Below are the issues fixed or added, full detail available in KB article above
Issues that are fixed or features that are added in this update
This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.
FIM Service and Portal
If a FIMService instance loses connection to the FIMService database, it can may stop processing FIM Service MA export requests. This results in failed FIM Service MA exports with a run status of “stopped-server.” Additionally, the following exception is logged in the Forefront Identity Manager event log:
System.Data: System.InvalidOperationException: The requested operation cannot be completed because the connection has been broken.
You use a multivalue attribute in a dynamic set. This dynamic set is used in a Transition Out management policy rule. If two or more elements are removed from the attribute in a single request, and if of the elements triggers the Transition-Out MPR, the request fails, and you receive the following exception:
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other —> System.Data.SqlClient.SqlException: Reraised Error 2627, Level 14, State 1, Procedure DoEvaluateRequestInner, Line 1073, Message: Violation of PRIMARY KEY constraint ‘PK__#1B54B73__5330D0771D3CFFB1′. Cannot insert duplicate key in object ‘dbo.@transitionOutApplicableRuleBuffer’.
When an export run in the FIM Service MA includes updates to the Filter attribute of multiple dynamic groups, a “failed-modification-via-web-services” exception can be returned. When you review the details of the exception that is returned, you see that an SQL Deadlock occurred.
FIM Synchronization Service
In the Active Directory management agent, changes to a multivalue attribute such as proxyAddresses are not synchronized to the metaverse in the following scenario:
- A change to proxyAddresses is exported to the Active Directory for User1.
- A second change is made to proxyAddresses outside the synchronization service.
- A Delta Import run profile is run to confirm the exported changes.
If an exception is thrown by the management agent’s password extension during password synchronization, the password interface at which the exception was thrown is discarded. This can cause high processor usage on the computer that is hosting the FIM Synchronization Service when the computer processes password synchronization to multiple management agents.
After you apply this update, exceptions of type PasswordPolicyException and PasswordIllFormedException no longer discard the password interface. This enables the interface to be reused for another password operation to the connected data source.
If a regular expression policy rule is applied for an ABA role, all applied ABA roles are stuck in the pending state for the users and are never assigned.
If a user has an ABA role, and if you try to change a user attribute that is not related to the ABA role, all ABA roles are again marked for policy validation. Additionally, assigned permissions are removed and assigned back.
When you have more than 500 permissions in BHOLD and search permissions on the Supervised Permissions tab of Default Supervisor Role, no results are returned, and you are returned to the previous page.
When you configure an attribute-based role assignment for a role and then you try to click the Show Impact link in the policies section of a role, you receive the following error message:
Object reference not set to an instance of an object
The SP1 build does not let you re-create a permission that was removed from BHOLD earlier.
When you try to change and save a user without changing the end date, you receive the following error message:
Invalid date format
When you try to move an organization unit in the BHOLD Core Portal, you receive the following warning message:
Session ID missing: The Session ID is not found in URL. You can continue working using the menu at the left
The “User by Role” report cannot be generated after the limit of 50,000 users is reached. Additionally, you receive an “Out of memory” exception.
In the BHOLD Self-Service Portal, the role information screen under the Role Requests-Current Roles tab displays no role descriptions or permission details.
When you log on as a typical end-user in the BHOLD Service Portal, the “My Roles” screen is displayed as an empty page even though the user is assigned with both “active” and “proposed” roles.
The BHOLD – Access Management agent cannot perform full imports because of an SQL time-out issue that occurs when there is a load of more than 50,000 to 100,000 users.
BHOLD cannot add permissions to a user by using the BHOLD Connector after these permissions are denied.
When a steward in the BHOLD Attestation portal has multiple resources to attest and is working on approving or denying permissions for one user, other permissions for a different user are changed in the user interface.
Today Andreas Kjellman presented an updated FIM roadmap on the FIM Team User group.
Register and keep an eye on http://thefimteam.com/fim-team-user-group/, as the recording will be published shortly.
Also just a few days ago the new Hybrid Identity website went live (http://www.microsoft.com/en-us/server-cloud/solutions/identity-management.aspx).
The updated website contains the Hybrid Identity White Paper (http://aka.ms/hybrididentitywp)
Microsoft’s approach to identity spans on-premises and the cloud, creating a single user identity for authentication and authorization to all resources, regardless of location.
Also check the Hybrid Identity Datasheet (http://aka.ms/hybrididentityds)
There is a new product “AADSync” to make onboarding to AAD and Office 365 for multi-forest a lot easier. It will also support advanced DirSync scenarios. It is building on FIM2010R2 and DirSync.
The preview is available on Connect. (http://connect.microsoft.com/directory).
Documentation can be found at: http://www.aadsync.com/
There will be more information later in the year about Preview programs and deeper technical information.
