Real world Azure AD Connect: the case for TWO Azure AD Connect servers

6th of December, 2016 / / 4 Comments

I was exchanging some emails with an account manager (Andy Walker) at Kloud and thought the exchange would be for some interesting reading. Here’s the outcome in an expanded and much more helpful (to you dear reader) format…

***

Background

When working with the Microsoft Cloud and in particular with identity, depending on some of the configuration options, it can be quite important to have Azure AD Connect highly available. Unfortunately for us, Microsoft has not developed AADConnect to be highly available.… [Keep reading] “Real world Azure AD Connect: the case for TWO Azure AD Connect servers”

Real world Azure AD Connect: multi forest user and resource + user forest implementation

2nd of December, 2016 / / 17 Comments

Disclaimer: During October I spent a few weeks working on this blog posts solution at a customer and had to do the responsible thing and pull the pin on further time as I had hit a glass ceiling. I reached what I thought was possible with Azure AD Connect. In comes Nigel Jones (Identity Consultant @ Kloud) who, through a bit of persuasion from Darren (@darrenjrobinson), took it upon himself to smash through that glass ceiling of Azure AD Connect and figured this solution out.

[Keep reading] “Real world Azure AD Connect: multi forest user and resource + user forest implementation”

Using an Azure Function to search the FIM/MIM Metaverse, create a Set and update the Set membership in the the FIM/MIM Service

18th of November, 2016 / / No Comments

Introduction

This is the third and last post in this series of integrating Microsoft Identity Manager with Azure Functions.
The first detailed how to use an Azure Function to retrieve data from the MIM Service Server. The second detailed how to use an Azure Function to retrieve data from the MIM Sync (Metaverse) Server.
This third post combines the two and then performs an action in the MIM Service. The practical purpose of this could be functions like “find all users in location y” and “enable them for entitlement x” or “add an attribute value on each of their objects”.… [Keep reading] “Using an Azure Function to search the FIM/MIM Metaverse, create a Set and update the Set membership in the the FIM/MIM Service”

Remotely managing your FIM/MIM Synchronisation Server using Powershell and the Lithnet MIIS Automation Powershell Module

16th of November, 2016 / / No Comments

Background

I’ve been using Ryan’s Lithnet MIIS Automation Powershell Module for a few months now as you’ve likely seen from some of my blog posts.
The module and its installer direct you to install the module on your FIM/MIM Synchronisation Server. This all makes perfect sense as the FIM/MIM Synchronsation Sever is more of your traditional server application. However we are no longer living in that kind of IT world. Consultants, Administrators, Architects, DevOps etc all want the flexibility to use their own workstations, administrative workstations, automation services etc.… [Keep reading] “Remotely managing your FIM/MIM Synchronisation Server using Powershell and the Lithnet MIIS Automation Powershell Module”

Using Azure Functions with the Lithnet MIIS Automation Powershell Module to query your Microsoft Identity Manager Metaverse

16th of November, 2016 / / No Comments

This is the 2nd blog continuing on from this post which is an introduction to using Azure Functions with the Lithnet FIM/MIM Powershell Modules. If you haven’t read that one please do so to get up to speed before this one as it has more detail around the setup.

Overview

This post details similar functionality to the first post but with integration to the FIM/MIM Synchronisation Server and the FIM/MIM Metaverse rather than the FIM/MIM Service.… [Keep reading] “Using Azure Functions with the Lithnet MIIS Automation Powershell Module to query your Microsoft Identity Manager Metaverse”

Microsoft Identity Manager Service and Portal Setup Wizard ended prematurely

15th of November, 2016 / / No Comments

Last week I was installing the Microsoft Identity Manager Service and Portal on a relatively fresh build of a Windows 2012R2 Server that also included an automated installation of SharePoint Server 2013 w/ SP1.
After going through all the installation configuration options and having the installation start I got the extremely helpful “Setup Wizard ended prematurely” error message.
https://dl.dropboxusercontent.com/u/76015/BlogImages/MIMPortalInstallError/Install%20Error.png
Having been in this situation previously on other installs (but for different reasons) I knew it was time to kick off the installation again from the command prompt with logging to an installation log file as shown below.… [Keep reading] “Microsoft Identity Manager Service and Portal Setup Wizard ended prematurely”

Get Users/Groups/Objects from Microsoft/Forefront Identity Manager with Azure Functions and the Lithnet Resource Management Powershell Module

14th of November, 2016 / / No Comments

Introduction

As an Identity Management consultant if I had a $1 for every time I’ve been asked “what is user x’s current status in IDAM”, “is user x active?”, “does user x have an account in y?”, “what is user x’s primary email address?”, particularly after Go Live of an IDAM solution my holidays would be a lot more exotic.
From a Service Desk perspective IDAM implementations are often a black box in the middle of the network that for the most part do what they were designed and implemented to do.… [Keep reading] “Get Users/Groups/Objects from Microsoft/Forefront Identity Manager with Azure Functions and the Lithnet Resource Management Powershell Module”

Active Directory – What are Linked Attributes?

26th of September, 2016 / / No Comments

A customer request to add some additional attributes to their Azure AD tenant via Directory Extensions feature in the Azure AD Connect tool, lead me into further investigation. My last blog here set out the customer request, but what I didn’t detail in that blog was one of the attributes they also wanted to extend into Azure AD was directReports, an attribute they had used in the past for their custom built on-premise applications to display the list of staff the user was a manager for.… [Keep reading] “Active Directory – What are Linked Attributes?”

Office365 License Reporting in PowerBI from Microsoft Identity Manager

29th of August, 2016 / / 8 Comments

 

Overview

A common request I’m hearing from my customers is visibility of Office365 licensing. Typically this is more from the management staff over the technical team as they don’t have the know-how to get the info themselves. From a management perspective it is also about making sure they get full use of their licensing entitlements. Also to know when they are running close to their licensing limit and the conversations about procuring additional licenses need to be had.… [Keep reading] “Office365 License Reporting in PowerBI from Microsoft Identity Manager”

Office365 Licensing Management Agent for Microsoft Identity Manager

26th of August, 2016 / / 5 Comments

Licensing for Office365 has always been a moving target for enterprise customers. Over the years I’ve implemented a plethora of solutions to keep licensing consistent with entitlement logic. For some customers this is as simple as everyone gets say, an E3 license. For other institutions there are often a mix of ‘E’ and ‘K’ licenses depending on EmployeeType.

Using the Granfeldt PowerShell Management Agent to import Office365 Licensing info

In this blog post I detail how I’m using Søren Granfeldt’s extremely versatile PowerShell Management Agent yet again.… [Keep reading] “Office365 Licensing Management Agent for Microsoft Identity Manager”