The new Puttyq.com

I have been working with identity and access management technologies to a few years now and in this time I have had the opportunity to work on a multitude of projects aimed at the deployment of these technologies. Over this period I have noticed that there are certain things that makes a project work and invariably there are things that set you up for failure from the start. In order to try and help prompt successful identity management deployments I thought I would give you my “Top 10 Reasons Identity Management Projects Fail”.

 

One: No clear goal or problem statement – We all know this, but somehow we miss this sometimes. Over the years the customer projects that have had the greatest success have been the ones that know exactly what they wanted to achieve. There is great phrase that states the “Clarity is power” and if you understand what you want to achieve you find ways to get it done – plus you notice when you are getting off track. I think there are three main reasons to embark on a identity management project: security – operational efficiency – governance / compliance.

Tip: Get clear on the problem – Get clear on the goal

 

Two: Sponsorship -  One to the quickest ways to make any integration project such as an identity management project fail is to have the wrong level of sponsorship for the project. Generally when a project is driven from an IT department alone and it requires deep integration into systems such as payroll there are challenges in getting all parties to agree on the need for the project (or the proposed timelines, cost, effort, etc). Making sure you have the right level of executive sponsorship for your initiative, that understand the need and the goal, makes it easier to get all parties to help in the effort.

Tip: Make sure you get the right level of sponsorship for your project.

 

Three: Most technology and business decision makes don’t know what IDM is – thought the field of identity management has been around for many years it had not been all that accessible for adoption within the broader market (due to many reasons) and as such there has historically been very people that could effectively articulate the technical and business benefits to get large scale project going. Because of this there are a lot of half baked ideas / truths about what identity management is. I have always found the best way to educate people about what these technologies can do is to show them.

Tip: Make sure to showcase the technology solving the business problem and at the same time educating your company on the solution.

 

Four: Skills, Skills, Skills – Irrespective of the vendor solution finding the right individual to deploy the solution and more challenging, to maintain it post deployment has proven to be a big stumbling block in the deployment of identity management technologies.

Tip: Find the right partner or skilled consultant to assist in the deployment and training of your onsite resources

 

Five: Perceived Cost of Ownership – When customers embark on any technology project they often do a cost-benefit analysis to determine if the project is a good idea. Whether this is a formal process or someone just looking a total thinking “What am I getting for all this money again?”; the process does take place. Since identity management in many cases enhances something that already exists this is sometimes a hard sell to someone that does not have a clear picture of the problems (or you have not effectively shown that correct people the correct problem). When objectively looking at identity management technologies compared to many distributed infrastructure deployments like Exchange the cost is actually quite low, but when you put professional services, support, client access licenses and number of system to integrate together it does become quite expensive sometimes. The trick here is, business decision makes know they need email… you need to find a problem or benefit so big that they will now know they need identity management.

Tip: When cost alone is enough to stop you deployment you need to find a bigger carrot or stick

 

Six: Going big made you go home – Numerous times I have been involved on projects or heard of projects that failed due to this little principle. Many times customers look into identity management, see the potential and then go ballistic. They try to deploy complete company wide role based access, mapped into payroll and integrated into all company systems. This approach has many problems in my opinion. either you plan forever trying to map every role in HR to every access permission in the company OR you deploy forever trying to get every system to speak to every other system OR both of the above. Usually this makes people loose interest and the momentum you started with is lost.

Tip: Find a balance for a first phase deployment between value shown and timelines in which you deliver. This way you will proven value quickly

 

Seven: Manage change – We techies love our technology, but every now and then we have to deal with business users… right. When looking at the new wave of identity management product on the market today, almost all of then have a user front-end of some sort. Due to this the identity management engine is no longer a process hidden in the corner of the datacentre, but it becomes a integral part of many users day to day jobs. Since we now have interaction with users of the solution it is imperative for identity management projects to contain some form of change management to the technology consumers. IT projects have been quite bad with this in the past, but we must change that going forward.

