Important about FIM Hotfix Rollup Package (build 4.0.3594.2)

November 17, 2011 at 1:19 AMHenrik Nilsson

Fellow FIM MVP David Lundell has written a great article about the problem of using wildcards (% and _) in FIM XPath queries (Sets, Groups, Search Scopes etc.). The problem lies in that Microsoft has made the choice to treat these wildcard characters as literals instead of wildcards meaning that installing FIM Hotfix Rollup Package 4.0.3594.0 could break your FIM implementation.

Go ahead and read Davids article:

What the %_ is the deal with wildcards in FIM Queries in the latest hotfix?

Posted in: Forefront Identity Manager

Tags: , , ,

Role Management in FIM?

September 23, 2011 at 4:38 PMHenrik Nilsson

It was announced today that Microsoft acquires “certain Assets”of BHold company but the roadmap isn’t clear yet.
Unaware of all products from BHold I guess it’s BHold’s Role Management pieces Microsoft lays their hands on or at least I hope it is…

Read more here:
Microsoft’s “Pathway”
Kuppinger Cole’ announcement

I wonder what this means for Omada? Or as Ian Glazer(Gartner) says:
If you get acquired by Microsoft (or Quest), you win! If you don’t get acquired, you lose and the risk to your market increases.  BHOLD wins the Microsoft IAG lottery

Posted in: Forefront Identity Manager | FIM 2010 R2 | Identity Management

Tags: , ,

The FIM Beta Exam 71-158 is available

July 20, 2011 at 7:25 PMHenrik Nilsson

Hurry up if you wish to take it, it’s been made available today and the beta period will end the 4:th of August.
You can read more on how to sign up at Born To Learn.

Unless you’ll be able to take the beta exam the real exam will according to what I’ve heard be available sometime between September and November.

Posted in: Forefront Identity Manager | Exam


MCT and FIM Courses in Sweden

January 3, 2011 at 9:29 PMHenrik Nilsson

I’m proud to announce I’m now a Microsoft Certified Trainer and this spring I’ll hold the 4 day Implementing Forefront Identity Manager 2010course at Cornerstonein Stockholm, Gothenburg and Malmö (in Swedish). If you’re interested to attend the course go ahead and visit Cornerstone and don’t be confused Cornerstone calls the course T207.


These are the preliminary course dates:

  • 22-25 February in Malmö
  • 15-18 March in Stockholm
  • 5-8 April in Gothenburg
  • 3-6 May in Stockholm

Posted in: Forefront Identity Manager | Identity Management

Tags: , ,

SQL Server 2008 R2 is supported for FIM

December 9, 2010 at 2:33 PMHenrik Nilsson

A little bird whispered in my ear that SQL Server 2008 R2 is now supported for FIM 2010 from yesterday, still no update of the Hardware and Software Requirements and nothing about an update for making the installer work but hopefully we’ll hear about it soon.

Posted in: Forefront Identity Manager | Identity Management

Tags: ,

ADFS 2.0 Attribute Store for FIM

December 5, 2010 at 11:47 AMHenrik Nilsson

I know, I haven’t been blogging as much as I should but a lot of work and a whole bunch of interesting development projects have been taking up my time but I’m very pleased I can finally report that one of these projects have reached it’s first release to CodePlex.

FIM is of course the ultimate place for attributes to issue as claims using ADFS 2.0 since you typically store attributes from all different kinds of connected directories there. Not only will you be able to issue standard attributes - you can do lookups for groups, sets or roles and publish these as claims as well, perfect for authorization scenarios.

The footprint on ADFS 2.0 is minimal and it doesn't require more than the usual attribute store configuration. The attribute store also comes with a command-line test client that allows you to get the communication with FIM correct and also enables you to run custom queries against FIM. The test client is pretty much a command-line version of the FIM Query Tool once published by Joe Zamora from Ensynch except it uses the attribute store under the hood that also can be attached directly to ADFS 2.0.

It's currently in Beta so please try it out and report issues to the project page on CodePlex so that I can make it better!

The ADFS 2.0 configuration of the attribute store.

ADFS 2.0 Attribute Store for FIM

Example output from the Test client.

Test client example output

Posted in: ADFS | Federation | Forefront Identity Manager

Tags: , ,

PowerShell Activity for FIM

September 4, 2010 at 8:31 AMHenrik Nilsson

Carol(MissMiis) has created a really nice activity for executing PowerShell scripts, both local and remote and it opens up for all kinds of possibilities! Check it out!

Posted in: Forefront Identity Manager | Identity Management | Workflow

Tags: , ,

Detecting Non-Authoritative Accounts

January 7, 2010 at 12:45 AMHenrik Nilsson

I’m currently working with Markus Vilcinskas on a couple of FIM Experts articles on how to detect non-authoritative accounts. Today we published the first two parts were the second part also contains an in depth description on how object state detection works. Enjoy!

Detecting Non-Authoritative Accounts – Part 1: Envisioning

Detecting Non-Authoritative Accounts – Part 2: Design


Technorati Tags:

Posted in: Forefront Identity Manager | Sync Rules | Non-Authoritative Accounts | Object State Detection


FIM 2010: How to let non-admin group owners manage their groups

December 2, 2009 at 6:57 PMHenrik Nilsson

I turns out there’s a lot of things that needs to be in place before this is made possible…

Usage Keyword

Usage keywords are required for letting non-admin users see portal design elements like navigation bar and home page resources but also for letting them being able to use search scopes. The keyword for letting non-admin users take part of these objects is BasicUI…

1. Under Administration and Home Page Resources select the “Manage my SG’s” and add the keyword BasicUI as usage keyword.


2. Go back to Administration and select Navigation Bar Resources. Select the “My SG’s” navigation bar resource and add the BasicUI keyword to this one as well.

3. Go back to Administration again and select Search Scopes. Add BasicUI as Usage keyword to the “My Security Groups” Search Scope


There is two MPR’s that allows for group owners to manage their groups. Both of these are disabled by default.

4. Go back to Administration and in to Management Policy Rules. Open and enable these two MPR’s:

  • Security group management: Owners can read selected attributes of group resources
  • Security group management: Owners can update and delete groups they own


5. Done!


The usage keyword stuff is poorly documented but I hope this will be better…

Posted in: Forefront Identity Manager | Portal Management

Tags: , , ,

How to load balance FIM

November 23, 2009 at 11:26 AMHenrik Nilsson

Darryl Russi have posted a great article on how to configure for more than one instance of the FIM Service.
If you haven’t discovered Darryl’s blog yet, make sure you bookmark it or add a feed subscription!

Service Partitions - Multiple Middle Tiers, Request & Workflow Processing

Posted in: Forefront Identity Manager | Identity Management | Workflow

Tags: ,