I’ve had this post sitting in draft for a long time and for some reason hadn’t posted it yet – but then today my colleague Matt sent me a link to the Scripting Guy’s PowerShell Holiday Gift Guide. Yes I do love my PowerShell (and I’m hoping that Santa will bring me a copy of…
Search Results for: FIM Best Practice
FIM Best Practice: Create single function Workflows
As much as possible I like to keep my Workflows simple with a minimum number of steps. When updating attributes I prefer, wherever possible, to only update a single attribute per Workflow Definition. So for example I’ll have separate Workflows for “Set DisplayName” and “Set AccountName” rather than rolling the two together in a single…
FIM Best Practice: Separate Grants Permission from Workflow MPRs
MPRs should either have “Grants Permission” ticked, or they should trigger Workflows, but preferably not both.
FIM Best Practice: Clear Run History but keep Import and Export logs
Run History should be regularly cleared to keep your database file sizes under control. There’s also not a lot of point keeping weeks (let alone months or years) worth of run history in the Sync Service. It shows when profiles ran and whether there were any errors, but click on a CS object and you…
FIM Best Practice: Sort out errors
Both in the Sync Service and the Portal there may be regular error messages that we just live with. We’ve figured out they’re “low priority” or perhaps they’re false alerts, where FIM thinks there’s an error but the end result is fine. However, as much as possible, we should aim for a system that runs…
FIM Best Practice: Handle deprovisioning with care
I have two personal rules I always follow when implementing disabling and deprovisioning: Never make decisions on an absence of data, and Never make destructive changes straight away.
FIM Best Practice: Extend within the constraints of what’s “supported”
The extensibility of FIM has always been one of its great features – allowing us to tailor it to suit the specific needs of the environment. But don’t get carried away!
FIM Best Practice: Document Test Cases
I am not aware that anyone has has yet found a way to automate full testing of a FIM solution. I know some people unit test their extension code but that doesn’t tell you anything beyond the inputs and outputs of the code. Full testing may need to encompass data entry in the Portal or…
FIM Best Practice: Have Development and Test environments
For anything above the simplest GALSync deployment, and particularly if you have the FIM Portal, you must have development and test environments. There are always a number of different ways you can approach each problem, and you need a suitably representative Dev environment to try them all out. Meanwhile Test should be as close to…
FIM Best Practice: Present data to the Sync Service in a sync-ready format
The Sync Service is good at maintaining connections between objects, and synchronising data between them. What it has never been so good at is constructing data from complex rules and lookups, so as much as possible, do the complex processing outside the Sync Service and present the data in a way that it can use…