Skip to content

{ Category Archives } MIIS 2003

OpenLDAP Provisioning

After getting the OpenLDAP XMA working on FIM I hoped it would be possible to provision to it using FIM codeless sync. Unfortunately the conclusion I have come to is No, it isn’t.

2010 08 27 Carol FIM 2010
ILM 2007
OpenLDAP Comments (0)

Phase One Joins and Data Matching

I’ve just posted a new Greatest Hits article on the ILM forum on the subject of how ILM (or the FIM Sync Service) can be used to clean up the mess of existing accounts, before you can actually get  on to the more interesting tasks of provisioning and updating. With the way FIM codeless sync works, [...]

2010 06 03 Carol FIM 2010
ILM 2007 Comments (6)

ConnectionChangeTime

This got me out of a pickle today. A slip-up in a join rule caused hundreds of bad joins to be made. There were far too many to un-do by hand, but then I figured out I could add a few lines to the Provisioning Sub of the MVExtension to remove all the joins made [...]

2010 02 25 Carol ILM 2007 Comments (0)

Account Deprovisioning Scenarios

I just posted this article in the Greatest Hits series of the ILM Technet forum. It describes some of the methods and considerations around disabling and deleting users accounts with ILM.

2010 01 26 Carol ILM 2007
Uncategorized Comments (0)

More KISS tips

In this post I discussed some ways to simplify an MIIS/ILM installation, with a view to making it more efficient and easier to troubleshoot and maintain. I have a few more points for the list.

2008 11 01 Carol ILM 2007
newbie Comments (0)

Minimum AD permissions needed by ILM

The AD management agent uses an account to connect to AD and, more often than not, this account is a member of Domain Admins. However in some organisations this is not acceptable. So what rights does it actually need?

2008 10 08 Carol AD
ILM 2007 Comments (0)

KISS your MIIS installation

Maybe it’s because MIIS is a sort of infrastructure thing, so is given to a time-pressed system administrator to set up; or because it’s a sort of programming thing, so is given to a .NET developer with no clue about the connected directories; or because there’s a lack of good training; or no clear guidance on [...]

2008 09 15 Carol ILM 2007
newbie Comments (0)

Disable – Delete

A common requirement is that user accounts should go through a disabled stage of some length before being deleted. This makes excellent sense, particularly in AD with its fastidiousness concerning SIDs. In this post I outline a way to achieve this in AD using a datestamped attribute, export flow rules and provisioning code.

2008 09 10 Carol ILM 2007 Comments (19)

Troubleshooting missing group member errors

In some implementations, it makes sense (usually by improving performance) to separate your user and group provisioning into seperate MAs. One downside of this approach, however, is that you can run into export errors when trying to update a group with a member who doesn’t exist in the external directory – and this includes delete [...]

2008 09 04 Carol Groups
ILM 2007
Logs
VBScript Comments (0)

The ILM_Scheduler is now available for download

As promised, I am now making my ILM_Scheduler service source code available for download. In brief, the notion is to optimise ILM/MIIS scheduling through the use of a queue. You add jobs to the queue and they are executed, one at a time, and in order of priority. You can schedule a job by adding [...]

2008 08 30 Carol ILM 2007
VB.NET
VBScript Comments (0)