Wednesday, January 09, 2013

FIM 2010 R2 SP1 Ships–New PowerShell Commands!

Paul Smith installed SP1 and ran get-command over miis.ma.config and voila!  New commands!  they seem to be related to the ADMA and password sync configuration, but unfortunately they shipped without help (boo!) so one can’t be sure yet.
The bits on TechNet and MSDN ship ahead of documentation, which is fine, so we’ll have to wait to see the docs for the new PowerShell goodness.

UPDATE:

I cornered somebody and got more detail ;-)  The new commands support a new feature that was hinted at on some of the slides we saw at the Redmond Identity and Access Summit whereby DirSync synchronizes objects and attributes, AND passwords.  Not sure if anybody else noticed it, but it was simply the word 'Passwords' on one of the slides.  That hints at a solution for customers that do not want to use ADFS with Office 365, but would rather have password synchronization.  As far as I know, this isn't real password synchronization (phew!) so DirSync will not be messing with clear-text passwords, but instead dealing with hashes, which explains the keyword 'hash' in the new commands. 
The new commands for this feature are:
  • Get-PasswordHashSyncConfiguration 
  • Set-PasswordHashSyncConfiguration
  • Remove-PasswordHashSyncConfiguration

No comments: