In this post I discussed some ways to simplify an MIIS/ILM installation, with a view to making it more efficient and easier to troubleshoot and maintain. I have a few more points for the list.
Category: MIIS 2003
Minimum AD permissions needed by ILM
The AD management agent uses an account to connect to AD and, more often than not, this account is a member of Domain Admins.Â However in someÂ organisations this is not acceptable. So what rights does it actually need?
KISS your MIIS installation
Maybe it’s because MIIS is a sort of infrastructure thing, so is given to a time-pressed system administrator to set up; or because it’s a sort of programming thing, so is given to a .NET developer with no clue about the connected directories; or because there’s a lack of good training; or no clear guidance…
Disable – Delete
A common requirement is that user accounts should go through a disabled stage of some length before being deleted. This makes excellent sense, particularly in AD with its fastidiousness concerning SIDs. In this post I outline a way to achieve this in AD using a datestamped attribute, export flow rules and provisioning code.
Troubleshooting missing group member errors
In some implementations, it makes sense (usually by improving performance) to separate your user and group provisioning into seperate MAs. One downside of this approach, however, is that you can run into export errors when trying to update a group with a member who doesn’t exist in the external directory – and this includes delete…
The ILM_Scheduler is now available for download
As promised, I am now making my ILM_Scheduler service source code available for download. In brief, the notion is to optimise ILM/MIIS scheduling through the use of a queue. You add jobs to the queue and they are executed, one at a time, and in order of priority. You can schedule a job by adding…
Hacking the import/export logs
Here’s a trick that is worth knowing – though I’m only recommending it for TEST ENVIRONMENTS – consider yourself warned. You may haveÂ noticed theÂ “test only”Â log file options on the import and export run profiles. Being able to stop the run at the log file is incredibly useful for testing what would have been exported, without…
The Dreaded Transaction Log
Why oh why does MIIS have such an insatiable appetite for transaction log space? I’m afraid I can’t answer this, but I can share a few tips.
My ILM_Scheduler service
I’m working on a great project at the moment – basically ILM is the provisioning engine sitting behind a self-registration system written in Sharepoint and built on SQL. This has finally given me the opportunity to re-write my simple ILM scheduler as a windows service!
SQL 2005 MA: Export and Delta Import
I use a lot of SQL MAs. While ILM/MIIS is great at syncing data between directories, it really isn’t that great at calculating and comparing. As much as possible I like to do the data manipulation in SQL, and then keep ILM to what it’s best at – joins and syncs. After exporting data to…