Getting started configuring the latest Microsoft Identity Manager IBM Notes Management Agent with Domino v9.x

12th of April, 2017 / / No Comments

Lotus Notes. My old nemesis as both a user and as an administrator is back to haunt me again.
There’s a reasonable amount written by others on the trials and tribulations of getting the FIM/MIM Notes MA configured and working. However they are all referencing older versions of the MA and older versions of Domino. (If you are looking details on the previous versions checkout Michael’s great post here). The info on permissions is still valid, so make sure you’re on top of that.… [Keep reading] “Getting started configuring the latest Microsoft Identity Manager IBM Notes Management Agent with Domino v9.x”

Joining Identities between Active Directory and Azure Active Directory using Microsoft Identity Manager

11th of April, 2017 / / 1 Comment

Introduction

One of the foundations of Identity Management is the ability to join an identity between disparate connected systems. As we extend our management of identities into cloud services this adds a few twists.
A key concept is to use an anchor that is persistent. Something that doesn’t change through a users life-cycle. A user’s Security IDentifier (SID) in Active Directory is perfect. It doesn’t change when a user or group may get renamed.  What gets interesting is how the SID is represented when returned using different methods.… [Keep reading] “Joining Identities between Active Directory and Azure Active Directory using Microsoft Identity Manager”

Error rebuilding MIMWAL – File MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll not found

2nd of April, 2017 / / No Comments

First published on Nivlesh’s blog at https://nivleshc.wordpress.com
A few days ago, I was going through the steps for compiling MIMWAL, as listed at http://ithinkthereforeidam.com/installing-the-mimwal/ and came across an interesting problem.
After I had rebuilt my Visual Studio package, I went to run Sign.cmd and kept getting the following error message
Signcmd_Error
Error: File “MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll” Not Found. You need to compile WAL solution first! Make sure you use REBUILD Solution menu. Aborting script execution…
This was quite bizarre as I had not deviated from the steps listed in the above mentioned article.… [Keep reading] “Error rebuilding MIMWAL – File MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll not found”

Standalone installation of the MIM Self Service Password Reset Portals ends prematurely

28th of March, 2017 / / No Comments

Today I was performing a standalone installation of the MIM Self Service Password Reset Portals (Enrollment and Reset). These Portals rely on IIS and not the normal prerequisites associated with the MIM Service Portal (SharePoint etc).  As such using PowerShell I’d only installed the Web Server Role with the usual dependencies.
On starting the MIM Service and Portal installation I got the dreaded Microsoft Identity Manager Service and Portal Setup Wizard ended prematurely dialog. So straight into debug mode running with an installation log as per the command below.… [Keep reading] “Standalone installation of the MIM Self Service Password Reset Portals ends prematurely”

A workaround for the Microsoft Identity Manager limitation of not allowing simultaneous Management Agents running Synchronisation Profiles

9th of March, 2017 / / No Comments

Why ?

For those of you that may have missed it, in early 2016 Microsoft released a hotfix for Microsoft Identity Manager that included a change that removed the ability for multiple management agents on a Microsoft Identity Manager Synchronization Server to simultaneously run synchronization run profiles. I detailed the error you get in this blog post.
At the time it didn’t hurt me too much as I didn’t require any other fixes that were incorporated into that hotfix (and the subsequent hotfix).… [Keep reading] “A workaround for the Microsoft Identity Manager limitation of not allowing simultaneous Management Agents running Synchronisation Profiles”

How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports

17th of February, 2017 / / No Comments

Introduction

I’ve been working on a project where I must have visibility of a large number of Azure AD Groups into Microsoft Identity Manager.
In order to make this efficient I need to use the Differential Query function of the AzureAD Graph API. I’ve detailed that before in this post How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries. Due to the number of groups and the number of members in the Azure AD Groups I needed to implement Paged Imports on my favourite PowerShell Management Agent (Granfeldt PowerShell MA).… [Keep reading] “How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports”

Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration

31st of January, 2017 / / 6 Comments

Last week in a customer development environment I had one of those oh shit moments where I thought I’d lost a couple of weeks of work. A couple of weeks of development around multiple Management Agents, MV Schema changes etc. Luckily for me I was just connecting to an older VM Image, but it got me thinking. It would be nice to have an automated process that each night would;

  • Export each Management Agent on a FIM/MIM Sync Server
  • Export the FIM/MIM Synchronisation Server Configuration
  • Take a copy of the Extensions Folder (where I keep my PowerShell Management Agents scripts)
  • Export the FIM/MIM Service Server Configuration

And that is what this post covers.… [Keep reading] “Automate the nightly backup of your Development FIM/MIM Sync and Portal Servers Configuration”

How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent

28th of January, 2017 / / No Comments

Introduction

In the last 12 months I’ve lost count of the number of PowerShell Management Agents I’ve written to integrate Microsoft Identity Manager with a plethora of environments. The majority though have not been of huge scale (<50k objects) and the import of the managed entities into the Connector Space/Metaverse runs through pretty timely.
However this week I’ve been working on a AzureAD Groups PS MA for an environment with 40k+ groups. That in itself isn’t that large, but when you start processing Group Memberships as well, the Import process can take an hour for a Full Sync.… [Keep reading] “How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent”

How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries

25th of January, 2017 / / No Comments

Introduction

In August 2016 I wrote this post on how to use PowerShell to leverage the Microsoft GraphAPI and use Differential Queries. The premise behind that post was I required a Microsoft Identity Manager Management Agent to synchronize identity information from AzureAD into Microsoft Identity Manager. However the environment it was intended for has a large AzureAD implementation and performing a Full Sync every-time is just to time consuming. Even more so with this limitation that still exists today in MIM 2016 with SP1.… [Keep reading] “How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries”

How to embed Power BI Reports into the Microsoft Identity Manager Portal

24th of January, 2017 / / No Comments

About seven years ago at a conference in Los Angeles I attended I remember a session where a consultant from Oxford Computer Group gave a presentation on integrating Quest Identity Manager (now Dell One Identity Manager) with the Forefront Identity Manager Portal. I’ve recently had a requirement to do something similar and Carol pointed me in the direction of her experiments with doing something similar based off inspiration from that same presentation/session.
Well it is now 2017 and FIM and SharePoint have all moved through a few versions and doing something similar has changed.… [Keep reading] “How to embed Power BI Reports into the Microsoft Identity Manager Portal”