Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

Note-to-self: #FIM2010 R2 SP1 Mainstream Support

Wed 10 Dec 2014 Leave a comment

Source: FIM TechNet forum post on FIM 2010 R2 SP1 Mainstream Support

Microsoft Product Lifecycle Search for FIM 2010 R2:


There is more info on  Microsoft.com/lifecycle which is relevant. From this site (first section in  FAQ):
Microsoft will offer a minimum of 10 years of support for Business, Developer, and Desktop Operating System (consumer or business) Software Products. Mainstream Support for Business, Developer, and Desktop Operating Systems will be provided for 5 years or for 2 years after the successor product (N+1) is released, whichever is longer.
Microsoft will also provide Extended Support for the 5 years following Mainstream support or for 2 years after the second successor product (N+2) is released, whichever is longer. Finally, most Business, Developer, and Desktop Operating System Software products will receive at least 10 years of online self-help support.”

R2 is a minor release and not a vNext product. FIM2010 is the main vNext product and it defines the lifecycle. R2 is a minor release and it will inherit the lifecycle from the main release.

You will find the same policy for other R2 releases, such as Windows Server 2012R2.

At the time MIM vNext is released, FIM2010 will automatically get its support extended by 2 years to summer 2017. That should give customers enough time to upgrade from FIM to MIM even if they start with FIM today. The support statement is on the Lifecycle page is likely to be updated at the moment of RTM of vNext.

And, as announced at TechEd, MIM RTM scheduled for mid-2015.

Note-to-self [NL-BE]: recent security news items

Wed 10 Dec 2014 Leave a comment

Recently ZDNet published some interesting content on Identity, (Cyber)Security and disaster recovery.

Must read: Gratis Executive Guide: IT-security en riskmanagement


Wat te doen bij een inbraak in uw bedrijfssystemen


Dataverlies vier keer zo groot als vorig jaar

Downtime kost (grote) bedrijven 2 miljoen per jaar


Top tien security-fiasco’s van 2014


Categories: Security

Note-to-self: Microsoft at Gartner Identity & Access Management Summit

Wed 26 Nov 2014 Leave a comment

You probably recall that, last year, there was quite some confusion regarding the availability of the MS products on the Magic Quadrant for Identity & Access, right? Well, here is some good news.

Source: http://blogs.technet.com/b/enterprisemobility/archive/2014/11/26/microsoft-at-gartner-identity-amp-access-management-summit.aspx

“December 2-4, 2014 Microsoft will be participating in the Gartner Identity & Access Management Summit in Las Vegas, NV as a Platinum sponsor.

Building on our recent momentum around Identity-as-a-Service and on-premises Identity & Access Management, Microsoft will be featuring our solutions at a booth staffed by Microsoft IAM professionals who will be providing an overview, demonstrations and answering questions.

Please join Microsoft Tuesday December 2, 2014 at 2:45PM at the conference for our dynamic presentation “Azure Active Directory Explained.”

Microsoft Azure Active Directory will be highlighted including analysis and deep information into our market-leading solution, roadmap and customer insights.

We will also be discussing the recently-released Microsoft Identity Manager Public Preview and will be providing technical demonstrations of our Identity & Access Management solutions.

Come join us at the Gartner Identity & Access Management Summit reception, presentation and booth to discuss Microsoft Azure Active Directory and Microsoft Identity Manager.”

As you have seen there was and there is a hopeful lot of activity on Microsoft Identity Management.
Alive and kicking. Better know it.

Gift from the PG for the #MSIM2015 fans: download VMs

Wed 26 Nov 2014 Leave a comment

Source: https://connect.microsoft.com/site433/Downloads

Just a few days ago the FIM/MIM product group released some interesting stuff on the Connect platform: the MIM 2015 PAM Preview – Step up experience based on VMs.

I certainly advise to use the Microsoft File Transfer Manager (Download manager), as you’ll need to pull around 16GB of data down your internet link.


Here’s what you get:

Files to download:

File name File size
TLG MIM PAM V1.7 Lab Guide on VMs release.docx 124 KB
CORPWKSTN.zip 273,56 MB
VHD.zip 11.078,55 MB
PRIVDC.zip 400,44 MB
PAMSRV.zip 4.361,74 MB
CORPDC.zip 475,18 MB

How easy can it be?

New hotfix rollup released for #FIM2010 R2 (now build 4.1.3613.0)

Wed 26 Nov 2014 Leave a comment

Source: http://support2.microsoft.com/kb/3011057

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

BHOLD Attestation

Issue 1

  • Symptoms: When a steward is added to an in-progress campaign, the steward receives the “New entries for Steward” email.Changes after the fix: When a steward is added to an in-progress campaign, the steward receives the “Instance Start” email.


Issue 1

  • Symptoms: When a user has conflicting ABA roles, and the user’s “EndDate” field is changed through the BHOLD Core UI, the user may be assigned an incorrect role.Changes after the fix: Changing the user’s “EndDate” field does not affect any other ABA role attributes.

BHOLD Core and FIM provisioning

Issue 1

  • When you use the Access Management Connector, and an import is performed immediately following an export that caused ABA role membership changes, the import may indicate that users have fewer permissions than are assigned by either their previous or new role memberships.After you install this fix: If an import is performed immediately following an export that caused ABA role membership changes, the import indicates that users have the permissions assigned by either their previous or new role memberships. After queue processing is completed, the import indicates that users have the permissions that are assigned by their new role memberships.

