DCSIMG
Patrick Layani

Patrick Layani

Sharing my thoughts...

Technical resources for Microsoft Office 365

Guides and General Information

Requirements

Setup

Tools

Deployment & Migration

Development

Plans & Pricing

Support

MIIS 2003\ILM 2007\FIM 2010 support for IPv6

A knowledge Base has been published this week and gives information about Identity Management versions support for IPv6

Microsoft Identity Management software support for Internet Protocol version 6:

This article explains the support for Internet Protocol version 6 (IPv6) addressing in the following Microsoft identity management products.

  • Forefront Identity Manager 2010 (FIM)
  • Microsoft Identity Lifecycle Manager 2007 (ILM 2007)
  • Microsoft Identity Integration Server 2003 (MIIS 2003)

The following table lists the Internet Protocol version 6 (IPv6) support:

Forefront Identity Manager 2010 (FIM) Full IPv6 Support
Microsoft Identity Lifecycle Manager 2007 (ILM 2007) No IPv6 Support
Microsoft Identity Integration Server 2003 (MIIS 2003) No IPv6 Support

Link to the original article: Microsoft Identity Management software support for Internet Protocol version 6 (KB2698014)

FIM Object Visualizer

image

FIM Object Visualizer is a open source tool from CodePlex that helps retrieving FIM configuration in various levels:

  • FIM active Metaverse schema configuration
  • Attribute flow precedence configuration
  • Management Policy Rules
  • Synchronization Rules
  • Workflows
  • FIM Management Agent schema configuration
  • Management Agent configuration
  • Metaverse Schema
  • Replication Configuration

Remark: you must set the execution policy on your FIM server to Unrestricted before and run the tool on it (Set-ExecutionPolicy Unrestricted)

The tool can be downloaded from here

FIM 2010 - Update Rollup 2

Update Rollup 2 (build 4.0.3606.2) for FIM 2010 is available for download here

Video guide to implement Office 365 using Dirsync and ADFS

The link below I a Technet video that describe how to implement Office 365 Using Dirsync (FIM Synchronization Service) for synchronizing users to the cloud and ADFS for Single Sign-On

Office 365: Planning and Automating …

Another helpful video to understand Identity Management for Office 365

Office 365 Identity Management and Federation

FIM 2010 R2 Web Based SSPR using OTP

FIM 2010 R2 will include the possibility to use Self-Service Password Reset using OTP (One Time Password)

The following demo will show

  1. How to include the OTP functionality to the SSPR workflow (and MPR update)
  2. Full registration process
  3. Full SSPR process

Now…

There are two kind of OTP activities

  1. One-Time Password Email Gate
  2. One-Time Password SMS Gate

image

These activities are OOB included in the R2 version but have to be first added and configured in the “Password Reset AuthN Workflow” Workflow as follow (I will use the “One-Time Password Email Gate” in this demo):

Workflow

Go to the “Activities” tab in “Password Reset AuthN Workflow” Workflow, click on “add Activity” and select the “One-Time Password Email Gate” activity

image

Configure the Activity parameters, and “save”

Remark: Look at the registration mode, where there is a possibility to allow user to enter a personal email during the registration step, or not… (will be shown later in this demo)

image

the updated workflow look like:

image

Management Policy Rule (MPR)

Update the “Administration: Administrators can read and update Users” MPR. Add the “One-Time Password Email Address” attribute to the “Target Resources”

Note: You can also add the attribute “One-Time Password SMS Gate” (needed for SMS OTP via mobile)

image

Registration Process

Welcome screen

image

Enter your current password

image

Enter your answers

image

Enter your personal mail address for Email OTP

image 

Done!

image

Self-Service Password Reset

Here’s the procedure of resetting a password with SSPR and OTP

domain\username screen

image

fill the correct answers entered in the registration process

image

Enter the OTP that has been sent to your personal email

image

image

Choose a new password

image

Done!

image

FIM 2010 R2 Release Candidate (RC)

The RC version of FIM 2010 R2 has been updated yesterday (23/11) in Microsoft Connect for download.

This Release Candidate focuses on the new and improved features included in FIM 2010 R2.

  • Reporting
  • Web-based Self-Service Password Reset
  • Improved performance for the initial load of the FIM database
  • Scale and load performance improvements
  • Outlook® 2010 support for the FIM add-ins and extensions
  • SharePoint® 2010 support
  • Improved troubleshooting support

FIM 2010 web service - How to use C# to enable an MPR

So…

After tens of FIM 2010 Installations and configurations I decided to make tings more automatic for me.

