How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports

17th of February, 2017 / / No Comments

Introduction

I’ve been working on a project where I must have visibility of a large number of Azure AD Groups into Microsoft Identity Manager.
In order to make this efficient I need to use the Differential Query function of the AzureAD Graph API. I’ve detailed that before in this post How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries. Due to the number of groups and the number of members in the Azure AD Groups I needed to implement Paged Imports on my favourite PowerShell Management Agent (Granfeldt PowerShell MA).… [Keep reading] “How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports”

Introduction to MIM Advanced Workflows with MIMWAL

16th of February, 2017 / / 1 Comment

Introduction

Microsoft late last year introduced the ‘MIMWAL’, or to say it in full: (inhales) ‘Microsoft Identity Manager Workflow Activity Library’ – an open source project that extends the default workflows & functions that come with MIM.
Personally I’ve been using a version of MIMWAL for a number of years, as have my colleagues, in working on MIM projects with Microsoft Consulting.   This is the first time however it’s been available publicly to all MIM customers, so I thought it’d be a good idea to introduce how to source it, install it and work with it.… [Keep reading] “Introduction to MIM Advanced Workflows with MIMWAL”

Setting up your SP 2013 Web App for MIM SP1 & Kerberos SSO

3rd of February, 2017 / / No Comments

I confess: getting a Microsoft product based website working with Kerberos and Single Sign On (i.e. without authentication prompts from a domain joined workstation or server) feels somewhat of a ‘black art’ for me.
I’m generally ok with registering SPNs, SSLs, working with load balancing IPs etc, but when it comes to the final Internet Explorer test, and it fails and I see an NTLM style auth. prompt, it’s enough to send me into a deep rage (or depression or both).… [Keep reading] “Setting up your SP 2013 Web App for MIM SP1 & Kerberos SSO”

Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration

31st of January, 2017 / / 6 Comments

Last week in a customer development environment I had one of those oh shit moments where I thought I’d lost a couple of weeks of work. A couple of weeks of development around multiple Management Agents, MV Schema changes etc. Luckily for me I was just connecting to an older VM Image, but it got me thinking. It would be nice to have an automated process that each night would;

  • Export each Management Agent on a FIM/MIM Sync Server
  • Export the FIM/MIM Synchronisation Server Configuration
  • Take a copy of the Extensions Folder (where I keep my PowerShell Management Agents scripts)
  • Export the FIM/MIM Service Server Configuration

And that is what this post covers.… [Keep reading] “Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration”

How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent

28th of January, 2017 / / No Comments

Introduction

In the last 12 months I’ve lost count of the number of PowerShell Management Agents I’ve written to integrate Microsoft Identity Manager with a plethora of environments. The majority though have not been of huge scale (<50k objects) and the import of the managed entities into the Connector Space/Metaverse runs through pretty timely.
However this week I’ve been working on a AzureAD Groups PS MA for an environment with 40k+ groups. That in itself isn’t that large, but when you start processing Group Memberships as well, the Import process can take an hour for a Full Sync.… [Keep reading] “How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent”

How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries

25th of January, 2017 / / No Comments

Introduction

In August 2016 I wrote this post on how to use PowerShell to leverage the Microsoft GraphAPI and use Differential Queries. The premise behind that post was I required a Microsoft Identity Manager Management Agent to synchronize identity information from AzureAD into Microsoft Identity Manager. However the environment it was intended for has a large AzureAD implementation and performing a Full Sync every-time is just to time consuming. Even more so with this limitation that still exists today in MIM 2016 with SP1.… [Keep reading] “How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries”

How to embed Power BI Reports into the Microsoft Identity Manager Portal

24th of January, 2017 / / No Comments

About seven years ago at a conference in Los Angeles I attended I remember a session where a consultant from Oxford Computer Group gave a presentation on integrating Quest Identity Manager (now Dell One Identity Manager) with the Forefront Identity Manager Portal. I’ve recently had a requirement to do something similar and Carol pointed me in the direction of her experiments with doing something similar based off inspiration from that same presentation/session.
Well it is now 2017 and FIM and SharePoint have all moved through a few versions and doing something similar has changed.… [Keep reading] “How to embed Power BI Reports into the Microsoft Identity Manager Portal”

How to configure a Graphical PowerShell Dev/Admin/Support User Interface for Azure/Office365/Microsoft Identity Manager

16th of January, 2017 / / No Comments

During the development of an identity management solution I find myself with multiple PowerShell/RDP sessions connected to multiple environments using different credentials often to obtain trivial data/information. It is easy to trip yourself up as well with remote powershell sessions to differing environments. If only there was a simple UI that could front-end a set of PowerShell modules and make those simple queries quick and painless. Likewise to allow support staff to execute a canned set of queries without providing them elevated permissions.… [Keep reading] “How to configure a Graphical PowerShell Dev/Admin/Support User Interface for Azure/Office365/Microsoft Identity Manager”

Resolving "The Microsoft Identity Manager server database could not be successfully populated" installation error

3rd of January, 2017 / / No Comments

Here is yet another of those Microsoft Identity Manager installation errors that doesn’t give you much information and when looking for a resolution you can’t find an exact match through Dr Google.
Nearing the end of the Microsoft Identity Manager Service and Portal installation you receive the “The Microsoft Identity Manager server database could not be successfully populated” error.
https://dl.dropboxusercontent.com/u/76015/BlogImages/MIMDBNotPopulated/MIM%20DB%20Not%20Populated%20-%20Full.png
Looking into the installation log (which I’m in the good practice of always initiating when doing an installation of the MIM Service/Portal these days eg. … [Keep reading] “Resolving "The Microsoft Identity Manager server database could not be successfully populated" installation error”

Microsoft Identity Manager installation error "Internal Error 2337. 0, Microsoft.MetadirectoryServices.host.dll"

2nd of January, 2017 / / No Comments

Today I was doing a fresh installation of Microsoft Identity Manger 2016 with Service Pack 1 into a new development environment. The exact binary is “en_microsoft_identity_manager_2016_with_service_pack_1_x64_dvd_9270854”
Not too far into the installation of the Microsoft Identity Manager Synchronization Server I got the “Internal Error 2337. 0, Microsoft.MetadirectoryServices.host.dll” error as shown below.
https://dl.dropboxusercontent.com/u/76015/BlogImages/MIM2016SP1InstallError/MIM%202337%20Install%20Error.png
Doing a few searches didn’t throw me any bones. I could see that the installation had added the MIM Sync Server Service Account to the Logins on the SQL Server.… [Keep reading] “Microsoft Identity Manager installation error "Internal Error 2337. 0, Microsoft.MetadirectoryServices.host.dll"”