure Cloud Shell”

Getting started with Ubuntu on Windows (Windows Subsystem for Linux)

5th of July, 2017 / / No Comments

This week I was building in Azure a Linux Server (Ubuntu 14). I’d deployed my new Ubuntu Server and I went to connect to it. But I was on a brand new laptop. No tools with SSH installed. Damn. As I was about to go and get my usual windows favorite SSH tools I remembered a session of Build 2017 and Microsoft starting to talk more loudly about Windows Subsystem for Linux. Yes, Ubuntu on Windows, with SUSE and Fedora coming soon.… [Keep reading] “Getting started with Ubuntu on Windows (Windows Subsystem for Linux)”