Tip: Make sure people know what changes are coming and how this will change the way they work today

 

Eight: Poor planning – Every project we do irrespective of technology has certain risks, but through planning many of these can be addressed. These risks can be mitigated quite easily in my mind by taking some of the previous tips to heart and having an effective project management process. By knowing the goal, having the business buy-in, understanding the cost, managing the scope and communicating change we set ourselves up for success. The things that remain are timeline, scope and budget management.

Tip: Apply good project management principles to your identity management project (together with the tips above)

 

Nine: Unmanaged expectations – The fact that this is only mentioned at number nine should not be an indication of the importance of this point. I think this is a invaluable lesson for every part of our lives not just in running a successful project. The age old picture below paints the picture perfectly. Look at the picture long and hard and make sure you see this the next time you chat to a project team member.

Tip: Make sure after every meeting, discussion, email, chat and document exchange that everyone is on the same page – expecting the same thing for the outcome

 

 

Ten: Identity is given the wrong priority – The final point here is a little but of a rant regarding companies having a mistaken view of how important identity and the effective management of identity is to their business. Identity in business today is everything. If you wanted to given people permission to something you would need to know “who” you want to give “what” and indeed “when” and for what “reason”. Without effectively knowing who is who in the realm of your organization you know thing. When we manage out staff, student, vendor, contractor, alumni, partner, administrator, etc identities well we enable business to be more secure while being highly dynamic and agile at the same time.

Tip: Spread the word – Without effectively managing our identities within the corporate environment every piece of IT infrastructure you spend millions on is reduced to just pieces of tin.

Almero General Identity Management

If you are in the process of setting up FIM 2010 Certificate Manager or CLM 2007 there is two very important tasks that need to be completed in order to get imports from your Certificate Management MA to work.

1. Ensure the username and password in the management agent is properly formatted. It should be specified as DOMAIN\User.
2. The ConnectTo variable should be set to the URL of the CM portal. (http://server/certificatemanagement)
3. Ensure that the account used within the CM Management Agent has access to all the profile templates within the organization. These can be checked under the “Active Directory Sites and Services – Services – Public Key Services – Profile Templates” If you cannot see the Services node be sure to select “Show Services Node” under the View options.
4. Verify that you have configured the CM web.config to allow the CM Management to access the service. In order to do this, add the statement below to the CM web.config.
5. Choose the correct authetication method under the management agent additional properties. (Set ‘authType’ to either ‘Negotiate’ or NTLM’)

Read more…

Almero FIM 2010, FIM 2010 CM Certificate Manager, FIM 2010

I have recently been editing some RCDC and came across this error again. There are a few references on the web, but I thought I would add a quick note about it.

Requestor: urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4
Microsoft.ResourceManagement: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: Exception of type ‘Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException’ was thrown.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
   at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)

The error generally only occurs when you have been messing with either one of two things, the RCDC or the schema of an object / attribute / binding. The error basically states that there is a disconnect between what you RCDC is trying to create / update and what is available in the schema. You would have to retrace your steps a little to find the actual problem since I cannot advise you what is happening in your environment, but at least I hope this points you in the right direction.

Almero FIM 2010 Error, Troubleshooting

For those countries lucky enough to have wide scale Microsoft BPOS infrastructure (not like South Africa) Carol, one of our Identity Management MVP’s, has done very good work on using ILM / FIM to issue BPOS commands. There are certain things that are possible with connectors like the Outlook Sync MA which works against the same types of mechanism, but the BPOS offering is much wider, so if you wanted to issue custom commands check out her post at http://www.wapshere.com/missmiis/provisioning-bpos-powershell-commands-as-cs-objects.

Nice one Carol.

Almero FIM 2010 FIM 2010

For any of you that have configured the FIM Self-Service Password Reset, you will know that you need to get the DCOM permission and services accounts just right. Brad Turner, another long time MVP, Karl Mitschke and a few helpers have created a Powershell script to assist.

Check out the article on TechNet or Brad’s Blog or Karl’s Post.

