Pending Exports reporting script

I’ve just posted an updated version of my PendingExports.ps1 script here. The script parses the pending exports XML file produced by csexport.exe and produces single- and multi-value CSV files that you can import into Excel (split on the semi-colon). I’ve been tinkering with this script for years. This one now includes all current attribute values…

Lithnet AutoSync Trigger Scripting

After many years automating my MIM solutions with Event Broker/UnifyNow, I’m implementing a solution with Lithnet AutoSync. The result is the same event-driven sync as I’m used to, but I’ve had to get used to the different way AutoSync works. I always liked how Event Broker allowed me to integrate PowerShell scripts with run profiles,…

A simple PowerShell way to do Rules-based groups in AD

I’ve been helping a customer along the path towards a proper IAM solution, which has involved a lot of data clean-up, as it so often does. Criteria groups in MIM can encourage data quality as users don’t get the groups they need if their attributes aren’t correct – so I thought, how about getting them…

IAM Maturity and product selection

I have just completed a product selection exercise with a customer who has past experience of a failed solution with one of the Big Vendor products. In doing this I found it useful to refer to the Gartner IAM Maturity Model, because what is the use of fancy (/expensive) features if you don’t actually have…

Sources of Truth – again!

I’ve blogged about sources of truth, and specifically what makes a good one, before (in 2012 and again in 2016) but I’ve recently thought about an important feature of a SoT that I hadn’t included on my list before. So to recap, a good source of truth: is probably one of a number of sources…

Realms of Integration

This is a slightly updated picture from one I posted on twitter the other day. It’s an attempt to express my general view on high level “should be possible” integration conversations that get misunderstood as “clearly simple and straightforward and definitely happening”. In my mind I’m arguing against tightly-coupled integrations between disparate systems that do…

The perils of HR out-sourcing to an IAM solution

Over the years, I’ve been called in a few times when HR and/or payroll functions are being outsourced (or share-serviced, which is much the same thing), and this includes a migration to a new HR platform. Typically I have been brought in far too late in the proceedings when cost-cutting and service-simplification decisions have already…

How IDAM solutions cost you money

Anyone who’s been in the IDAM game for a while knows that IDAM solutions are hard to sell. We can be seen as pushing something customers “already have” – even though what they already have is a combination of manual process, scripts, inconsistent data and a tangled web of access “control” that no one really…

Portrait of a MIM project

I recently deployed a MIM 2016 solution into Production that took about 10 months to build, test and deploy. I decided to take a look at the percentage of overall time spent on broad work categories in the whole project, and that’s what this post is about. First I had to get the data on…

Role Mining, and why it’s a fantasy

Over the years I’ve had a play with a few role mining tools, and while I can’t claim that as any type of industry review, it did leave me with a general feeling that the whole concept is a fantasy. The main problem I have is that role mining assumes there is a logical structure out…