PKI Blog

Best Practices: Optimizing FIM Performance

Posted by CSS Technical Team on Feb 25, 2015 9:58:00 AM

The goal of this article is to provide a checklist for validating Microsoft's Forefront Identity Manager's (FIM) configuration for optimal performance. As there are many different technologies involved in a FIM deployment, I thought it would be helpful to compile a list of articles that would be useful for planning or troubleshooting performance related issues.

This post provides a significant number of things to consider in planning and/or performance optimization of a FIM solution. As with any guidance of this nature, the guidance provided in this article may not apply to all situations and should be earnestly evaluated for applicability against the current design. This document is not specifically arranged in any order or priority, but is intended to form a comprehensive listing of items that may be decreasing performance.

Read More

Topics: Identity Federation, FIM, Identity and Access Management, Forefront Identity Manager (FIM), Identity Management, Microsoft Identity Manager, digital identity, MIM

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Posted by CSS Technical Team on Sep 17, 2014 11:11:00 AM

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

Read More

Topics: Infrastructure Management, Industry Trends, SMS, strong authentication, Identity Management, SSPR, OTP, Blog, Self-Service Password Reset, one-time password, FIM 2010 R2, two factor authentication

PCNS Error 6032

Posted by Sami Van Vliet on Sep 8, 2014 9:45:53 AM

Last week a user reported having reset his password, but it hadn’t changed in the connected HR system.

As this is an indication that the Password Change Notification Service (PCNS) wasn't working, I checked the Event Viewer on the Synchronization Engine server. While I saw several Event IDs indicating that heartbeats were being received from the DCs, there were no Event IDs 6903 for the past several hours. 6903 is the event that indicates a password notification was received from PCNS.

Read More

Topics: PCNS, FIM, Identity Management, Blog, Password Synchronization, Password Change Notification Service

Batch Attribute Updates for Users in Forefront Identity Manager (FIM)

Posted by CSS Technical Team on Jun 25, 2014 11:56:00 AM

A client recently requested the ability to use data in an externally-generated file to perform batch attribute updates for Users in the FIM Service. What made this more complicated than expected was that some of the user attributes, for example Manager, were FIM references.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Forefront Identity Manager (FIM), FIM web service, Identity Management, Microsoft Forefront Identity Manager, Blog, FIM automation, PowerShell

Workplace Join, AD FS 3.0 or OAuth 2.0: Which is Right for You?

Posted by CSS Technical Team on Jun 18, 2014 6:27:00 AM

At first, this question might initially seem like an apples vs. oranges situation. We’ll find out that in some cases it’s not, and that making the best strategic choice for your needs depends on a number of factors.

Read More

Topics: Workplace Join, IT Security, IAM, Microsoft Security Partner, Azure ACS, Microsoft Azure, AD FS 3.0, Identity and Access Management, SAML 2.0, SAML 2.0 via AD FS 3.0, Identity Management, OAuth 2.0, Blog, SaaS, Azure, OAuth, Mobile, BYOD, Windows Azure

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

Deleting a Large Number of Objects from the FIM Service with PowerShell

Posted by Sami Van Vliet on Jun 3, 2014 10:49:10 AM

Deleting a large number of objects from the FIM Service can be accomplished in several ways:

Read More

Topics: Delete objects FIM, Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, PowerShell, FIM Service

Azure Active Directory, ADFS 3.0 and OWIN

Posted by CSS Technical Team on May 12, 2014 9:56:15 AM

With Windows AAD (Azure Active Directory), ADFS 3.0 (Active Directory Federation Service), and OWIN (Open Web Interface for .NET), you will find your corporate individual core identity, making connections between your corporation and the whole world for unlimited opportunities.

Read More

Topics: Federation, Active Directory Federation Service, IT Security, Microsoft Security Partner, AD FS, ADFS 3.0, OWIN Open Web Interface for .NET, Azure Active Directory, Identity Management, OWIN, Open Web Interface for .NET, ADFS, Blog, ADD, Azure

FIM 2010 R2 Unattended Install Where You Want It

Posted by Laurin Kline on May 5, 2014 6:47:15 AM

Recently we started using a custom script to install and configure FIM in a consistent manner. During more than a few manual installs, I’ve been asked to install FIM into a drive or directory other than “C:\Program Files\Microsoft Forefront Identity Manager\2010," so I knew the script would need to have this capability. After finding and reading the “Unattended Installation of FIM 2010 R2” post, I spent a great deal of time searching the internet which led me to the not well documented option, INSTALLDIR=”” that allows the unattended install of FIM components to drives or directories other than the default.

Maybe, this something you already knew, but I thought I’d share it, as it wasn’t an obvious choice.

Read More

Topics: installation path, Forefront Identity Manager, FIM 2010, IT Security, Microsoft Security Partner, FIM, FIM Portal, INSTALLDIR64, Identity Management, FIM Service Service, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, install path, FIM Sync Service, FIM 2010 R2, FIM Service

Simplifying FIM Service Migration

Posted by Rex Wheeler on Apr 30, 2014 2:57:26 PM

If you have spent time with FIM you know, and if you have not, you will soon learn that migrating a FIM Service configuration from one environment to another can be very difficult.

Read More

Topics: GitHub FimDelta, IT Security, Microsoft Security Partner, GitHub, FIM, FIM Service Migration, FimDelta, FIM Delta Tool, Identity Management, FIM Service migration process, Migration, Microsoft Forefront Identity Manager, Microsoft FIM, PowerShell migration, Blog, PowerShell, FIM Service

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?