FIM – Page 12 – Kloud Blog

Sending SMS Through PowerShell with Telstra’s New API

12th of February, 2015 / Dan Thom / 5 Comments

The code detailed in this post won’t work anymore. If you’re looking for updated PowerShell to use with Telstra’s APIs, please check out this updated post.

Recently, Telstra released their first public API, which in true telco fashion leverages an existing product in their stable; SMS. The service allows anyone with a Telstra t.dev account (get one here) to get an API key which will allow you to send up to 100 messages per day, 1000 per month to Australian mobiles.… [Keep reading] “Sending SMS Through PowerShell with Telstra’s New API”

Using a Proxy with Azure AD Sync Services

19th of December, 2014 / David Ross / 3 Comments

In this blog I am going to cover some tips and tricks for using Azure AD Sync Services with a proxy… including the specific URLs required for whitelisting, the proxy settings used during the installation, configuration and running of the tool, and a workaround for apps that do not support authenticating proxies.

URL Whitelisting

It is generally recommended to whitelist all the Office 365 URLs to bypass proxy infrastructure as this provides the best performance and avoids issues with applications that are not compatible with an authenticating proxies (OneDrive for Business client installations, Exchange Hybrid services, Azure AD Sync Services and so on…).… [Keep reading] “Using a Proxy with Azure AD Sync Services”

AADSync – AD Service Account Delegated Permissions

18th of December, 2014 / Arran Peterson / 26 Comments

Note: This applies to Azure AD Connect, previously referred to as AAD Sync or DirSync.

***UPDATED (04/07/2016): Includes Exchange Hybrid Object ‘msDS-ExternalDirectoryObjectID’ for Exchange 2016 environments. Thanks Dave Young.

***UPDATED (29/10/2015): Included two lines for Password Write-back as per Chris Lehr Comment

When you configure Azure AD Sync (AADSync), you need to provide credentials of an account that is used by AADSync’s AD DS Management Agent to connect to your on-premises Active Directory. In previous versions of DirSync this was achieved via running the configuration wizard as a ‘Enterprise Admin’ and thus allowing the installer to create a service account and apply permissions to the Directory on your behalf.… [Keep reading] “AADSync – AD Service Account Delegated Permissions”

MIM and Privileged Access Management

26th of November, 2014 / Mark Southwell / 2 Comments

Recently Microsoft released Microsoft Identity Manager 2015 (MIM) Customer Technology Preview (CTP). Those expecting a major revision of the FIM product should brace themselves for disappointment. The MIM CTP is more like a service release of FIM. MIM CTP V4.3.1484.0 maintains the existing architecture of the FIM Portal (still integrated with SharePoint), FIM Service, and the FIM Synchronisation Service. Also maintained are the separate FIM Service and FIM Sync databases. Installation of the CTP is almost identical to FIM 2010 R2 SP1, including the same woes with SharePoint 2013 configuration.… [Keep reading] “MIM and Privileged Access Management”

The Next Version of Forefront Identity Manager Is Coming in 2015

18th of May, 2014 / Harris Schneiderman / No Comments

There has been a lot of speculation about the next version of Microsoft Forefront Identity Manager. For those who follow Microsoft’s product roadmaps, a number of Forefront products have been cancelled by Microsoft. Here is a brief list:

Forefront Protection 2010 for Exchange
Forefront Protection 2010 for SharePoint
Forefront Security 2010 for Office Communication Server
Forefront Threat Management Gateway 2010
Forefront Unified Access Gateway 2010

Other products in the Forefront family have been renamed and become a more integrated part of another product. … [Keep reading] “The Next Version of Forefront Identity Manager Is Coming in 2015”

DirSync and Distribution Group Self Service Management

6th of May, 2014 / Andy Walker / 2 Comments

If you’re an Office 365 Exchange Online customer and currently utilizing Directory Synchronization (DirSync) to synchronize between an on premise Active Directory and the Azure Active Directory you’ll be all too familiar with the limitations that are imposed around the management of distribution group membership. Namely an Exchange online user specified as the owner of a distribution group will not be able to manage the membership of that group through the standard Outlook Address Book interface as detailed here

In the background, if we think about this in relation to DirSync functionality, the group is being pushed from the on premise Active Directory to the Azure Active Directory in a one way sync.… [Keep reading] “DirSync and Distribution Group Self Service Management”

The FIM User Experience

27th of March, 2014 / Dan Thom / No Comments

A recent post by my colleague Jamie Skella “What UX Isn’t” started me thinking about how UX applies to FIM. Throughout my career as an Identity Management Consultant, I’ve seen projects reach a point in maturity where stakeholders are walked through the tasks an admin or user will perform in the portal, and the average eyebrow height in the room rises exponentially.

Those of us working with Microsoft’s identity products for a while, are used to seeing the glitz and glamour of the Sync Engine console, previously the only interface available with the product, so when the FIM Portal was introduced with FIM 2010, it gave a “user friendly” interface to work with.… [Keep reading] “The FIM User Experience”

FIM Case Study: Trying to achieve a 100% Declarative (or “Codeless”) Architecture

4th of October, 2013 / Michael Pearn / 4 Comments

When it comes to Microsoft’s Forefront Identity Manager (FIM), I sometimes run into ‘religious arguments’ with fellow FIM consultants about which way is the ‘correct’ or ‘right way’ to architect FIM to implement identity business rules into a brand new FIM architecture. Typically the argument comes about determining at the very start of a project about whether to base the FIM code base on ‘classical’ rules extensions using VB.NET or C# or try to use FIM R2’s Management Policy Rules (MPR), Sets, Sync.… [Keep reading] “FIM Case Study: Trying to achieve a 100% Declarative (or “Codeless”) Architecture”

Microsoft FIM: Working with Domino Connector v8

22nd of July, 2013 / Michael Pearn / 7 Comments

We don’t always work with all of the ‘latest’ or ‘bleeding edge’ software here at Kloud, and occasionally us Identity Management consultants have to delve into the past and use some knowledge once thought lost from the world. Okay, so it’s not that bad, but I did find myself having to work with IBM Domino Server version 8 and FIM R2’s ECMA based Lotus Domino Management Agent (or ‘Connector’ in the new language) for a bi-directional sync between Domino and Active Directory (Exchange, Lync etc.).… [Keep reading] “Microsoft FIM: Working with Domino Connector v8”

Office 365: To Federate or Not to Federate… that is the Question

5th of June, 2013 / Michael Pearn / 8 Comments

Yesterday, Microsoft released a new version of their ‘DirSync’ utility (http://technet.microsoft.com/en-us/library/dn246918.aspx) which up until yesterday provided a basic ‘copy’ of your local Active Directory accounts (Active Directory Domain Service or ‘AD DS’) from your premises to the MS Cloud directory (referred to as ‘Azure Active Directory’) for Office 365 (and other Cloud apps such as Team Foundation Service (TFS Online).

This blog is written for those considering moving to Office 365 (or have moved to Office 365) but haven’t identified any other application in the organisation apart from Office 365 that requires Active Directory Federation Services and SAML/WS.Federation… [Keep reading] “Office 365: To Federate or Not to Federate… that is the Question”