Synchronizing Exchange Online/Office 365 User Profile Photos with FIM/MIM

23rd of May, 2017 / / No Comments

Introduction

This is Part Two in the two-part blog post on managing users profile photos with Microsoft FIM/MIM. Part one here detailed managing users Azure AD/Active Directory profile photo. This post delves deeper into photos, specifically around Office 365 and the reason why you may want to manage these via FIM/MIM.

Background

User profile photos should be simple to manage. But in a rapidly moving hybrid cloud world it can be a lot more complex than it needs to be.… [Keep reading] “Synchronizing Exchange Online/Office 365 User Profile Photos with FIM/MIM”

How to Synchronize users Active Directory/Azure Active Directory Photo using Microsoft Identity Manager

23rd of May, 2017 / / No Comments

Introduction

Whilst Microsoft FIM/MIM can be used to do pretty much anything your requirements dictate, dealing with object types other than text and references can be a little tricky when manipulating them the first time. User Profile Photos fall into that category as they are stored in the directory as binary objects. Throw in Azure AD and obtaining and synchronizing photos can seem like adding a double back-flip to the scenario.
This post is Part 1 of a two-part post.… [Keep reading] “How to Synchronize users Active Directory/Azure Active Directory Photo using Microsoft Identity Manager”

A quick start guide to leveraging the Azure Graph API with PowerShell and oAuth 2.0

22nd of May, 2017 / / 1 Comment 
Update Oct 2019: See this post for simplifying oAuth Authentication to Microsoft Graph using PowerShell and the MSAL (Microsoft Authentication Libraries)

Introduction

In September 2016 I wrote this post detailing integrating with the Azure Graph API via PowerShell and oAuth 2.0.

Since that point in time I’ve found myself doing considerably more via PowerShell and the Graph API using oAuth. I regularly find myself leveraging previous scripts to generate a new script for the initial connection.… [Keep reading] “A quick start guide to leveraging the Azure Graph API with PowerShell and oAuth 2.0”

Using the Lithnet PowerShell Modules to generate full object metadata FIM/MIM HTML Reports

11th of May, 2017 / / No Comments


How many times have you wanted a consolidated report out of FIM/MIM for an object? What connectors does it have, what are the values of the attributes, which Management Agent contributed the value(s) and when? Individually of course you can get that info using the Metaverse Search and looking at the object in MIM Portal. But what if you wanted it all with a single query? This blog post provides an approach to doing just that.… [Keep reading] “Using the Lithnet PowerShell Modules to generate full object metadata FIM/MIM HTML Reports”

Scripting queries for Lithnet Get-MVObject searches into the Microsoft Identity Manager Metaverse

10th of May, 2017 / / No Comments

It probably seems obvious by now, but I seem to live in PowerShell and Microsoft Identity Manager. I’m forever looking into the Microsoft Identity Manager Metaverse for objects.
However, sometimes I get tripped up by the differences in Object Classes between the FIM/MIM Service and the Metaverse, the names of the Object Classes (obviously not Person, Group and Contact) and in situations where they are case-sensitive.  If you’re using the Sync Service Manager Metaverse Search function though you get a pick list.… [Keep reading] “Scripting queries for Lithnet Get-MVObject searches into the Microsoft Identity Manager Metaverse”

Scripting the generation & creation of Microsoft Identity Manager Sets/Workflows/Sync & Management Policy Rules with the Lithnet Resource Management PowerShell Module

26th of April, 2017 / / 2 Comments

Introduction

Yes, that title is quite a mouthful. And this post is going to be quite long. But worth the read if you are having to create a number of rules in Microsoft/Forefront Identity Manager, or even more so the same rule in multiple environments (eg. Dev, Staging, Production).
My colleague David Minnelli introduced using the Lithnet RMA PowerShell Module and the Import-RMConfig cmdlet recently for bulk creation of MIM Sets and MPR’s. David has a lot of the background on Import-RMConfig and getting started with it.… [Keep reading] “Scripting the generation & creation of Microsoft Identity Manager Sets/Workflows/Sync & Management Policy Rules with the Lithnet Resource Management PowerShell Module”

Automating Source IP Address updates on an Azure Network Security Group RDP Access Rule

25th of April, 2017 / / No Comments

Recently I’ve migrated a bunch of Virtual Box Virtual Machines to Azure as detailed here. These VM’s are in Resource Groups with a Network Security Group associated that restricts access to them for RDP based on a source TCPIP address. All good practice. However from a usability perspective, when I want to use these VM’s, I’m not always in the same location, and rarely on a connection with a static IP address.
This post details a simple little script that;

  • Has a couple of variables associated with a Resource Group, Network Security Group, Virtual Machine Name and an RDP Configuration File associated with the VM
  • Gets the public IP Address of the machine I’m running the script from
  • Prompts for Authentication to Azure, and retrieves the NSG associated with the Resource Group
  • Compares the Source IP Address in the ‘RDP’ Inbound Rule to my current IP Address.
[Keep reading] “Automating Source IP Address updates on an Azure Network Security Group RDP Access Rule”

Diagnosing FIM/MIM 'kerberos-no-logon-server' error on an Active Directory Management Agent

24th of April, 2017 / / 1 Comment

Overview

I have a complex customer environment where Microsoft Identity Manager is managing identities across three Active Directory Forests. The Forests all serve different purposes and are contained in different network zones. Accordingly there are firewalls between the zone where the MIM Sync Server is located and two of the other AD Forests as shown in the graphic below.

As part of the project the maintainers of the network infrastructure had implemented rules to allow the MIM Sync server to connect to the other two AD Forests.… [Keep reading] “Diagnosing FIM/MIM 'kerberos-no-logon-server' error on an Active Directory Management Agent”

Adapting to the changes in the AzureAD Preview PowerShell Module ADAL Helper Library

13th of April, 2017 / / No Comments

I’m a big proponent of using PowerShell for integration and automation of Azure Active Directory Services using the Azure AD GraphAPI. You may have seen many of my posts leverage the evolving Azure AD Preview PowerShell Module helper libraries. Lines in my scripts that use this look like the one below. In this case using preview version 2.0.0.52.

# the default path to where the ADAL GraphAPI PS Module puts the Libs
Add-Type -Path 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\2.0.0.52\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
[Keep reading] “Adapting to the changes in the AzureAD Preview PowerShell Module ADAL Helper Library”

Bulk create and update related configuration objects in FIM/MIM using the Lithnet Import-RMConfig cmdlet

12th of April, 2017 / / 3 Comments

Working on a FIM implementation for a customer, I needed to bulk create and update a number of related Sets and MPRs which granted permissions to users. I could have performed this task a number of ways:

  • Manually create and update all objects
  • Scripted in PowerShell using FIM Automation
  • Scripted using the Lithnet FIM/MIM Service PowerShell Module

I’ve been successfully using the Lithnet FIM/MIM Service PowerShell Module in a number of scripts to query and bulk create objects in the FIM Service which has greatly improved the quality and simplicity of my PowerShell scripts compared to using the FIM Automation module.… [Keep reading] “Bulk create and update related configuration objects in FIM/MIM using the Lithnet Import-RMConfig cmdlet”