PKI Blog

Best Practices: Optimizing FIM Performance

Posted by CSS Technical Team on Feb 25, 2015 9:58:00 AM

The goal of this article is to provide a checklist for validating Microsoft's Forefront Identity Manager's (FIM) configuration for optimal performance. As there are many different technologies involved in a FIM deployment, I thought it would be helpful to compile a list of articles that would be useful for planning or troubleshooting performance related issues.

This post provides a significant number of things to consider in planning and/or performance optimization of a FIM solution. As with any guidance of this nature, the guidance provided in this article may not apply to all situations and should be earnestly evaluated for applicability against the current design. This document is not specifically arranged in any order or priority, but is intended to form a comprehensive listing of items that may be decreasing performance.

Read More

Topics: Identity Federation, FIM, Identity and Access Management, Forefront Identity Manager (FIM), Identity Management, Microsoft Identity Manager, digital identity, MIM

PCNS Error 6032

Posted by Sami Van Vliet on Sep 8, 2014 9:45:53 AM

Last week a user reported having reset his password, but it hadn’t changed in the connected HR system.

As this is an indication that the Password Change Notification Service (PCNS) wasn't working, I checked the Event Viewer on the Synchronization Engine server. While I saw several Event IDs indicating that heartbeats were being received from the DCs, there were no Event IDs 6903 for the past several hours. 6903 is the event that indicates a password notification was received from PCNS.

Read More

Topics: PCNS, FIM, Identity Management, Blog, Password Synchronization, Password Change Notification Service

Batch Attribute Updates for Users in Forefront Identity Manager (FIM)

Posted by CSS Technical Team on Jun 25, 2014 11:56:00 AM

A client recently requested the ability to use data in an externally-generated file to perform batch attribute updates for Users in the FIM Service. What made this more complicated than expected was that some of the user attributes, for example Manager, were FIM references.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Forefront Identity Manager (FIM), FIM web service, Identity Management, Microsoft Forefront Identity Manager, Blog, FIM automation, PowerShell

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

Deleting a Large Number of Objects from the FIM Service with PowerShell

Posted by Sami Van Vliet on Jun 3, 2014 10:49:10 AM

Deleting a large number of objects from the FIM Service can be accomplished in several ways:

Read More

Topics: Delete objects FIM, Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, PowerShell, FIM Service

FIM 2010 R2 Unattended Install Where You Want It

Posted by Laurin Kline on May 5, 2014 6:47:15 AM

Recently we started using a custom script to install and configure FIM in a consistent manner. During more than a few manual installs, I’ve been asked to install FIM into a drive or directory other than “C:\Program Files\Microsoft Forefront Identity Manager\2010," so I knew the script would need to have this capability. After finding and reading the “Unattended Installation of FIM 2010 R2” post, I spent a great deal of time searching the internet which led me to the not well documented option, INSTALLDIR=”” that allows the unattended install of FIM components to drives or directories other than the default.

Maybe, this something you already knew, but I thought I’d share it, as it wasn’t an obvious choice.

Read More

Topics: installation path, Forefront Identity Manager, FIM 2010, IT Security, Microsoft Security Partner, FIM, FIM Portal, INSTALLDIR64, Identity Management, FIM Service Service, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, install path, FIM Sync Service, FIM 2010 R2, FIM Service

Simplifying FIM Service Migration

Posted by Rex Wheeler on Apr 30, 2014 2:57:26 PM

If you have spent time with FIM you know, and if you have not, you will soon learn that migrating a FIM Service configuration from one environment to another can be very difficult.

Read More

Topics: GitHub FimDelta, IT Security, Microsoft Security Partner, GitHub, FIM, FIM Service Migration, FimDelta, FIM Delta Tool, Identity Management, FIM Service migration process, Migration, Microsoft Forefront Identity Manager, Microsoft FIM, PowerShell migration, Blog, PowerShell, FIM Service

FIM Self Service Password Reset: Account Enablement

Posted by Sami Van Vliet on Jun 19, 2013 5:52:51 AM

I recently worked on a project where the client had some users who may not be logging into their accounts for 6 months or more, but their corporate policy was to disable accounts that had been dormant for more than 3 months.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, Microsoft Active Directory, Password reset, Forefront Identity Manager (FIM), Identity Management, Microsoft AD, FIM Password reset, Blog, Self-Service Password Reset, Active Directory, AD

FIM: When products don’t play nice together...

Posted by CSS Technical Team on Jan 24, 2013 10:17:31 AM

As a consultant, one of the primary responsibilities is to deal with strange problems or issues that arise. And inevitably some obscure issue will come to the surface during a demo… Since I specialize in Microsoft’s Forefront Identity Manager combined with a previous life as a Windows Server Engineer, I run a fairly comprehensive virtual development and demo lab with about every mainstream Microsoft Server product deployed across an average of 80 virtual servers. Given the right set of circumstances you’ll find products that just don’t play nice together.

After my failed SSPR password reset demo, I went through the standard troubleshooting check list including configuration verification. The first thing I found awry was permissions missing for the FIM Service account on WMI's Root/CIMV2 namespace. Since this was a functioning SSPR environment, I know they had been set previously. In addition, the Root/MicrosoftIdentityIntegrationServer namespace was missing from the tree too. My schedule allowed enough time to repair the issue but not fully perform a Root Cause Analysis to the situation.

Read More

Topics: WMI, PWUnrecoverableError, IT Security, Microsoft Security Partner, Infrastructure Management, FIM, Microsoft SCCM, Identity Management, SSPR, System Center Configuration Manager, Information Technologoy, SCCM, Blog

FIM: Set Membership Based on Group Membership

Posted by Sami Van Vliet on Jan 8, 2013 5:23:21 AM

Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FIM, FIM Sets, FIM Groups, Identity Management, Microsoft AD, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Group Set, Blog, Active Directory, AD

Posts by Topic

see all

Want to Learn more about CSS?