Thursday, December 10, 2009

Microsoft Acquisition of Sentillion

Very interesting, Microsoft intends to buy Sentillion. I worked on a project a few years ago where we used MIIS to sync with Sentillion.

Wonder if this will drive FIM adoption in Healthcare.

UPDATE: Seems like Sentillion integration will make its way into FIM 2010 eventually.

Friday, November 20, 2009

FIM 2010 SDK and IT Pro Docs

FIM 2010 SDK on MSDN
I look in here all the time when trying to figure out the details on how things work in FIM, as well as looking into all the extensibility points. For some reason I wasn't able to find this until just recently.

FIM 2010 IT Pro Docs on TechNet
The IT Pro Docs on TechNet are really useful if you're new to FIM and want to try it out in your own lab. Also handy to sanity checking your lab configurations. The installation guide is especially handy.

Troublshooting Password Resets

FIM Self-Service Password Reset makes use of the FIM Sync Service to deliver the passwords to Active Directory, as described in Anthony Ho's Blog.

When troubleshooting you are probably going to be focusing on different product components:
1. FIM Self-Service Password Reset Client Issues
2. FIM Service Issues
3. FIM Sync Issues

If you've narrowed it down to #3 then it is handy to repro without having to constantly go through the SSPR gates.

To troubleshoot FIM Sync password issues try using PowerShell to call WMI against the ADMA in question. It will quickly tell you what the error is, allowing you to make configuration changes to test different options.

T'here's a WMI script in the MSDN Developer Reference for ILM, but if you look at the bottom of the page there is also a much shorter PowerShell script.

Happy troubleshooting!

Friday, September 18, 2009

TEC 2010 - Got a speaker slot!

I'm honoured to have a speaking opportunity at TEC next year. Hopefully next year I won't lose my voice the night before sessions begin!

Friday, April 17, 2009

Out to Pasture

Some might have noticed (hopefully) that the URL for my blog has changed. The advent of FIM and the passing of the domain name were motivation to change (the URL).


One last gasp though, because I love this logo!

Wednesday, April 15, 2009

ILM2 Renamed to Forefront Identity Manager 2010

Phew, the cat is out of the bag! MMS --> MIIS --> ILM --> FIM
(Couldn't resist a one-up to Brad's SmartArt)










Tuesday, April 14, 2009

Monday, April 13, 2009

YOU Can File HIGH Priority Bugs for ILM2 Too

At TEC I got to chat with somebody from the ILM team and learned something pretty neat. Bugs filed on Connect are not just tossed aside, they actually make it into the ILM team's bug tracking system with high priority. The reasoning is that bugs found while the product is in Release Candidate are customer facing bugs that need high priority.

Enthusiasm here should be tempered, because AFAIK a bug of this priority can still fall victim to "won't fix" unless it has enough support.

The moral of the story is: working with pre-release software is not easy (unless you're running Win7) but if bugs aren't filed then customers and the ILM team lose because those bugs won't get the attention they need.

Exchange Labs MA and Certificate Authentication

Anybody using the Exchange Labs MA may have had a rough time with certificates since the only authentication supported by the MA in R2 was client certificate authentication.

PowerShell is your friend when troubleshooting certificate issues. For example, to verify the existence of the certificate in the correct store you could run this from the PowerShell command line:

Get-ChildItem -path cert:\LocalMachine\Root where {$_.subject -like '*thatschool*'} fl

Output from the command on my computer is:
Subject : E=ed-desk@microsoft.com, CN=sapipartner.com, O=Oxford Computer Group thatschool.org, L=Snohomish, S=WA, C=US
Issuer : CN=Microsoft Secure Server Authority, DC=redmond, DC=corp, DC=microsoft, DC=com
Thumbprint : 49B71EE8925C4028150874C78E8B180E15C75FAD
FriendlyName : Oxford Computer Group thatschool.org
NotBefore : 7/3/2008 7:39:46 AM
NotAfter : 7/3/2009 7:39:46 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}

What does that prove? Well it proves that you've installed the certificate into the correct store so that ELMA can find it. If you still get authentication errors then you've at least ruled this one out.

Tuesday, April 07, 2009

PowerShell Breakpoints!!!

PowerShell is one of those things that is just too cool. For the longest time I've been writing scripts, and when I run out of road with scripts I would resort to managed code. The debugging environment for managed code is excellent with breakpoints and such, which is why I would tend to favour managed code.

Today while fiddling with a PowerShell script I tried running it in the PowerShell ISE (Integrated Scripting Environment). Had this sneaky little icon been named PowerShell IDE I might have clued in earlier.

Anyhow, running scripts in here gives you the command line feel, but also gives you breakpoints if you want to stop a script mid-stride to analyze the environment and variables.

AWESOME!

Sunday, March 29, 2009

Heck of a TEC

Just got back from TEC (OK, I stayed in Vegas longer than I should have). Given the economic turmoil I was worried the sessions would be empty and speakers absent but was very excited to see lots of people and a great crew of speakers. Against the odds Gil, Stella and Christine put on a great show.

The best analogy I have for TEC is the video for "No Rain" from Blind Melon where that funky little bee-girl runs around seeminly confusing the snot out of people as she dances around dressed like a bee in tap shoes. Identity and Access is just like that, we spend all year telling people about it, customers eventually get it, relatives just smile, and spouses do their best, but at TEC we find ourselves surrounded by people speaking the same jargon even if their native language is different, our acronyms are harmonic.

Somewhat absent was the ILM PG, likley constrained by scaled back travel budgets but I missed seeing them all there. Hats off to Andreas and Mark for being on the front lines when the bad news of the ILM delay landed. Those guys had a tough job last week facing all the customers and partners with fear, uncertainty and doubt. Jackson's post on the delay nailed it. This is going to be a tough year for ILM partners but shipping the wrong product would hurt even more.

My TEC 2009 highlights:
  • losing my voice the night before my sessions started
  • Craig (not me) getting booted from the casino
  • pre-con labs running perfectly, and no all-nighters!
  • I love Vegas, but my wallet tells a different story
  • great speakers, and recorded sessions so overlaps don't hurt