Issue 2

  • In some deployments, deletion of multiple groups through the Access Management Connector is not successful if there are two or more pending exports. After you install the fix, the deletion of multiple groups through the Access Management Connector is successful.

Issue 3

  • In some deployments, export of changes through the Access Management Connector to OU objects that specify a new parent OU do not take effect.
  • After you install the fix: A Parent OU can be changed from root to any other OU through the Access Management Connector.

FIM Service and IdentityManagement Portal

Issue 1

    • Some text that is displayed in the FIM Portal and added to email templates always uses the English language. For example, this issue occurs in the Display Name of Approval objects.
    • After you install the fix: The string translation for objects that are created by the FIM Service in the FIM Service database is performed according to the FIM Service account locale that was in effect when the object was created. Note that this functionality is not affected by the client browser locale.
    • To change the language that is used for string translation to a setting other than English, log on to each computer where the FIM Service is installed as the FIM Service account, and then set the locale for this account through Control Panel.

Issue 2

  • Creating synchronization rules in the FIM IdentityManagement Portal fails to load connected system object types in the External System Resource Type drop-down list. This behavior may occur if the size of the connector instance definition (ma-data) is larger than the 14 MB default WCF message size limit in the ResourceManagementClient configuration. This size is configured by using the maxReceivedMessageSizeInBytes property of the ResourceManagementClient.

Before you apply this fix, maxReceivedMessageSizeInBytes values that are configured in the web.config for the IdentityManagement Portal are ignored in favor of the default setting. After you apply this fix, the maxReceivedMessageSizeInBytes setting is applied.

Note that this setting is case-sensitive.

For more information about this setting, go to the following Microsoft website: Registry keys and configuration file settings in FIM 2010 (http://technet.microsoft.com/en-us/library/ff800821(v=ws.10).aspx)

FIM Certificate Management

Issue 1

    • Online certificate updates are failing because of a constraint violation.

Issue 2

  • The FIM Certificate Management (CM) exit module does not honor the CT_FLAG_DONOTPERSISTINDB flag on a certificate. This may cause many certificates to be written to the FIM CM database. This, in turn, causes performance issues.
  • After you install this fix, the FIM CM exit module honors the CT_FLAG_DONOTPERSISTINDB flag on certificates, and those certificates are not written to the FIM CM database.

FIM Clients (Portal, Outlook, Windows logon)

Issue 1

  • After you install the FIM Windows logon extension, and then you (or a user) try to log on to the computer through a remote desktop, you must enter your credentials two times.
  • After you apply the fix, remote desktop logons work as expected.

Synchronization Service

Issue 1

    • The Synchronization Service crashes during an Export run profile run on a SQL Server management agent.

 Issue 2

    • When you run a Delta Import on the FIM Service management agent, the MIIServer.exe process terminates with a CLR_EXCEPTION_SYSTEM.APPDOMAINUNLOADEDEXCEPTION exception.
    • After you install this fix, the race condition that triggers this exception no longer occurs.

 Issue 3

  • If a synchronization rule uses the NULL() function in an incoming attribute flow rule, returning NULL() is seen as a value instead of being blank, and attribute precedence does not continue to the next precedent incoming attribute flow. After you apply this fix, attribute flow precedence on incoming attribute flow rules that use the NULL() function works as expected.

Password Change Notification Service (PCNS)

Issue 1

  • The following error message is logged:
  • 6914 The connection from a password notification source failed because it is not a Domain Controller service account.
  • After you install this fix, adding a backslash character to a domain name causes the function to return the domain controller Security Identifier (SID) instead of an empty user SID.

FULL Detail at: http://support2.microsoft.com/kb/3011057

Categories: FIM, FIM2010, Hotfix Tags: , ,

#FIM2010 quick links & resources overview

Tue 25 Nov 2014 Leave a comment

This page is a collection of bookmarks to quickly find FIM article collections and references Short URL = http://aka.ms/fimbookmarks Getting started with FIM 2010 – Resources for FIM starters This article contains a limited set of links that are used frequently for fresh starters in FIM. Short URL = http://aka.ms/starttofim FIM 2010 Best practices – article collection http://aka.ms/fim2010bestpractices


Learning material for FIM Starters


A collection of a lot of FIM related pages, short cuts, …


Features to be deprecated in vNext


Planning FIM security, services & accounts


FIM disaster recovery planning guidance


Details about MIIS/ILM/FIM releases


FIM Hotfixes info


FIM tagged articles on Wiki


All FIM Articles on TN Wiki


FIM Technet Forum

Note-to-self: free Executive Guide: IT-security en riskmanagement #ZDNet

Tue 25 Nov 2014 Leave a comment

Source: http://www.zdnet.be/continuity/159407/gratis-executive-guide-it-security-en-riskmanagement

As add-on to their free seminar on businesscontinuity (11/dec) ZDNet offers a free guide on IT-security and riskmanagement.

It offers 10 IT-riskmanagement domains that are often forgotten. The guide also offers a simplified framework on IT Risk management for SMB.

Further more the guide discusses useful topics on risk management, to determine the possible risks and how to implement control mechanisms on insider threats.

Download the executive guide here.


Get every new post delivered to your Inbox.

Join 56 other followers