Adventures in identity management
I’d like to be able to manage groups through the Portal but, unlike in the one published walkthrough on group management with ILM2, I don’t want to start from scratch. I want to start by importing all the existing groups from AD, and then, well we’ll see how we go. Getting information about my AD…
I can see I have a lot to learn with ILM2 (and I’m still in the “I don’t wanna change” phase, so it’s heavy going), but I’m starting with something familiar, and that is import and export flow rules. I knew that there was going to be a web portal way of doing flow rules…
After successfully installing the ILM2 RC0 server, my next goal was to migrate the data, MAs and extension dlls from a production ILM 2007 server.
So, I have a bit of time this week while the year gets started, and thought I would spend it playing with the latest evaluation version of ILM “2”. I hope to upgrade my company’s system at some point, so my first plan is to see if I can import the existing ILM 2007 database into it –…
The most popular post on this blog continues to be Adding Exchange 2003 Mailboxes to Existing Accounts so I’m guessing this is something a lot of people need to do. ATTENTION: PLEASE SEE this post INSTEAD for the basic method. I hadn’t posted an Exchange 2007 method earlier because I haven’t needed to do it in production, and the ongoing…
In this post I discussed some ways to simplify an MIIS/ILM installation, with a view to making it more efficient and easier to troubleshoot and maintain. I have a few more points for the list.
The AD management agent uses an account to connect to AD and, more often than not, this account is a member of Domain Admins. However in some organisations this is not acceptable. So what rights does it actually need?
Since finally getting around to enabling blog stats I can see the Exchange posts continue to be popular so, to add to the series, here is a step-by-step guide to basic Exchange 2007 provisioning with ILM 2007.
Maybe it’s because MIIS is a sort of infrastructure thing, so is given to a time-pressed system administrator to set up; or because it’s a sort of programming thing, so is given to a .NET developer with no clue about the connected directories; or because there’s a lack of good training; or no clear guidance…
A common requirement is that user accounts should go through a disabled stage of some length before being deleted. This makes excellent sense, particularly in AD with its fastidiousness concerning SIDs. In this post I outline a way to achieve this in AD using a datestamped attribute, export flow rules and provisioning code.