Filtering images across a custom FIM / MIM ECMA import MA

22nd of August, 2016 / Michael Pearn / No Comments

A recent customer had a special request when I was designing and coding a new ECMA 2.2 based Management Agent (MA) or “Connector” for Microsoft Forefront Identity Manager (FIM).

(On a sidenote: FIM’s latest release is now Microsoft Identity Manager or “MIM”, but my customer hadn’t upgraded to the latest version).

Kloud previously were engaged to write a new ECMA based MA for Gallagher 7.5 (a door security card system) to facilitate the provisioning of access and removal of access tied to an HR system.… [Keep reading] “Filtering images across a custom FIM / MIM ECMA import MA”

A Twitter Management Agent for Microsoft Identity Manager

5th of August, 2016 / Darren Robinson / 1 Comment

In the last couple of weeks I’ve been evaluating a number of different approaches/concepts for some upcoming MIM development projects. Some of these I’ve blogged about already.

Having an Identity Manager Metaverse with identity data is a key dependency to being able to validate ideas and concepts. So what’s a good source of some interesting and varied identity data with string, integer, reference, and boolean attributes? Twitter? Yeah why not. There’s an API. Should be pretty quick to get some sample data right?… [Keep reading] “A Twitter Management Agent for Microsoft Identity Manager”

Simple reporting from the FIM/MIM Metaverse to PowerBI using the Lithnet FIM/MIM Sync Service PowerShell Module

28th of July, 2016 / Darren Robinson / 9 Comments

I have a customer that is looking to report on FIM/MIM identity information. The reports they are looking for aren’t overly complex and don’t necessarily justify the need the full FIM/MIM reporting infrastructure. So I spent a few hours over a couple of days looking at alternatives. In this blog post I give an overview of using the awesome Lithnet FIM/MIM Sync Service PowerShell Module recently released from Ryan Newington to do basic reporting on the Microsoft (Forefront) Identity Manager Metaverse into PowerBI.… [Keep reading] “Simple reporting from the FIM/MIM Metaverse to PowerBI using the Lithnet FIM/MIM Sync Service PowerShell Module”

Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API

26th of July, 2016 / Darren Robinson / No Comments

Update: April 13 2017. 
See this post for adapting to changes in the AzureAD 
PowerShell Module Helper Libraries

Recently Microsoft released the preview of the v2.0 Azure AD PowerShell cmdlets. https://azure.microsoft.com/en-us/updates/azure-ad-new-powershell-cmdlets-preview/

I’ve got a project coming up where I’m looking to change my approach for managing users in Azure using Microsoft Identity Manager. Good timing to do a quick proof of concept to manage users with the new cmdlets and directly using the Graph API in preparation to move away from the msol cmdlets.… [Keep reading] “Goodbye Set-MsolUser, Hello Set-AzureADUser & Azure Graph API”

Exception from HRESULT 0x80230729 creating a new FIM/MIM Management Agent

18th of July, 2016 / Darren Robinson / 3 Comments

Another day, another piece of FIM/MIM experimentation. I had built a fresh MIM 2016 environment in Azure to test a few scenarios out. That all went quick and seamlessly thanks to some great templates and a few scripts. Until I came to create the management agent (the purpose of today’s experimentation).

It didn’t matter if I tried to Create a New Management Agent or Import the Management Agent. I just got “Exception from HRESULT 0x80230729”. The common element however was that the Management Agent I was creating was based off a 3^rd party MA based on Microsoft’s Extensible Connectivity Management Agent (ECMA).… [Keep reading] “Exception from HRESULT 0x80230729 creating a new FIM/MIM Management Agent”

Managing SPO User Profiles with FIM/MIM and the Microsoft PowerShell Connector

23rd of June, 2016 / Dan Thom / 5 Comments

Back in March, my colleague Darren Robinson published this post which nicely explains how to use Søren Granfeldt’s FIM/MIM PowerShell MA to manage SharePoint Online profiles. While Darren’s post covers everything you need to connect to SPO and manage user profiles via FIM/MIM, some of your clients may prefer to use the Microsoft equivalent for reasons of perceived support and product quality. This post will cover off what is required to get the Connector up and running.… [Keep reading] “Managing SPO User Profiles with FIM/MIM and the Microsoft PowerShell Connector”

Consuming CSV files from an Exchange Mailbox via Exchange Web Services and FIM/MIM 2016 using the Granfeldt PowerShell MA

30th of March, 2016 / Darren Robinson / No Comments

This solution on first look is quite random. A management agent that consumes a flat file (comma separated file) isn’t ground breaking, but when the twist is that the CSV file is in an email in an Exchange Inbox, it’s quite a different scenario.

Background

My customer uses a Cloud Service for their recruitment processes. The cloud service does have a SOAP API that I could potentially develop a FIM/MIM solution for using the Microsoft Web Services Management Agent, however my customer does not have API access to their tenant, the vendor isn’t overly responsive and I need a solution in days not weeks.… [Keep reading] “Consuming CSV files from an Exchange Mailbox via Exchange Web Services and FIM/MIM 2016 using the Granfeldt PowerShell MA”

Managing SharePoint Online (SPO) User Profiles with FIM/MIM 2016 and the Granfeldt PowerShell MA

22nd of March, 2016 / Darren Robinson / 5 Comments

Forefront / Microsoft Identity Manager does not come with an out-of-the-box management agent for managing SharePoint Online.