PARAM(
    [string]$Principal = $(throw "`nMissing -Principal DOMAIN\FIM PasswordSet"),
    $Computers = $(throw "`nMissing -Computers (‘fimnode01′,’fimnode02′)"))

# USAGE:
#
# .\Set-FIM-DCOM.ps1 -Principal "DOMAIN\<group or username>" -Computers (‘<server1>’, ‘<server2>’,…)
#
# EXAMPLE:
# .\Set-FIM-DCOM.ps1 -Principal "DOMAIN\FIM PasswordSet" -Computers (‘fimsyncprimary’, ‘fimsyncstandby’)
#
# Inspired by Karl Mitschke’s post:
# http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

Write-Host "Set-FIM-DCOM – Updates DCOM Permissions for FIM Password Reset"
Write-Host "`tWritten by Brad Turner (bturner@ensynch.com)"
Write-Host "`tBlog: http://www.identitychaos.com"

function get-sid
{
PARAM ($DSIdentity)
$ID = new-object System.Security.Principal.NTAccount($DSIdentity)
return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()
}

$sid = get-sid $Principal

#MachineLaunchRestriction – Local Launch, Remote Launch, Local Activation, Remote Activation
$DCOMSDDLMachineLaunchRestriction = "A;;CCDCLCSWRP;;;$sid"

#MachineAccessRestriction – Local Access, Remote Access
$DCOMSDDLMachineAccessRestriction = "A;;CCDCLC;;;$sid"

#DefaultLaunchPermission – Local Launch, Remote Launch, Local Activation, Remote Activation
$DCOMSDDLDefaultLaunchPermission = "A;;CCDCLCSWRP;;;$sid"

#DefaultAccessPermision – Local Access, Remote Access
$DCOMSDDLDefaultAccessPermision = "A;;CCDCLC;;;$sid"

#PartialMatch
$DCOMSDDLPartialMatch = "A;;\w+;;;$sid"

foreach ($strcomputer in $computers)
{
write-host "`nWorking on $strcomputer with principal $Principal ($sid):"
# Get the respective binary values of the DCOM registry entries
$Reg = [WMIClass]"\\$strcomputer\root\default:StdRegProv"
$DCOMMachineLaunchRestriction = $Reg.GetBinaryValue(2147483650,"software\microsoft\ole","MachineLaunchRestriction").uValue
$DCOMMachineAccessRestriction = $Reg.GetBinaryValue(2147483650,"software\microsoft\ole","MachineAccessRestriction").uValue
$DCOMDefaultLaunchPermission = $Reg.GetBinaryValue(2147483650,"software\microsoft\ole","DefaultLaunchPermission").uValue
$DCOMDefaultAccessPermission = $Reg.GetBinaryValue(2147483650,"software\microsoft\ole","DefaultAccessPermission").uValue

# Convert the current permissions to SDDL
write-host "`tConverting current permissions to SDDL format…"
$converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper
$CurrentDCOMSDDLMachineLaunchRestriction = $converter.BinarySDToSDDL($DCOMMachineLaunchRestriction)
$CurrentDCOMSDDLMachineAccessRestriction = $converter.BinarySDToSDDL($DCOMMachineAccessRestriction)
$CurrentDCOMSDDLDefaultLaunchPermission = $converter.BinarySDToSDDL($DCOMDefaultLaunchPermission)
$CurrentDCOMSDDLDefaultAccessPermission = $converter.BinarySDToSDDL($DCOMDefaultAccessPermission)

