Exception from HRESULT 0x80230729 creating a new FIM/MIM Management Agent

18th of July, 2016 / Darren Robinson / 3 Comments

Another day, another piece of FIM/MIM experimentation. I had built a fresh MIM 2016 environment in Azure to test a few scenarios out. That all went quick and seamlessly thanks to some great templates and a few scripts. Until I came to create the management agent (the purpose of today’s experimentation).

It didn’t matter if I tried to Create a New Management Agent or Import the Management Agent. I just got “Exception from HRESULT 0x80230729”. The common element however was that the Management Agent I was creating was based off a 3^rd party MA based on Microsoft’s Extensible Connectivity Management Agent (ECMA).… [Keep reading] “Exception from HRESULT 0x80230729 creating a new FIM/MIM Management Agent”

PowerShell error “Run Login-AzureRmAccount to login.” in AzureRM when already logged in

12th of July, 2016 / Darren Robinson / 5 Comments

Usually when I’m writing PowerShell scripts I do it from a development virtual machine with a known environment state. However, yesterday I was trying to do something simple and quick and was writing it on my everyday laptop.

My script was using Windows Management Framework 5.0 and I was creating a new burn environment in AzureRM. I was authenticated and could query and enumerate most of my AzureRM environment, however I was getting erroneous responses on some cmdlets and was unable to create a new resource group.… [Keep reading] “PowerShell error “Run Login-AzureRmAccount to login.” in AzureRM when already logged in”

Consuming CSV files from an Exchange Mailbox via Exchange Web Services and FIM/MIM 2016 using the Granfeldt PowerShell MA

30th of March, 2016 / Darren Robinson / No Comments

This solution on first look is quite random. A management agent that consumes a flat file (comma separated file) isn’t ground breaking, but when the twist is that the CSV file is in an email in an Exchange Inbox, it’s quite a different scenario.

Background

My customer uses a Cloud Service for their recruitment processes. The cloud service does have a SOAP API that I could potentially develop a FIM/MIM solution for using the Microsoft Web Services Management Agent, however my customer does not have API access to their tenant, the vendor isn’t overly responsive and I need a solution in days not weeks.… [Keep reading] “Consuming CSV files from an Exchange Mailbox via Exchange Web Services and FIM/MIM 2016 using the Granfeldt PowerShell MA”

Managing SharePoint Online (SPO) User Profiles with FIM/MIM 2016 and the Granfeldt PowerShell MA

22nd of March, 2016 / Darren Robinson / 5 Comments

Forefront / Microsoft Identity Manager does not come with an out-of-the-box management agent for managing SharePoint Online.

Whilst the DirSync/AADConnect solution will allow you to synchronise attributes from your On Premise Active Directory to AzureAD, SharePoint only leverages a handful of them. It then has its own set of attributes that it leverages. Many are similarly named to the standard Azure AD attributes but with the SPS- prefix.

For example, here is a list of SPO attributes and a couple of references to associated Azure AD attributes;

UserProfile_GUID
SID
SPS-PhoneticFirstName
SPS-PhoneticLastName
SPS-PhoneticDisplayName
SPS-JobTitle
SPS-Department
AboutMe
PersonalSpace
PictureURL
UserName
QuickLinks
WebSite
PublicSiteRedirect
SPS-Dotted-line
SPS-Peers
SPS-Responsibility
SPS-SipAddress
SPS-MySiteUpgrade
SPS-ProxyAddresses
SPS-HireDate
SPS-DisplayOrder
SPS-ClaimID
SPS-ClaimProviderID
SPS-ClaimProviderType
SPS-SavedAccountName
SPS-SavedSID
SPS-ResourceSID
SPS-ResourceAccountName
SPS-ObjectExists
SPS-MasterAccountName
SPS-PersonalSiteCapabilities
SPS-UserPrincipalName
SPS-O15FirstRunExperience
SPS-PersonalSiteInstantiationState
SPS-PersonalSiteFirstCreationTime
SPS-PersonalSiteLastCreationTime
SPS-PersonalSiteNumberOfRetries
SPS-PersonalSiteFirstCreationError
SPS-DistinguishedName
SPS-SourceObjectDN
SPS-FeedIdentifier
SPS-Location
Certifications
SPS-Skills
SPS-PastProjects
SPS-School
SPS-Birthday
SPS-Interests
SPS-StatusNotes
SPS-HashTags
SPS-PictureTimestamp
SPS-PicturePlaceholderState
SPS-PrivacyPeople
SPS-PrivacyActivity
SPS-PictureExchangeSyncState
SPS-TimeZone
SPS-EmailOptin
OfficeGraphEnabled
SPS-UserType
SPS-HideFromAddressLists
SPS-RecipientTypeDetails
DelveFlags
msOnline-ObjectId
SPS-PointPublishingUrl
SPS-TenantInstanceId

My customer has AADConnect in place that is synchronising their On Premise AD to Office 365.… [Keep reading] “Managing SharePoint Online (SPO) User Profiles with FIM/MIM 2016 and the Granfeldt PowerShell MA”

HRESULT: 0x8023063D when attempting to run multiple Sync Run Profiles in MIM/FIM after applying rollup build 4.3.2124.0

15th of March, 2016 / Darren Robinson / 6 Comments

A new hotfix rollup was released on the 11^th of March Microsoft Identity Manager contains a number of fixes and some new functionality.