Whilst the DirSync/AADConnect solution will allow you to synchronise attributes from your On Premise Active Directory to AzureAD, SharePoint only leverages a handful of them. It then has its own set of attributes that it leverages. Many are similarly named to the standard Azure AD attributes but with the SPS- prefix.

For example, here is a list of SPO attributes and a couple of references to associated Azure AD attributes;

UserProfile_GUID
SID
SPS-PhoneticFirstName
SPS-PhoneticLastName
SPS-PhoneticDisplayName
SPS-JobTitle
SPS-Department
AboutMe
PersonalSpace
PictureURL
UserName
QuickLinks
WebSite
PublicSiteRedirect
SPS-Dotted-line
SPS-Peers
SPS-Responsibility
SPS-SipAddress
SPS-MySiteUpgrade
SPS-ProxyAddresses
SPS-HireDate
SPS-DisplayOrder
SPS-ClaimID
SPS-ClaimProviderID
SPS-ClaimProviderType
SPS-SavedAccountName
SPS-SavedSID
SPS-ResourceSID
SPS-ResourceAccountName
SPS-ObjectExists
SPS-MasterAccountName
SPS-PersonalSiteCapabilities
SPS-UserPrincipalName
SPS-O15FirstRunExperience
SPS-PersonalSiteInstantiationState
SPS-PersonalSiteFirstCreationTime
SPS-PersonalSiteLastCreationTime
SPS-PersonalSiteNumberOfRetries
SPS-PersonalSiteFirstCreationError
SPS-DistinguishedName
SPS-SourceObjectDN
SPS-FeedIdentifier
SPS-Location
Certifications
SPS-Skills
SPS-PastProjects
SPS-School
SPS-Birthday
SPS-Interests
SPS-StatusNotes
SPS-HashTags
SPS-PictureTimestamp
SPS-PicturePlaceholderState
SPS-PrivacyPeople
SPS-PrivacyActivity
SPS-PictureExchangeSyncState
SPS-TimeZone
SPS-EmailOptin
OfficeGraphEnabled
SPS-UserType
SPS-HideFromAddressLists
SPS-RecipientTypeDetails
DelveFlags
msOnline-ObjectId
SPS-PointPublishingUrl
SPS-TenantInstanceId

My customer has AADConnect in place that is synchronising their On Premise AD to Office 365.… [Keep reading] “Managing SharePoint Online (SPO) User Profiles with FIM/MIM 2016 and the Granfeldt PowerShell MA”

HRESULT: 0x8023063D when attempting to run multiple Sync Run Profiles in MIM/FIM after applying rollup build 4.3.2124.0

15th of March, 2016 / Darren Robinson / 6 Comments

A new hotfix rollup was released on the 11^th of March Microsoft Identity Manager contains a number of fixes and some new functionality.

It appears that it also contains a new bug. Information about this came to my attention from Ryan Newington

The bug kicks in if you’re trying to run sync sequences on multiple MA’s simultaneously. It throws the error; “Unable to run the management agent.” Exception from HRESULT: 0x8023063D

The screenshot below shows the error when attempting to run a Full Synchronization on an MA when another MA is already running a Full Synchronization.… [Keep reading] “HRESULT: 0x8023063D when attempting to run multiple Sync Run Profiles in MIM/FIM after applying rollup build 4.3.2124.0”

Creating Microsoft Identity Manger (MIM) Run Profiles using PowerShell (post MIM rollup build 4.3.2124.0)

15th of March, 2016 / Darren Robinson / 2 Comments

A new hotfix rollup was released on the 11^th of March for Microsoft Identity Manager that contains a number of fixes and some new functionality.

One new feature according to the release notes is a new cmdlet Add-MIISADMARunProfileStep

This cmdlet allows the creation of MIM Synchronisation Management Agent Run Profiles using PowerShell.

From the MS Documentation

Add-MIISADMARunProfileStep -MAName ‘AD_MA’ -Partition ‘DC=CONTOSO,DC=COM’ -StepType ‘FI’ -ProfileName ‘ADMA_FULLIMPORT’

Possible values of the StepType parameter (short form or long one can be used):
“FI”, “FULL IMPORT”
“FS”, “FULL SYNCHRONIZATION”
“FIFS”, “FULL IMPORT AND FULL SYNCHRONIZATION”
“FIDS”, “FULL IMPORT AND DELTA SYNCHRONIZATION”
“DI”, “DELTA IMPORT”
“DS”, “DELTA SYNCHRONIZATION”
“DIDS”, “DELTA IMPORT AND DELTA SYNCHRONIZATION”
“EXP”,”EXPORT”

The neat feature of this cmdlet is that it will create the Run Profile if it doesn’t exist.… [Keep reading] “Creating Microsoft Identity Manger (MIM) Run Profiles using PowerShell (post MIM rollup build 4.3.2124.0)”