How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports

17th of February, 2017 / Darren Robinson / No Comments

Introduction

I’ve been working on a project where I must have visibility of a large number of Azure AD Groups into Microsoft Identity Manager.
In order to make this efficient I need to use the Differential Query function of the AzureAD Graph API. I’ve detailed that before in this post How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries. Due to the number of groups and the number of members in the Azure AD Groups I needed to implement Paged Imports on my favourite PowerShell Management Agent (Granfeldt PowerShell MA).… [Keep reading] “How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports”

An Azure Timer Function App to retrieve files via FTP and Remote PowerShell

13th of February, 2017 / Darren Robinson / 4 Comments

Introduction

In an age of Web Services and API’s it’s an almost a forgotten world where FTP Servers exist. However most recently I’ve had to travel back in time and interact with a FTP server to get a set of files that are produced by other systems on a daily basis. These files are needed for some flat-file imports into Microsoft Identity Manager.
Getting files off a FTP server is pretty simple. But needing to do it across a number of different environments (Development, Staging and Production) meant I was looking for an easy approach that I could also replicate quickly across multiple environments.… [Keep reading] “An Azure Timer Function App to retrieve files via FTP and Remote PowerShell”

Monitor SharePoint Changelog in Azure Function

10th of February, 2017 / Bruce Albany / No Comments

Azure Functions have officially reached ‘hammer’ status

I’ve been enjoying the ease with which we can now respond to events in SharePoint and perform automation tasks, thanks to the magic of Azure Functions. So many nails, so little time!
The seminal blog post that started so many of us on that road, was of course John Liu’s Build your PnP Site Provisioning with PowerShell in Azure Functions and run it from Flow and that pattern is fantastic for many event-driven scenarios.… [Keep reading] “Monitor SharePoint Changelog in Azure Function”

Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration

31st of January, 2017 / Darren Robinson / 6 Comments

Last week in a customer development environment I had one of those oh shit moments where I thought I’d lost a couple of weeks of work. A couple of weeks of development around multiple Management Agents, MV Schema changes etc. Luckily for me I was just connecting to an older VM Image, but it got me thinking. It would be nice to have an automated process that each night would;

Export each Management Agent on a FIM/MIM Sync Server
Export the FIM/MIM Synchronisation Server Configuration
Take a copy of the Extensions Folder (where I keep my PowerShell Management Agents scripts)
Export the FIM/MIM Service Server Configuration

And that is what this post covers.… [Keep reading] “Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration”

How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent

28th of January, 2017 / Darren Robinson / No Comments

Introduction

In the last 12 months I’ve lost count of the number of PowerShell Management Agents I’ve written to integrate Microsoft Identity Manager with a plethora of environments. The majority though have not been of huge scale (<50k objects) and the import of the managed entities into the Connector Space/Metaverse runs through pretty timely.
However this week I’ve been working on a AzureAD Groups PS MA for an environment with 40k+ groups. That in itself isn’t that large, but when you start processing Group Memberships as well, the Import process can take an hour for a Full Sync.… [Keep reading] “How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent”

WAP (2012 R2) Migration to WAP (2016)

25th of January, 2017 / Peter Aram / No Comments

In Part 1, and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In part 3 we have discussed the integration of Azure MFA with ADFS 2016, and in this post (technically part 4) we will cover the migration or better yet upgrade WAP 2012 R2 to WAP 2016.
Again, this blog assumes you already have installed the Web Application Proxy feature while adding the Remote Access role.… [Keep reading] “WAP (2012 R2) Migration to WAP (2016)”

How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries

25th of January, 2017 / Darren Robinson / No Comments

Introduction

In August 2016 I wrote this post on how to use PowerShell to leverage the Microsoft GraphAPI and use Differential Queries. The premise behind that post was I required a Microsoft Identity Manager Management Agent to synchronize identity information from AzureAD into Microsoft Identity Manager. However the environment it was intended for has a large AzureAD implementation and performing a Full Sync every-time is just to time consuming. Even more so with this limitation that still exists today in MIM 2016 with SP1.… [Keep reading] “How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration

24th of January, 2017 / Peter Aram / No Comments

In Part 1 and Part 2 of this series we have covered the migration from ADFS v3 to ADFS 2016. In this series we will continue our venture in configuring Azure MFA in ADFS 2016.
Azure MFA – What is it about?
It is a bit confusing when we mention that we need to enable Azure MFA on ADFS. Technically, this method is actually integrating Azure MFA with ADFS. MFA itself is authenticating on Azure AD, however, ADFS is prompting you enter an MFA code which will be verified with the Azure AD to sign you in.… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 3 – Azure MFA Integration”

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 2

23rd of January, 2017 / Peter Aram / 17 Comments

In Part 1 of this series we have been getting ready for our ADFS v3.0 migration to ADFS v4.0 (ADFS 2016).
In part 2 we will cover the migration process, step-by-step. However, a friendly reminder that this series does not cover installation of ADFS and federation from scratch. This post assumes you already have a federated domain and Single Sign On (SSO) for your applications.

You may notice domain change and federation service name change from swayit.com.au

… [Keep reading]

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1

20th of January, 2017 / Peter Aram / 2 Comments

Introduction
With the release of Windows Server 2016, Microsoft has introduced new and improved features. One of those features is ADFS 4.0, better known as ADFS 2016.
Organisations have already started leveraging ADFS 2016 as it covers most of their requirement, specially in terms of security.
In this series of blog posts, I will demonstrate how you can upgrade from ADFS v 3.0 (Running Windows Server 2012 R2) to ADFS 2016 (Running Windows Server 2016 Datacenter).… [Keep reading] “ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) – Part 1”