Adventures in identity management
I presented this at the MIM Team User Group meeting last week, but was having some computer issues and apparently people couldn’t hear me. There did seem to be quite a bit of interest from the comments window, so I figured I’d write it up as a blog post. This solution allows an Office 365…
I’m just going to say it – many people in IT don’t give enough thought to requirements. They might think they do, there may even be a document with the word “Requirements” in the title, but are they good enough for the job?
I worked with the FIMWAL in the past on a couple of MCS engagments, but hadn’t yet had the opportunity to use the open-sourced MIMWAL on an engagment. I have, however, just been converting something I’ve done before to all-MIMWAL workflows, in preparation for re-using the concepts on a new project. This is a pretty…
I had a large CSV of data to be loaded in through the FIM Service. Single threading this operation could have taken (literally) days, so I decided to have a go at multi-threading it, and here’s the skeleton script.
I recently wanted to do some analysis of existing groups in a well established AD that has a lot of groups (more groups than users in fact). I was hoping to find groups that looked like good candidates for conversion to role-based (aka criteria-based) groups.
Here’s a picture I once used in a presentation (credited to wallwin.ca) to illustrate the mess access control in directories and applications often looks like when you try and do any kind of review and analysis. These days I don’t go into server and patch rooms all that often, but even so it’s been a…
I’ve had various stabs over the years at tools that will dump out the whole connector space, or just the pending exports, and convert it into a CSV file for easy analysis. They often fall down on two things: the XML file produced by CSExport can be very large (way too big for Get-Content), and…
Most people who work with FIM will be familiar with the “Value Violates Uniquess” errors when you try to export an object through the FIM MA that conflicts with an existing object on an attribute that has enforced uniqueness in the FIM Service. If the duplicate is on a string attribute like AccountName then it’s…
I feel like I’m always trying to convince people that the quality and maintence of identity data is important and worth putting effort into, while they nod and say “sure, sure”, while thinking “this crazy lady knows nothing about reality”. But you know what? I’m not crazy – and here are some reasons why.
I’ve really been neglecting this blog this year. After averaging two posts a month over the previous 8 years of this blog (yes it really has been that long – started May 2007), 2015 just hasn’t been much of a blogging year so far. Partly that’s because of the FIM Team User Group – with…