Implementing Azure API Management with the Lithnet Microsoft Identity Manager Rest API

30th of May, 2018 / / No Comments

Introduction

Earlier this week I wrote this post that detailed implementing the Lithnet REST API for FIM/MIM Service. I also detailed using PowerShell to interact with the API Endpoint.
Now lets imagine you are looking to have a number of Azure Serverless features leverage your Rest API enabled Microsoft Identity Manager environment. Or even offer it “as-a-Service”. You’ll want to have some visibility as to how it is performing, and you’ll probably want to implement features such as caching and rate limiting let alone putting more security controls around it.… [Keep reading] “Implementing Azure API Management with the Lithnet Microsoft Identity Manager Rest API”

Getting started with the Lithnet REST API for the Microsoft Identity Manager Service

29th of May, 2018 / / No Comments

Introduction

A common theme with my posts on Microsoft Identity is the extensibility of it particularly with the Lithnet tools that Ryan has released.
One such tool that I’ve used but never written about is the Lithnet REST API for the Microsoft Identity Manger Service. For a small proof of concept I’m working on I was again using this REST API and I needed to update it as Ryan has recently added some new functionality. I realised I hadn’t set it up in a while and while Ryan’s documentation is very good it was written some time ago when IIS Manager looked a little different.… [Keep reading] “Getting started with the Lithnet REST API for the Microsoft Identity Manager Service”

How to use the FIM/MIM Azure Graph Management Agent for B2B Member/Guest Sync between Azure Tenants

26th of April, 2018 / / 4 Comments

Introduction

UPDATE: August 2018
As promised below I've finally written up my 
Azure AD B2B Invitation Management Agent. 
You can find it in this post here.

UPDATE: June 2018
When I originally wrote this post the intent was to test
the ability of the Graph MA to export to Azure AD. 
That works.

That then extended to messing with an identity type other 
than member (which works to an extent) but I detailed 
guests. However that is incomplete.
[Keep reading] “How to use the FIM/MIM Azure Graph Management Agent for B2B Member/Guest Sync between Azure Tenants”

Using Microsoft Identity Manager Synchronisation Server's Global Address List Synchronisation feature to create a shared global address book across three Exchange Forests

11th of March, 2018 / / 3 Comments

First published at https://nivleshc.wordpress.com

Introduction

Over the life of a company, there can be many acquisitions and mergers. During such events, the parent and the newly acquired entities have their IT “merged”. This allows for the removal of redundant systems and the reduction of expenses. It also fosters collaboration between the two entities. Unfortunately, the marriage of the two IT systems, can at times, take a long time.
To enable a more collaborative space between the parent and the newly acquired company, a shared “global address book” can be created, which will allow employees to quickly look up each others contact details easily.… [Keep reading] “Using Microsoft Identity Manager Synchronisation Server's Global Address List Synchronisation feature to create a shared global address book across three Exchange Forests”

Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned

22nd of February, 2018 / / No Comments

Background

In August 2017 Troy Hunted released a sizeable list of Pwned Passwords. 320 Million in fact.
I subsequently wrote this post on Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager which called the API and sets a boolean attribute in the MIM Service that could be used with business logic to force users with accounts that have compromised passwords to change their password on next logon.
Whilst that was a proof of concept/discussion point of sorts AND  I had a disclaimer about sending passwords across the internet to a third-party service there was a lot of momentum around the HIBP API and I developed a solution and wrote this update to check the passwords locally.… [Keep reading] “Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned”

Using MIMWAL to mass update users

20th of February, 2018 / / 1 Comment

The generalised Workflow Activity Library for Microsoft Identity Manager (MIMWAL) is not particularly new, but I’m regularly finding new ways of using it.
TL;DR: [//Queries/Key/Attribute] can be used as a target to update multiple accounts at once
Working from colleague Michael’s previous post Introduction to MIM Advanced Workflows with MIMWAL (Update Resource workflow section), user accounts can be populated with location details when a location code is set or updated.
But, consider the question: what happens when the source location object is updated with new details, without moving the user between locations?[Keep reading] “Using MIMWAL to mass update users”

Automating the generation of Microsoft Identity Manager Configuration Documentation

10th of January, 2018 / / No Comments

Introduction

Last year Microsoft released the Microsoft Identity Manager Configuration Documenter which is available here. It is a fantastic little tool from Microsoft that supersedes its predecessor from the Microsoft Identity Manager 2003 Resource Toolkit (which only documented the Sync Server Configuration).
Running the tool (a PowerShell Module) against a base out-of-the-box reference configuration for FIM/MIM Servers reconciled against an exported configuration from the MIM Sync and Service Servers from an implementation, generates an HTML Report document that details the existing configuration of the MIM Service and MIM Sync.… [Keep reading] “Automating the generation of Microsoft Identity Manager Configuration Documentation”

Provisioning Hybrid Exchange/Exchange Online Mailboxes with Microsoft Identity Manager

19th of December, 2017 / / 3 Comments

Introduction

Working for Kloud all our projects involve Cloud services, and all our customers have varying and unique requirements. Recently one of our customers embarked on their migration from On-Premise Exchange to Exchange Online. Nothing really groundbreaking there though, however they had a number of unique requirements including management of Litigation Hold. And that needed to be integrated with their existing Microsoft Identity Manager implementation (that currently provisions new users to their Exchange 2013 environment). They also required that management of the Exchange environment still be possible via the Exchange Management Console against a local Exchange server.… [Keep reading] “Provisioning Hybrid Exchange/Exchange Online Mailboxes with Microsoft Identity Manager”

Geographically Visualizing your workforce using Microsoft Identity Manager, xMatters and Power BI

30th of November, 2017 / / No Comments

Introduction

In the last couple of weeks I’ve posted about visualizing relationships of data from Microsoft Identity Manager using Power BI. Earlier this week I posted about building a Management Agent for Microsoft Identity Manger to integrate with xMatters.
In this post I combine data from the last two in order to allow us to visualise the geographic office locations for an organisation and then summary data about it (how many employees are located there, and what departments).… [Keep reading] “Geographically Visualizing your workforce using Microsoft Identity Manager, xMatters and Power BI”

Building a FIM/MIM Management Agent for xMatters

28th of November, 2017 / / No Comments

Introduction

A couple of weeks ago one of my customers had a requirement to provision and manage identities into xMatters. The xMatters API Documentation looked straight-forward and I figured it would be pretty quick to knock up an PowerShell Management Agent.
The identification of users (People) in xMatters was indeed pretty quick. I was quickly able to enumerate all users (that had initially been seeded independent of FIM/MIM) and join them to corresponding users in the MetaVerse.… [Keep reading] “Building a FIM/MIM Management Agent for xMatters”