Identity management is made a heck of a lot easier if you have a fool-proof way of identifying someone – no wonder governments are so keen on the idea of identity cards. I make no claim either way on the id cards, but I will say that unique identifiers make ILM/MIIS system so much easier to run [...]
In the early stage of your ILM project, or whenever taking over some new aspect, It’s worth putting some effort in to drawing a clear picture for whoever has the job of approving your change. What I try to do is produce a spreadsheet that shows, very clearly, the adds and deletes; and in the [...]
ILM is tricky to learn whichever way you approach it. If you’re from a sys admin background, like me, then the dawning realisation that you have to code may come as rather a shock.
I had an interesting chat with an ILM collegue the other day, and one of the topics that came up was whether you should ever, under any circumstances, call external processes from extension code. The prohibition on calling external processes from provisioning (MVExtension) code is clear and well accepted (see the Calling External Processes section [...]
I’ve found myself repeating this on MMSUG a couple of times recently, so a post is probably in order. Don’t go deleting everything just because a CS object disappears! There’s a dangerous little form in the Metaverse Design section of Identity Manager which allows you to set your Object Deletion Rule. By the simple expedient of [...]
Just spent the morning looking at Jackson Shaw’s IdM and AD blog. Jackson once worked at Zoomit, the company that created the original MIIS, before being bought out by Microsoft. He’s now at Quest, who seem to doing some interesting things with IdM, including tools which integrate with MIIS. Perhaps I’ll get to have some hands-on [...]
When planning delta imports from SQL, thought needs to be given to clearing down the delta tables. If you have any type of code running in response to the imported data then you have to accept that import errors will occur, some of them not even your fault! What should happen to the rows in [...]
Early on in my MIIS project I had a consultant in to give me some pointers. He showed me how to create two functions ShouldObjectExist and ReadyForCreation at the top of my MVExtensions, and use them to control provisioning. Private Function ShouldObjectExist(ByVal mventry As MVEntry) As Boolean << Evaluate mventry to determine if CS object should [...]
OK I’m only going off the basis of two projects here – one that failed dismally and another that succeeded nicely – so this list is by no means complete … but it does express a few concepts that I had cause to reflect on, while getting that second, successful project up and running. In summary, my key [...]
