MPRs should either have “Grants Permission” ticked, or they should trigger Workflows, but preferably not both.
FIM Best Practice: Separate Grants Permission from Workflow MPRs
Posted on
Category: Best Practice
FIM Best Practice: Clear Run History but keep Import and Export logs
Posted on
Run History should be regularly cleared to keep your database file sizes under control. There’s also not a lot of point keeping weeks (let alone months or years) worth of run history in the Sync Service. It shows when profiles ran and whether there were any errors, but click on a CS object and you…
FIM Best Practice: Sort out errors
Posted on
Both in the Sync Service and the Portal there may be regular error messages that we just live with. We’ve figured out they’re “low priority” or perhaps they’re false alerts, where FIM thinks there’s an error but the end result is fine. However, as much as possible, we should aim for a system that runs…
FIM Best Practice: Handle deprovisioning with care
Posted on
I have two personal rules I always follow when implementing disabling and deprovisioning: Never make decisions on an absence of data, and Never make destructive changes straight away.
FIM Best Practice: Extend within the constraints of what’s “supported”
Posted on
The extensibility of FIM has always been one of its great features – allowing us to tailor it to suit the specific needs of the environment. But don’t get carried away!
FIM Best Practice: Document Test Cases
Posted on
I am not aware that anyone has has yet found a way to automate full testing of a FIM solution. I know some people unit test their extension code but that doesn’t tell you anything beyond the inputs and outputs of the code. Full testing may need to encompass data entry in the Portal or…
FIM Best Practice: Have Development and Test environments
Posted on
For anything above the simplest GALSync deployment, and particularly if you have the FIM Portal, you must have development and test environments. There are always a number of different ways you can approach each problem, and you need a suitably representative Dev environment to try them all out. Meanwhile Test should be as close to…
FIM Best Practice: Present data to the Sync Service in a sync-ready format
Posted on
The Sync Service is good at maintaining connections between objects, and synchronising data between them. What it has never been so good at is constructing data from complex rules and lookups, so as much as possible, do the complex processing outside the Sync Service and present the data in a way that it can use…
FIM Best Practice: Recall attributes on disconnection
Posted on
There’s a box you can tick on the Deprovisioning Options page in your MA configurations – it says “Do not recall attributes on disconnection”. My advice: don’t tick this box.
FIM Best Practice: Always have Join rules, and simple ones at that
Posted on
When creating an MA that is a projection source or a provisioning target it is easy to overlook the join rules, as the objects are effectively already joined. But you should still have them. The other part to this is about complex join rules. While joining a new directory for the first time you may…