# Build the new permissions
write-host "`tBuilding the new permissions…"
if (($CurrentDCOMSDDLMachineLaunchRestriction.SDDL -match $DCOMSDDLPartialMatch) -and ($CurrentDCOMSDDLMachineLaunchRestriction.SDDL -notmatch $DCOMSDDLMachineLaunchRestriction))
{
   $NewDCOMSDDLMachineLaunchRestriction = $CurrentDCOMSDDLMachineLaunchRestriction.SDDL -replace $DCOMSDDLPartialMatch, $DCOMSDDLMachineLaunchRestriction
}
else
{
   $NewDCOMSDDLMachineLaunchRestriction = $CurrentDCOMSDDLMachineLaunchRestriction.SDDL += "(" + $DCOMSDDLMachineLaunchRestriction + ")"
}
if (($CurrentDCOMSDDLMachineAccessRestriction.SDDL -match $DCOMSDDLPartialMatch) -and ($CurrentDCOMSDDLMachineAccessRestriction.SDDL -notmatch $DCOMSDDLMachineAccessRestriction))
{
  $NewDCOMSDDLMachineAccessRestriction = $CurrentDCOMSDDLMachineAccessRestriction.SDDL -replace $DCOMSDDLPartialMatch, $DCOMSDDLMachineLaunchRestriction
}
else
{
   $NewDCOMSDDLMachineAccessRestriction = $CurrentDCOMSDDLMachineAccessRestriction.SDDL += "(" + $DCOMSDDLMachineAccessRestriction + ")"
}

if (($CurrentDCOMSDDLDefaultLaunchPermission.SDDL -match $DCOMSDDLPartialMatch) -and ($CurrentDCOMSDDLDefaultLaunchPermission.SDDL -notmatch $DCOMSDDLDefaultLaunchPermission))
{
   $NewDCOMSDDLDefaultLaunchPermission = $CurrentDCOMSDDLDefaultLaunchPermission.SDDL -replace $DCOMSDDLPartialMatch, $DCOMSDDLDefaultLaunchPermission
}
else
{
   $NewDCOMSDDLDefaultLaunchPermission = $CurrentDCOMSDDLDefaultLaunchPermission.SDDL += "(" + $DCOMSDDLDefaultLaunchPermission + ")"
}

if (($CurrentDCOMSDDLDefaultAccessPermission.SDDL -match $DCOMSDDLPartialMatch) -and ($CurrentDCOMSDDLDefaultAccessPermission.SDDL -notmatch $DCOMSDDLDefaultAccessPermision))
{
   $NewDCOMSDDLDefaultAccessPermission = $CurrentDCOMSDDLDefaultAccessPermission.SDDL -replace $DCOMSDDLPartialMatch, $DCOMSDDLDefaultAccessPermision
}
else
{
   $NewDCOMSDDLDefaultAccessPermission = $CurrentDCOMSDDLDefaultAccessPermission.SDDL += "(" + $DCOMSDDLDefaultAccessPermision + ")"
}

# Convert SDDL back to Binary
write-host "`tConverting SDDL back into binary form…"
$DCOMbinarySDMachineLaunchRestriction = $converter.SDDLToBinarySD($NewDCOMSDDLMachineLaunchRestriction)
$DCOMconvertedPermissionsMachineLaunchRestriction = ,$DCOMbinarySDMachineLaunchRestriction.BinarySD

$DCOMbinarySDMachineAccessRestriction = $converter.SDDLToBinarySD($NewDCOMSDDLMachineAccessRestriction)
$DCOMconvertedPermissionsMachineAccessRestriction = ,$DCOMbinarySDMachineAccessRestriction.BinarySD

$DCOMbinarySDDefaultLaunchPermission = $converter.SDDLToBinarySD($NewDCOMSDDLDefaultLaunchPermission)
$DCOMconvertedPermissionDefaultLaunchPermission = ,$DCOMbinarySDDefaultLaunchPermission.BinarySD

$DCOMbinarySDDefaultAccessPermission = $converter.SDDLToBinarySD($NewDCOMSDDLDefaultAccessPermission)
$DCOMconvertedPermissionsDefaultAccessPermission = ,$DCOMbinarySDDefaultAccessPermission.BinarySD

