Query the FIM Synchronization Service Database using SQL

Often times when managing a FIM / MIM implementation you may find that you need information that is not available to you via the Synchronization Service Manager tool. An alternative method for getting that information is by directly querying the FIM Sync database. It should be noted that this is not a Microsoft supported method for retrieving FIM Synchronization data as there is risk in creating a lock on a record with your query at the Continue reading Query the FIM Synchronization Service Database using SQL

Using the MIMWAL for Setting and Communicating the Initial Password for Newly Provisioned Users

A challenge when provisioning accounts to Active Directory using FIM / MIM is how to securely set the initial password and communicate that password to the new user so that they can logon to their computer. In this blog posting I describe a solution that leverages activities available in the MIMWAL to do the following: Configure a Random and Complex Password Sets the Password on the Active Directory User Account that was Provisioned by FIM Continue reading Using the MIMWAL for Setting and Communicating the Initial Password for Newly Provisioned Users

How to Disable Stale (Inactive) Accounts in AD via FIM

A common requirement for organizations is to disable Active Directory (AD) accounts when the account is stale (inactive). Often times the IT department will run a script directly against their AD that will identify those accounts, and then disable and move them to a specified OU. While this is effective for many, it will likely cause problems in an organization where FIM is authoritative for user accounts. In these cases, FIM may reverse the change by moving Continue reading How to Disable Stale (Inactive) Accounts in AD via FIM

Installing the MIMWAL

The MIMWAL is the publically released version of the FIM WAL v1 and FIM WAL v2 that were previously only available to Microsoft engagement engineers. The MIMWAL is described by Microsoft as a “powerful solution accelerator for MIM / FIM that provides foundational activities which can be combined to create complex workflows to implement business processes within a MIM / FIM solution simply by configuration instead of coding for days and months.” It is very exciting Continue reading Installing the MIMWAL

Forcing Users to Register for FIM Self Service Password Reset – SSPR

You have implemented FIM Self Service Password Reset (SSPR) to reduce the number of calls to your Help Desk. After a few months the Help Desk is reporting that users are still calling to have their passwords reset. You pull a report and find that a significant number of users have not registered for SSPR. In this blog post we will detail an option that forces users to register for SSPR thereby increasing your return on investment (ROI) for its implementation. Continue reading Forcing Users to Register for FIM Self Service Password Reset – SSPR

Provisioning to AD Using the MIMWAL

In January of 2016 Microsoft made the MIMWAL publically available. The MIMWAL is a Workflow Activity Library (WAL) for building complex workflows in the Microsoft Identity Manager (MIM) 2016 and Forefront Identity Manager (FIM) 2010 R2 solution. For more information about the MIMWAL to include project source code, releases and documentation, and discussion forums visit http://microsoft.github.io/MIMWAL/. As a Microsoft Partner, we have had access to the MIMWAL prior to it being released to the public. We have utilized Continue reading Provisioning to AD Using the MIMWAL

Reporting on FIM SSPR

If you have installed FIM Self Service Password Reset (SSPR), chances are that management will want to know what sort of return they are getting on their investment. One way to determine ROI on FIM SSPR is to look at the number of phone calls the Help Desk receives for password resets before and after its deployment. However, management will likely want more concrete evidence that it’s the deployment of SSPR that is lowering the number of calls. In this blog Continue reading Reporting on FIM SSPR

Don’t Forget to Move FIM SQL Server Agent Jobs When Moving Backend FIM Databases

If you are moving your FIM databases from one database server to another, it is important to also bring over the default FIM Jobs. These SQL Server Agent Jobs are stored in the msdb System Database and will not come over with your FIM databases. To move these jobs, Open SQL Server Management Studio, expand SQL Server Agent and expand Jobs. Note: You will see 9 FIM related jobs (we’re running FIM 2010 R2), all Continue reading Don’t Forget to Move FIM SQL Server Agent Jobs When Moving Backend FIM Databases

Synchronizing Country from FIM to Active Directory

Question: What do “c”, “co”, and “countryCode” all have in common? Answer: They are all attributes found on user objects in Active Directory (AD) that represent a user’s country. So, why is this the focus of a blog post? Well, it makes synchronizing a user’s country from FIM to AD a bit more complex than one would initially think. For starters, one might ask, “which attribute do I synchronize to?” Then the next question could be, “when I change Continue reading Synchronizing Country from FIM to Active Directory

Configuring Azure Traffic Manager

In this blog posting I am going to take you through the configuration of Microsoft Azure Traffic Manager which allows you to load balance incoming traffic across multiple hosted Microsoft Azure services/VMs. In this scenario we have a fully functional Microsoft MIM installation configured in the Microsoft Cloud where all resources were created using Azure Resource Manager. We have two VMs running the MIM Service/Portal and we will load balance traffic to those servers with Traffic Continue reading Configuring Azure Traffic Manager