It appears that it also contains a new bug. Information about this came to my attention from Ryan Newington

The bug kicks in if you’re trying to run sync sequences on multiple MA’s simultaneously. It throws the error; “Unable to run the management agent.” Exception from HRESULT: 0x8023063D

The screenshot below shows the error when attempting to run a Full Synchronization on an MA when another MA is already running a Full Synchronization.… [Keep reading] “HRESULT: 0x8023063D when attempting to run multiple Sync Run Profiles in MIM/FIM after applying rollup build 4.3.2124.0”

Creating Microsoft Identity Manger (MIM) Run Profiles using PowerShell (post MIM rollup build 4.3.2124.0)

15th of March, 2016 / Darren Robinson / 2 Comments

A new hotfix rollup was released on the 11^th of March for Microsoft Identity Manager that contains a number of fixes and some new functionality.

One new feature according to the release notes is a new cmdlet Add-MIISADMARunProfileStep

This cmdlet allows the creation of MIM Synchronisation Management Agent Run Profiles using PowerShell.

From the MS Documentation

Add-MIISADMARunProfileStep -MAName ‘AD_MA’ -Partition ‘DC=CONTOSO,DC=COM’ -StepType ‘FI’ -ProfileName ‘ADMA_FULLIMPORT’

Possible values of the StepType parameter (short form or long one can be used):
“FI”, “FULL IMPORT”
“FS”, “FULL SYNCHRONIZATION”
“FIFS”, “FULL IMPORT AND FULL SYNCHRONIZATION”
“FIDS”, “FULL IMPORT AND DELTA SYNCHRONIZATION”
“DI”, “DELTA IMPORT”
“DS”, “DELTA SYNCHRONIZATION”
“DIDS”, “DELTA IMPORT AND DELTA SYNCHRONIZATION”
“EXP”,”EXPORT”

The neat feature of this cmdlet is that it will create the Run Profile if it doesn’t exist.… [Keep reading] “Creating Microsoft Identity Manger (MIM) Run Profiles using PowerShell (post MIM rollup build 4.3.2124.0)”

Automating the simultaneous deployment of AzureRM Virtual Machines for a development environment

22nd of February, 2016 / Darren Robinson / 14 Comments

This post is details my method for automating the creation of AzureRM virtual machines for use in a development environment. I’m using this process to quickly standup an environment for testing configurations on.

In summary this process;

parallel creation of the AzureRM Virtual Machines
All machines have the same configuration
- NIC, Disks etc
All machines are created in a new Resource Group, with associated Virtual Network

Simultaneous Creating the AzureRM Virtual Machines for MIM 2016

For my MIM 2016 Lab I’m going to create 5 Virtual Machines.… [Keep reading] “Automating the simultaneous deployment of AzureRM Virtual Machines for a development environment”

Simultaneously Start|Stop all Azure Resource Manager Virtual Machines in a Resource Group

10th of February, 2016 / Darren Robinson / 13 Comments

Problem

How many times have you wanted to Start or Stop all Virtual Machines in an Azure Resource Group ? For me it seems to be quite often, especially for development environment resource groups. It’s not that difficult though. You can just enumerate the VM’s then cycle through them and call ‘Start-AzureRMVM’ or ‘Start-AzureRMVM’. However, the more VM’s you have, that approach running serially as PowerShell does means it can take quite some time to complete.… [Keep reading] “Simultaneously Start|Stop all Azure Resource Manager Virtual Machines in a Resource Group”

Dynamic Active Directory User Provisioning placement (OU) using the Granfeldt Powershell Management Agent

3rd of February, 2016 / Darren Robinson / No Comments

When using Forefront / Microsoft Identity Manager for provisioning users into Active Directory, determining which organisational unit (OU) to place the user in varies from customer to customer. Some AD OU structures are flat, others hierarchical based on business, departmental, functional role or geography. Basically every implementation I’ve done has been different.

That said the most recent implementation I’ve done is for an organisation that is growing and as such the existing structure is in flux and based on differing logic depending on who you talk to.… [Keep reading] “Dynamic Active Directory User Provisioning placement (OU) using the Granfeldt Powershell Management Agent”

Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent

2nd of February, 2016 / Darren Robinson / No Comments

Forefront / Microsoft Identity Manager contains numerous Management Agents (MA’s) out of the box. However an MA for managing AD Terminal Services user configuration isn’t one of them. And at first pass you’d think you could just manipulate a few attributes in AD on an AD MA like you do for home directories (aside from creating the file and permissions on the filesystem) and you’d be done. Don’t worry, I made that wrong assumption too.

Overview

In this blog post I’ll document how you can enable Active Directory users with the necessary attributes and file system elements utilising Søren Granfeldt’s extremely versatile PowerShell Management Agent.… [Keep reading] “Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent”