Adventures in identity management
My general negativity about FIM codeless sync aka “declarative provisioning” aka “Synchronization Rule Provisioning” is, I think, reasonably well-known by now. While Markus wrote an excellent document about importing AD groups into the FIM Portal using the codeless rules, I think there are still plenty of reasons to go old skool, and here’s how you’d…
Recently a thread I’d started a long time ago about selective provisioning to the FIM MA bubbled back up to the top of the FIM Forum. At the time it provoked a lot of discussion, with the Microsoft line remaining firmly “ALL metaverse objects must be in the Portal” and many FIM users saying they…
Here’s an example of a UocListView configuration that will add a “Member Of” list to either a User or a Group RCDC. Here I have happened to specify Distribution Lists only.
On my first ever MIIS project we were an OCG customer so were able to use their nice XML library. I can’t remember in great detail what it did, but I’ve always considered the concept a best practise: if there’s anything that you find yourself hard-coding as a constant value in extension code, then you…
One of the requirements for FIM 2010 is to have an email server (preferably Exchange 2007-2010) for notifications and other email-based functionality. But what do you do if you’ve migrated to a cloud-based email solution such as BPOS? You can use a BPOS service account with FIM, but unfortunately you won’t get the Outlook client functionality…
When I first started out with MIIS I found the coding heavy going – but soon realised that the same few extension-writing methods are used for pretty much everything, and the fun bit was just how much I could achieve with them! Now on to FIM and I have struggled every bit as much with…
I have been working on a FIM 2010 workflow activity that will run powershell cmdlets and scripts, and I’m now ready to share the code with you lucky people. The activity should work with both local and remote powershell, bearing in mind the various limitiations that seem to occur when running remote powershell commands through…
After getting the OpenLDAP XMA working on FIM I hoped it would be possible to provision to it using FIM codeless sync. Unfortunately the conclusion I have come to is No, it isn’t.
I had a problem today setting userPassword in openLDAP 3, using the openldapXMA on FIM 2010. I needed to encode the password with MD5 and it looks like there is a change with the .NET libraries running on Windows 2008 x64.
Sometimes, while trying to figure out FIM 2010 custom workflows, it seems to me that everyone else finds this stuff bleedingly obvious – but then I remind myself that actually, I’m not a complete idiot, and if I’m finding it all a bit like wading through chest-high treacle, with submerged barbed wire for added interest, then other…