PKI Blog

Sami Van Vliet

Sami Van Vliet

Recent Posts

Simplifying the Microsoft Policy Module with CMS Enterprise

Posted by Sami Van Vliet on Aug 15, 2017 12:46:02 PM

CMS Enterprise now provides exclusive, real time policy control at the Certificate Authority (CA), providing the most comprehensive security compliance for certificate issuance available today.

The CMS Custom Policy Modules intercept the certificate requests and can then perform important security-enhancing actions such as:

  • Allowing only certain IP addresses to request certificates. Preventing a user with access to the CA itself from being able to request a certificate outside of the approved CMS Enrollment process.
  • Using the CSS-patented VSCEP™ technology, CMS secures on-device key generation during certificate enrollment for iOS and Mac devices, without the use of client-side agents.
Read More

Topics: digital certificate management, X.509 digital certificates, Digital Identity Management, Microsoft Policy Module, PKI management

MIM Workflow Activity Library (MIMWAL)

Posted by Sami Van Vliet on Feb 5, 2016 2:36:48 PM

Building custom activities in Forefront Identity Manager (now Microsoft Identity Manager) required an understanding of programming in C# or VB.Net and how Windows Workflow Foundation functions.

Read More

Topics: MIM

Integrating Custom Features with the FIM Portal

Posted by Sami Van Vliet on Mar 12, 2015 10:52:32 PM

Recently, a customer wanted to allow its users to select specific alternate SMTP addresses for removal via the FIM portal.  

Read More

PCNS Error 6032

Posted by Sami Van Vliet on Sep 8, 2014 9:45:53 AM

Last week a user reported having reset his password, but it hadn’t changed in the connected HR system.

As this is an indication that the Password Change Notification Service (PCNS) wasn't working, I checked the Event Viewer on the Synchronization Engine server. While I saw several Event IDs indicating that heartbeats were being received from the DCs, there were no Event IDs 6903 for the past several hours. 6903 is the event that indicates a password notification was received from PCNS.

Read More

Topics: PCNS, FIM, Identity Management, Blog, Password Synchronization, Password Change Notification Service

Deleting a Large Number of Objects from the FIM Service with PowerShell

Posted by Sami Van Vliet on Jun 3, 2014 10:49:10 AM

Deleting a large number of objects from the FIM Service can be accomplished in several ways:

Read More

Topics: Delete objects FIM, Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, PowerShell, FIM Service

FIM Self Service Password Reset: Account Enablement

Posted by Sami Van Vliet on Jun 19, 2013 5:52:51 AM

I recently worked on a project where the client had some users who may not be logging into their accounts for 6 months or more, but their corporate policy was to disable accounts that had been dormant for more than 3 months.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, Microsoft Active Directory, Password reset, Forefront Identity Manager (FIM), Identity Management, Microsoft AD, FIM Password reset, Blog, Self-Service Password Reset, Active Directory, AD

FIM: Set Membership Based on Group Membership

Posted by Sami Van Vliet on Jan 8, 2013 5:23:21 AM

Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FIM, FIM Sets, FIM Groups, Identity Management, Microsoft AD, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Group Set, Blog, Active Directory, AD

FIM Service Accounts

Posted by Sami Van Vliet on Oct 2, 2012 6:54:08 AM

FIM requires several service accounts and groups, each with their own configuration requirements. However, there isn’t a single document that I’ve found that lists out all the accounts and the access they need.

This is a compilation of information from various Microsoft articles with information on FIM service accounts.

Full name
Read More

Topics: IT Security, Microsoft Security Partner, SCSM, PCNS, FIM, Setspn, SPNS, FIM Sync, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Password reset, FIM Service Accounts, Blog, FIM Password

Reference Attributes, Group Membership and Shifting Authoritative Sources

Posted by Sami Van Vliet on May 14, 2012 4:43:32 AM

A recent requirement for a project was to have users and groups provisioned from Domain B to Domain A. Simple enough, but a catch was that, as applications were migrated to Domain A, their groups would be “owned” by Domain A, which would now be the authoritative source for all group attributes (in this case, the authoritative source is determined by the OU the group is in in Domain B. The name of this OU is stored in the rules extension configuration file).

A custom rules extension is used to determine which management agent is authoritative, and to be sure the user objects being added to the member attribute are from the appropriate domain.

Read More

Topics: IT Security, Microsoft Security Partner, FIM, Reference Attributes, Group Membership, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog

FIM Multivalued Attribute Tables

Posted by Sami Van Vliet on Jan 24, 2012 4:00:49 AM

I was recently helping someone new to FIM come to grips with the multivalued attribute (MVA) table. The MVA table can be used to populate a multi-valued attribute—in a common scenario, this would be the member attributes of a group object.

Although there are good write ups on how to do this for those familiar with FIM, step by step instructions seemed helpful for those just learning.

Read More

Topics: FIM Multivalued attribute table, Multivalued attribute table, IT Security, Microsoft Security Partner, FIM, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, FIM MVA, Microsoft FIM, Blog

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?