# Apply the changes
write-host "`tApplying changes…"
if ($CurrentDCOMSDDLMachineLaunchRestriction.SDDL -match $DCOMSDDLMachineLaunchRestriction)
{
   write-host "`t`tCurrent MachineLaunchRestriction matches desired value."
}
else
{
   $result = $Reg.SetBinaryValue(2147483650,"software\microsoft\ole","MachineLaunchRestriction", $DCOMbinarySDMachineLaunchRestriction.binarySD)
   if($result.ReturnValue=’0′){write-host "  Applied MachineLaunchRestricition complete."}
}

if ($CurrentDCOMSDDLMachineAccessRestriction.SDDL -match $DCOMSDDLMachineAccessRestriction)
{
   write-host "`t`tCurrent MachineAccessRestriction matches desired value."
}
else
{
   $result = $Reg.SetBinaryValue(2147483650,"software\microsoft\ole","MachineAccessRestriction", $DCOMbinarySDMachineAccessRestriction.binarySD)
   if($result.ReturnValue=’0′){write-host "  Applied MachineAccessRestricition complete."}
}

if ($CurrentDCOMSDDLDefaultLaunchPermission.SDDL -match $DCOMSDDLDefaultLaunchPermission)
{
   write-host "`t`tCurrent DefaultLaunchPermission matches desired value."
}
else
{
   $result = $Reg.SetBinaryValue(2147483650,"software\microsoft\ole","DefaultLaunchPermission", $DCOMbinarySDDefaultLaunchPermission.binarySD)
   if($result.ReturnValue=’0′){write-host "  Applied DefaultLaunchPermission complete."}
}

if ($CurrentDCOMSDDLDefaultAccessPermission.SDDL -match $DCOMSDDLDefaultAccessPermision)
{
   write-host "`t`tCurrent DefaultAccessPermission matches desired value."
}
else
{
   $result = $Reg.SetBinaryValue(2147483650,"software\microsoft\ole","DefaultAccessPermission", $DCOMbinarySDDefaultAccessPermission.binarySD)
   if($result.ReturnValue=’0′){write-host "  Applied DefaultAccessPermission complete."}

}
}
#———————————————————————————————————-
trap
{
$exMessage = $_.Exception.Message
if($exMessage.StartsWith("L:"))
{write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
else {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
Exit
}
#———————————————————————————————————-

Almero FIM 2010 FIM 2010, Powershell

I got a call from a friend earlier the week about a issue he was having with the FIM portal. Any new users we was creating did not get portal access. They all got “Service not available”. In the Windows Event log an error was logged stating:

Requestor: Internal Service
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Exception of type ‘Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException’ was thrown.
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUserFromSecurityIdentifier()
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)

He tried everything from recreation to full admin access and nothing worked. The fix is actually quite simple and is hidden in the error. The FIM portal relies on the objectSID of and AD user to authenticate into the portal and since he was not exporting the objectSid back to the FIM store once the user was created the portal could not ‘find’ the user. (Check the “GetCurrentUserFromSecurityIdentifier“ method being called in the error).

It turns out he was exporting the value but the portal had a higher precedence. A simple rule change and a sync fixed it up.

Almero FIM 2010 Portal

I have been having trouble getting Update 1 for FIM 2010 installed on a development environment over the past weekend. I kept on getting a rollback error when trying to install the Portal update. After turning on MSI error logging and going through various actions I found a workaround this morning and thought I would share in case anyone else came across the problem.

The Portal update kept on giving me a generic Windows Update error as listed below.

Installation Failure: Windows failed to install the following update with error 0×80070643: Forefront Identity Manager 2010 Service and Portal Update (KB978864).

After turning on the MSI Installer logging I found the following errors – but could not go anything to resolve them.