Lucky me, the FIM web service is an open source and can be downloaded from Codeplex at the following link: http://fim2010client.codeplex.com/

The web service also include some very useful examples and show how he can be implemented and consumed to create and update resources…

Lets look on the default configuration of the “Anonymous users can reset their password” MPR

image

References:

  1. using Microsoft.ResourceManagement.Client;
  2. using Microsoft.ResourceManagement.ObjectModel;
  3. using Microsoft.ResourceManagement.ObjectModel.ResourceTypes;
  4. using System.Net;

Credentials

  1. NetworkCredential credentials;
  2.                 credentials = CredentialCache.DefaultNetworkCredentials;

Set MPR to enable and change description:

  1. public void EnableMPRByDisplayName(string MPRDisplayName)
  2.         {
  3.             // This example shows the basic steps to modify a resource.
  4.             using (DefaultClient client = new DefaultClient())
  5.             {
  6.                 // set credentials and refresh schema
  7.                 client.ClientCredential = this.credentials;
  8.                 client.RefreshSchema();
  9.               
  10.                 // get the resource object(s) to modify
  11.                 foreach (RmResource mpr in client.Enumerate("/ManagementPolicyRule[DisplayName='" + MPRDisplayName + "']"))
  12.                 {
  13.                     // create the object to track changes to the resource
  14.                     RmResourceChanges transaction = new RmResourceChanges(mpr);
  15.  
  16.                     try
  17.                     {
  18.                         transaction.BeginChanges();
  19.                         //update the required attribute(s)
  20.                         mpr.Description = mpr.Description + " (MPR programmatically set to enable)";
  21.                         mpr["Disabled"].Value = false;
  22.                         // modify the resource on the server
  23.                         client.Put(transaction);
  24.                         // the operation succeeded: accept the changes.
  25.                         transaction.AcceptChanges();
  26.                         // NOTE: after calling AcceptChanges the RmResourceChanges
  27.                         // object does not contain any more changes to propagate to the server.
  28.                     }
  29.                     catch
  30.                     {
  31.                         // an error occurred, so the resource was not modified;
  32.                         // rollback the changes.
  33.                         transaction.DiscardChanges();
  34.                         throw;
  35.                     }
  36.                 }
  37.             }
  38.         }

The result:

image

 

THIS POSTING IS PROVIDED "AS IS" WITH NO WARRANTIES, AND CONFERS NO RIGHTS

FIM 2010 Hotfix is available (build 4.0.3594.2)

A new hotfix for Forefront Identity Manager 2010 is available since 03/11/2011.

The hotfix build 4.0.3594.2 includes all the previous hotfixes:

2502631 (http://support.microsoft.com/kb/2502631) A hotfix rollup package (build 4.0.3576.2) is available for Forefront Identity Manager 2010

2417774 (http://support.microsoft.com/kb/2417774) A hotfix rollup package (build 4.0.3573.2) is available for Forefront Identity Manager 2010

2272389 (http://support.microsoft.com/kb/2272389 ) A hotfix rollup package (build 4.0.3558.2) is available for Microsoft Forefront Identity Manager (FIM) 2010

2028634 (http://support.microsoft.com/kb/2028634) A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010

978864 (http://support.microsoft.com/kb/978864) Update Package 1 for Microsoft Forefront Identity Manager (FIM) 2010

 

For more information and hotfix download: http://support.microsoft.com/kb/2520954

 

RSS for FIM 2010 Hotfixes

SCOM 2007 Management Pack for FIM 2010 is available

The MP is available from 31/03/2011.

Please refer to the following link to download the Management Pack and the guide for Forefront Identity Manager 2010:

Forefront Identity Manager 2010 Monitoring Management Pack

FIM 2010 Synchronization process CPU very high

The FIM synchronization process (miiserver.exe) stays very high even when there’s no activity on  FIM Sync interface.

Solution:

The latest hotfix for FIM 2010 will resolve the problem (KB2028634)

http://support.microsoft.com/kb/2028634

image

Israel Teched 2010 – Forefront Identity Manager 2010

Here’s an extended copy of the presentation of FIM 2010 from the Teched 2010 in Eilat.

Teched 2010 - FIM 2010

I also included the “Workflow Activity Library” code presented for logging workflow (page 32 in the presentation)

The attached code above is based on MSDN documentation How to: Create a Custom Logging Activity and Deploy it to the FIM Portal and is provided “as is” with no warranty.

Exchange 2010 – error message event id 12014

Microsoft Exchange could not find a certificate that contains the domain name server.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default server with a FQDN parameter of server.domain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

clip_image002

In my case the error came from the "Hub Transport".

Because I can't change the FQDN on the Default receive connector, I changed the port (from 25) and disable the Default receive connector.

clip_image004

clip_image005

Then add receive connector with the same configuration as the default receive connector, where the FQDN is the same as the published certificate (ex. mail.mycompany.com)

clip_image007

clip_image008

clip_image010

ForeFront Identity Manager 2010 RC1 is available

ForeFront Identity Manager 2010 (the next version of ILM “2” or ILM 2007) RC1 is available for public download at:

 https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=5adf6c52-ddac-4b86-96ad-0c1baa60bea6&lcid=1033&ci=393

Technical references at:

http://www.microsoft.com/forefront/identitymanager/en/us/technical-resources.aspx

How to forward mail to another account in Outlook Live

First thing is to allow forwarding option on Outlook Live domain:

http://help.outlook.com/en-us/140/dd207270.aspx

 

Then, create an inbox rule:

http://help.outlook.com/en-us/140/bb899620.aspx

 

Create a forwarding rule (as a part of creating inbox rule):

More Posts Next page »