Adventures in identity management
In some implementations, it makes sense (usually by improving performance) to separate your user and group provisioning into seperate MAs. One downside of this approach, however, is that you can run into export errors when trying to update a group with a member who doesn’t exist in the external directory – and this includes delete…
As promised, I am now making my ILM_Scheduler service source code available for download. In brief, the notion is to optimise ILM/MIIS scheduling through the use of a queue. You add jobs to the queue and they are executed, one at a time, and in order of priority. You can schedule a job by adding…
Here’s a trick that is worth knowing – though I’m only recommending it for TEST ENVIRONMENTS – consider yourself warned. You may have noticed the “test only” log file options on the import and export run profiles. Being able to stop the run at the log file is incredibly useful for testing what would have been exported, without…
Why oh why does MIIS have such an insatiable appetite for transaction log space? I’m afraid I can’t answer this, but I can share a few tips.
I’m working on a great project at the moment – basically ILM is the provisioning engine sitting behind a self-registration system written in Sharepoint and built on SQL. This has finally given me the opportunity to re-write my simple ILM scheduler as a windows service!
I use a lot of SQL MAs. While ILM/MIIS is great at syncing data between directories, it really isn’t that great at calculating and comparing. As much as possible I like to do the data manipulation in SQL, and then keep ILM to what it’s best at – joins and syncs. After exporting data to…
Thanks to Joe Stepongzi for pointing this one out to me: you can flow a metaverse string attribute direct to a connector space relational DN attribute, as long as the metaverse string holds a valid DN.
Function RunProfile – run a MA run profile Sub ArchiveLog – copy import and export logs to a timestamped version, while modifying them to work with a XML stylesheet Function ExportsPending – check if the MA has pending exports Function DeltaImportsPending – check if a Delta table has any lines to import Function RunSSIS – call a SQL 2005…
Identity management is made a heck of a lot easier if you have a fool-proof way of identifying someone – no wonder governments are so keen on the idea of identity cards. I make no claim either way on the id cards, but I will say that unique identifiers make ILM/MIIS system so much easier…
I recently downloaded the ILM “2” beta 3. I’ve had a bit of a play with it, but this post is not going to be in-depth at all – just some random thoughts.