MSI (s) (80:48) [23:07:41:731]: Final Patch Application Order:
MSI (s) (80:48) [23:07:41:731]: {824DC559-9C52-4A2E-B1C9-6AF6931DD582} – C:\Users\ADMINI~1\AppData\Local\Temp\2\IXP000.TMP\FIMService_KB978864.msp
DEBUG: Error 2746:  Transform VL.1 invalid for package C:\Windows\Installer\259751.msi. Expected product {ECEE9162-0670-46A8-A39F-2DBE5384538E}, found product {64CF0564-BD45-41BF-B5B4-CB866444C008}.
1: 2746 2: VL.1 3: C:\Windows\Installer\259751.msi 4: {ECEE9162-0670-46A8-A39F-2DBE5384538E} 5: {64CF0564-BD45-41BF-B5B4-CB866444C008}
DEBUG: Error 2746:  Transform EVAL.2 invalid for package C:\Windows\Installer\259751.msi. Expected product {2AF4AEAF-C1EA-4670-8BA4-9FB0C74F02AE}, found product {64CF0564-BD45-41BF-B5B4-CB866444C008}.
1: 2746 2: EVAL.2 3: C:\Windows\Installer\259751.msi 4: {2AF4AEAF-C1EA-4670-8BA4-9FB0C74F02AE} 5: {64CF0564-BD45-41BF-B5B4-CB866444C008}
DEBUG: Error 2746:  Transform ISVR.3 invalid for package C:\Windows\Installer\259751.msi. Expected product {4E992D60-BD0B-4F9C-93D7-246675023E72}, found product {64CF0564-BD45-41BF-B5B4-CB866444C008}.
1: 2746 2: ISVR.3 3: C:\Windows\Installer\259751.msi 4: {4E992D60-BD0B-4F9C-93D7-246675023E72} 5: {64CF0564-BD45-41BF-B5B4-CB866444C008}
DEBUG: Error 2746:  Transform NFR.5 invalid for package C:\Windows\Installer\259751.msi. Expected product {322CD829-6D7C-45B1-B92F-CF9CFBDF26CA}, found product {64CF0564-BD45-41BF-B5B4-CB866444C008}.
1: 2746 2: NFR.5 3: C:\Windows\Installer\259751.msi 4: {322CD829-6D7C-45B1-B92F-CF9CFBDF26CA} 5: {64CF0564-BD45-41BF-B5B4-CB866444C008}
DEBUG: Error 2746:  Transform SPLA.6 invalid for package C:\Windows\Installer\259751.msi. Expected product {49966941-CA40-40F0-8159-248FB7E5C3F7}, found product {64CF0564-BD45-41BF-B5B4-CB866444C008}.
1: 2746 2: SPLA.6 3: C:\Windows\Installer\259751.msi 4: {49966941-CA40-40F0-8159-248FB7E5C3F7} 5: {64CF0564-BD45-41BF-B5B4-CB866444C008}

DEBUG: Error 2769:  Custom Action ValidateSyncAccount did not close 1 MSIHANDLEs.
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2769. The arguments are: ValidateSyncAccount, 1,

Eventually after trying a lot of things – I reran the FIM Portal setup and completed a repair. After the repair completed successfully the patch installed perfectly. Not sure what was wrong – but I thought I would save someone else a bit of trouble.

Almero FIM 2010 FIM 2010, Update 1

Forefront Identity Manager 2010 Update 1 has been released via Microsoft Update Catalogue. There are a few wonderful additions. Here are some highlights:

FIM Synchronization Service

• Support has been added support for Active Directory Recycle Bin. You will require Update 979214 on the Domain Controller used by the Synchronization Service.
• Run profiles now supports “Resume Full Sync” (Wooow – Nice PG). If a full sync is not completed the next time the same run profile is attempted a new option in Run Management Agent will allow the administrator to continue the Full Sync from the point where it failed.
• The Exchange Server 2010 detection in the Active Directory Management Agent has been fixed.

There are other updates – please check out http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/b21e08a5-d2be-4bf1-a53f-248b5a9cc6e3

Almero FIM 2010 FIM 2010; FIM 2010 Update 1

In the ILM days updates on information regarding the product we few and far between. With the release of FIM 2010 (Forefront Identity Manager 2010) Microsoft has taken steps to fix that previous oversight.

Keeping tabs on all this can however be a challenge. Kudos to Peter Geelen for adding this to the TechNet Wiki. This will provide a comprehensive list of available resources.

http://social.technet.microsoft.com/wiki/contents/articles/current-forefront-identity-manager-resources.aspx

Almero FIM 2010 FIM 2010

Forefront Identity Manager 2010 has been released.

Check out this link for a evaluation download.

Almero FIM 2010 FIM 2010