PKI Blog

Deleting a Large Number of Objects from the FIM Service with PowerShell

Posted by Sami Van Vliet on Jun 3, 2014 10:49:10 AM

Deleting a large number of objects from the FIM Service can be accomplished in several ways:

Read More

Topics: Delete objects FIM, Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, PowerShell, FIM Service

FIM 2010 R2 Unattended Install Where You Want It

Posted by Laurin Kline on May 5, 2014 6:47:15 AM

Recently we started using a custom script to install and configure FIM in a consistent manner. During more than a few manual installs, I’ve been asked to install FIM into a drive or directory other than “C:\Program Files\Microsoft Forefront Identity Manager\2010," so I knew the script would need to have this capability. After finding and reading the “Unattended Installation of FIM 2010 R2” post, I spent a great deal of time searching the internet which led me to the not well documented option, INSTALLDIR=”” that allows the unattended install of FIM components to drives or directories other than the default.

Maybe, this something you already knew, but I thought I’d share it, as it wasn’t an obvious choice.

Read More

Topics: installation path, Forefront Identity Manager, FIM 2010, IT Security, Microsoft Security Partner, FIM, FIM Portal, INSTALLDIR64, Identity Management, FIM Service Service, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, install path, FIM Sync Service, FIM 2010 R2, FIM Service

Simplifying FIM Service Migration

Posted by Rex Wheeler on Apr 30, 2014 2:57:26 PM

If you have spent time with FIM you know, and if you have not, you will soon learn that migrating a FIM Service configuration from one environment to another can be very difficult.

Read More

Topics: GitHub FimDelta, IT Security, Microsoft Security Partner, GitHub, FIM, FIM Service Migration, FimDelta, FIM Delta Tool, Identity Management, FIM Service migration process, Migration, Microsoft Forefront Identity Manager, Microsoft FIM, PowerShell migration, Blog, PowerShell, FIM Service

Microsoft Forefront Identity Manager Certificate Management 2010 and Thales nConnect HSM

Posted by CSS Technical Team on Feb 8, 2013 3:49:00 AM

Ever wonder why documents always say use module protect when using FIM CM and Thales HSM together? Why use the HSM in a less secure mode when it is designed to be a K of N device?

Read More

Topics: IT Security, Microsoft Security Partner, Thales, hardware security modules, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Information Security, Blog, FIM CM, HSM

FIM: Set Membership Based on Group Membership

Posted by Sami Van Vliet on Jan 8, 2013 5:23:21 AM

Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FIM, FIM Sets, FIM Groups, Identity Management, Microsoft AD, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Group Set, Blog, Active Directory, AD

FIM 2010 R2 Upgrade - How to Tell MSDN Media Was Used for the 2010 Install

Posted by CSS Technical Team on Nov 20, 2012 3:57:00 AM

With the new features of FIM 2010 R2 such as external SSPR, reporting, and BHold (not to mention all of the other extras - like the the gains in performance, new connectors, etc.), folks are of course interested in updating their FIM 2010 installations.

Read More

Topics: MSDN, FIM 2010 R2 Upgrade, BHold FIM, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, MSDN Media, Blog, FIM Sync Service, BHold, FIM 2010 R2

FIM Service Accounts

Posted by Sami Van Vliet on Oct 2, 2012 6:54:08 AM

FIM requires several service accounts and groups, each with their own configuration requirements. However, there isn’t a single document that I’ve found that lists out all the accounts and the access they need.

This is a compilation of information from various Microsoft articles with information on FIM service accounts.

Full name
Read More

Topics: IT Security, Microsoft Security Partner, SCSM, PCNS, FIM, Setspn, SPNS, FIM Sync, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Password reset, FIM Service Accounts, Blog, FIM Password

Reference Attributes, Group Membership and Shifting Authoritative Sources

Posted by Sami Van Vliet on May 14, 2012 4:43:32 AM

A recent requirement for a project was to have users and groups provisioned from Domain B to Domain A. Simple enough, but a catch was that, as applications were migrated to Domain A, their groups would be “owned” by Domain A, which would now be the authoritative source for all group attributes (in this case, the authoritative source is determined by the OU the group is in in Domain B. The name of this OU is stored in the rules extension configuration file).

A custom rules extension is used to determine which management agent is authoritative, and to be sure the user objects being added to the member attribute are from the appropriate domain.

Read More

Topics: IT Security, Microsoft Security Partner, FIM, Reference Attributes, Group Membership, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog

FIM Multivalued Attribute Tables

Posted by Sami Van Vliet on Jan 24, 2012 4:00:49 AM

I was recently helping someone new to FIM come to grips with the multivalued attribute (MVA) table. The MVA table can be used to populate a multi-valued attribute—in a common scenario, this would be the member attributes of a group object.

Although there are good write ups on how to do this for those familiar with FIM, step by step instructions seemed helpful for those just learning.

Read More

Topics: FIM Multivalued attribute table, Multivalued attribute table, IT Security, Microsoft Security Partner, FIM, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, FIM MVA, Microsoft FIM, Blog

FIM - Multiple MAs and Attribute Precedence

Posted by CSS Technical Team on Aug 22, 2011 10:01:17 AM

Recently, I have been involved in several client projects that involve the distribution and synchronization of user accounts between multiple organizations. This is a little different than the standard synchronization scenario, which assumes that there is one organization, and data flows from an authoritative source, such as an HR data store. An example of this basic synchronization can be seen in Figure 1; assume that we have three domains in our organization, and domain A is authoritative.

Read More

Topics: IT Security, FIM synchronization, Microsoft Security Partner, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, FIM attributes, FIM Metaverse, Blog, attribute precedence

Posts by Topic

see all

Want to Learn more about CSS?