Service Pack 1 has been released on MSDN:
Hello Christo
Service Pack 1 has been released on MSDN:
Over the past few weeks, I have had the pleasure to read the “Microsoft Forefront Identity Manager 2010 R2 Handbook“ by Kent Nordström. Those who watch the FIM TechNet forums will definitely know the name. I was lucky enough to receive a copy of the book from Packt Publishing and would like to thank Pamheiba Akoijam.
As anyone in this area of expertise knows there are not many good resources around when it comes to understanding the value proposition of FIM and how to technically deploy it; other than the official TechNet wiki’s, articles and blogs. For a complete list of online FIM resources see Forefront Identity Manager Resources (en-US) - TechNet - Microsoft.
One of the first books that added value to the community was “FIM R2 Best Practices Volume 1: Introduction, Architecture and Installation of Forefront Identity Manager 2010 R2” written originally by David Lundell and Brad Turner (that David has now updated for FIM 2010 R2). The book is a great resource as an introduction as well as architectural overview for deployment topologies and I often recommend it to FIM customers. The book however had a lot of topics that David and Brad wanted to still address. Enter “Microsoft Forefront Identity Manager 2010 R2 Handbook“.
I really enjoyed going through this book and reading how the book easily explains various difficult concepts. Something else that is noticeable from the start is that the book is written with a single common real world scenario featuring a fictitious company called “The Company” (no reference to the CIA J) as the basis for all business scenarios and solution deployment activities.
The book covers and extremely broad scope of topics related to FIM ranging from something as simple as a brief history for the product up to deployment and troubleshooting suggestions. One of the great things about the book as that it is very hand-on and practical. Each business challenge is explained, mapped to a solution in FIM (and associated Microsoft products and offerings) and then deployed step-by-step. This ranges from information aggregation and synchronization, object provisioning and de-provisioning, password management, group management and portal customization. I love the fact that the book includes sections on FIM Certificate Manager, ADFS and Office 365.
The FIM content itself within the book is extremely value and I might find myself referencing it from time to time. Important areas such as “least privilege permissions” and development to production migration adds to the comprehensive scope of the book.
It feels like I can go on and on about the things I liked when going through the book, but be assured this is one of the best hands-on technical guides to the product that is published today.
If I had to make one comment about what I thought was missing I would be the perspective on some of the business value within the product relating to reporting, compliance and governance. None the less the book is an excellent resource.
Things I liked about the book:
I think the combination of “FIM R2 Best Practices Volume 1: Introduction, Architecture and Installation of Forefront Identity Manager 2010 R2” and “Microsoft Forefront Identity Manager 2010 R2 Handbook“ will be my de-facto standard recommendation to any personal trying to understand FIM and it will be required reading for my deployment team from now on.
The book is avaiable on many online stores include B&N, Amazon and the publisher site (here).
It is such a pleasure to write this post. This post is a big reason I have been so quite the past few weeks. We were very busy with the annual partner awards submissions and judging sessions, but I am ecstatic to be able to give feedback to you all after the awards dinner that took place on Thursday the 1st of November.
Gijima and our Microsoft Security and Identity team had a phenomenal showing at this years awards and walked away with 6 awards. These included :
This is such an amazing showing since we collected all the Microsoft core IO awards which shows the depth of the infrastructure team knowledge in deploying both point solutions, but also multi-competency solutions such as private clouds, hybrid clouds and platform switch offerings.
Iam so proud of every single consultant that made this happen (even some of them that are not currently with us anymore – since they left for other opportunities… like some in Australia). I want to thank everyone for their hard work.
I cannot believe it has been so long since I posted. I have been running around with so many things… I did however want to pop a message out to say that I got confirmation of being a Forefront Identity Management MVP for 2012 !! Yeah !!
When I put my certificate with the others last week I was a little shocked to see they go back to 2005. WOW. Time flies…
To the Microsoft PG and my fellow MVP’s – looking forward to another great year. (And I will do my best to get to the Summit in Feb 2013).
During a recent cluster build I inadvertently ended up with two Windows Server 2008 R2 Standard editions nodes (and no original media to get an re-install or edition refresh done). This forced me to figure out the online upgrade options in DISM. Turns out – this was quite simple.
Open an elevated command-prompt and enter the following command to check the current edition.
DISM /online /Get-CurrentEdition
To check the available editions for upgrade enter the following command.
DISM /online /Get-TargetEditions
To set the new edition enter the following command:
DISM /online /Set-Edition:<editionName> /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
For those with Linkedin accounts, check out the following:
(Note that the http://leakedin.org website only converts your password hash (client-side) to check it against the original dump file).
While busy looking into a strange error on Exchange 2010 provisioning this week I learned something again. While trying to export a new user to Active Directory (with Exchange 2010) mailbox provisioning I received the following error message.
The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event:There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=SMokgele,OU=Users,OU=Windmill,OU=SIML Business Units,DC=corp,DC=simlds,DC=com.Type: Microsoft.MetadirectoryServices.ExtensionExceptionMessage:**** ERROR ****Property RoleAssignmentPolicy can’t be set on this object because it requires the object to have version 0.10 (14.0.100.0) or later. The object’s current version is 0.0 (6.5.6500.0).**** END ERROR ****Stack Trace: at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) the message resource is present but the message is not found in the string/message table
Incorrect value: CN=ExchServer,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN= Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=simlds,DC=comCorrect value: /o=Company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ExchServer
I recently received an error message while deploying the FIM 2010 R2 Password Registration website that I could not get much information on so I thought I’d drop a note regarding the resolution.
After installing the FIM 2010 R2 Password Reset and Registration website the Reset website work perfectly while the Registration website kept prompting from authetication. In order to resolve this we check browser security settings as well as SPN’s. The authetication issue was resolved through changing the deployed service account of the FIM 2010 R2 Password website application pools. Following this the website loaded but when a user clicked “Next” in order to detect the locally logged on user the following error was displayed.
Ensure you enter your user name correctly.If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001)
Searching around there was not much info about it, but after quite a bit of messing around the error was again down to SPN’s. The correct SPN is listed in the “Before you begin” guide for FIM 2010 R2 under the “To establish the SPNs for the FIM Service service and FIM Password Portals” and relates to the SPN for the FIM password portal computer account. See the instruction below:
Repeat the above step for each of the FIM Password portals, using setspn.exe –S HTTP/<ssprPortalHostHeaderName> <domain>\<ssprPortalMachineAccount$>, where <ssprPortalHostHeaderName> is the binding information for the FIM Password portal Host Name that was entered during setup. This is the name that will be used by clients to contact the portals.
Following the verification of this SPN the authetication and the user detection functioned perfectly.
In a series of sync rule examples I played yesterday with a deployment that required the alias to be extracted from the mail address. This is achieved with the user of both the IsPresent and Word functions.
IIF(IsPresent(mailNickname),mailNickname,Word(mail,1,”@”))