There is more news to come, just keep an eye on the Server & Cloud Blog (http://blogs.technet.com/b/server-cloud/)
Also note that the new AADSync tool is referred as Microsoft Azure Active Directory Sync Services (AADSync), as Windows Azure is rebranded to Microsoft Azure…
|Book||http://aka.ms/packtpub_da_troubleshooting||Book: Direct Access troubleshooting|
|Exchange||http://aka.ms/mostpopularexch2010wiki||Most poplar Exchange 2010 articles on TN Wiki|
|FIM||http://aka.ms/ecmaresourcewiki||ECMA Resource Wiki|
|FIM||http://aka.ms/fim_codeplex||FIM projects on Codeplex|
|FIM||http://aka.ms/fim_portsrightspermissions||FIM Ports, rights and permissions|
|FIM||http://aka.ms/msidentitypublicreleases||Microsoft’s Identity Software: Public Release Build Versions|
|FIM||http://aka.ms/msidmpublicbuilds||Microsoft’s Identity Software: Public Release Build Versions|
|FIM||http://aka.ms/msidmpublicreleases||Microsoft’s Identity Software: Public Release Build Versions|
|FIM||http://aka.ms/powershellma||PowerShell Management Agent > The IDM explorer|
|FIM||http://bit.ly/FIM2010R2-RC||FIM 2012 R2 RC|
|FIM||http://bit.ly/FIM2010R2BetaDocs||FIM R2 Beta docs|
|FIM||http://bit.ly/TNEdgeCustomizingFIMPortal||FIM Portal customisation|
|FIM||http://bit.ly/CreatingCustomRCDC||FIM Creating Custom RCDC|
|FIM||http://bit.ly/FIM2010HotfixRSS||FIM Hotfix RSS|
|FIM||http://bit.ly/FIM2010_slowlink||Improve FIM performance over slow link|
|FIM||http://bit.ly/FIM2010Solutions||FIM 2010 Solutions from partners|
|FIM||http://bit.ly/FIM2010CustomActivity_WF||FIM Custom Activity WF|
|FIM||http://bit.ly/FIM2010SDK||FIM 2010 SDK|
|FIM||http://bit.ly/FIM2010Resources||FIM 2010 Resources|
|FIM||http://aka.ms/fim2010bpa||FIM 2010 Best Practice Analyser|
|FIM||http://aka.ms/fim2010functionsref||FIM 2010 Functions Reference|
|FIM||http://aka.ms/fim2010partnermas||FIM 2010: Management Agents from Partners|
|FIM||http://aka.ms/fim2010r2bpa||FIM 2010 Best Practice Analyser|
|FIM||http://aka.ms/fimblogs||FIM 2010 Community, feeds & blogs|
|FIM||http://aka.ms/fimbuild_overview||FIM Build Overveiw|
|FIM||http://aka.ms/fimbuilds||FIM Build Overveiw|
|FIM||http://aka.ms/fimcmpermissions||FIM CM Permisssion|
|FIM||http://aka.ms/fimcommunity||FIM Community overview|
|FIM||http://aka.ms/fimcommunity_feeds_blogs||FIM Community overview|
|FIM||http://aka.ms/fimfilema||FIM File MA|
|FIM||http://aka.ms/fimlpdownload||FIM Language Pack download|
|FIM||http://aka.ms/fimma_ln8||FIM Lotus Notes MA|
|FIM||http://aka.ms/fimmaportspermissions||FIM Rights, Ports & Permissions|
|FIM||http://aka.ms/fimmas||FIM Management Agents|
|FIM||http://aka.ms/fimmasfrompartners||FIM Management Agents from partners|
|FIM||http://aka.ms/fimscriptbox||FIM Script box|
|FIM||http://aka.ms/fimsecurity||FIM Security Setup|
|FIM||http://aka.ms/fimtechoverview||FIM Technical Overview|
|FIM Book||http://aka.ms/fim2010r2bestpracticesbook||FIM Book|
|FIM Book||http://aka.ms/fim2010r2handbook||FIM Book|
|FIM Book||http://aka.ms/fim2010r2handbookshortcuts||FIM Book|
|FIM Book||http://aka.ms/fim_r2_best_practices_vol1||FIM Book|
|FIM Community||http://aka.ms/fimteamug||FIM Team User Group|
|FIM Forum||http://aka.ms/fimforum||FIM Forum on Technet|
|FIM Forum||http://aka.ms/fimforumtn||FIM Forum on Technet|
|FIM Learning||http://aka.ms/fim2010rampup||Learning FIM|
|FIM News||http://aka.ms/2013fimannouncement||2013 FIM Announcement|
|FIM Technet||http://aka.ms/tnwikiforum||FIM 2010 Forum|
|FIM Wiki||http://aka.ms/fim2010resources||FIM 2010 Resources|
|FIM Wiki||http://aka.ms/fim2010wiki||FIM 2010 Wiki|
|Forefront||http://aka.ms/forefrontroadmap||Forefront Roadmap announcement|
|Forefront||http://aka.ms/forefronttechcenter||Forefront Tech Center|
|ILM||http://aka.ms/ilm2007gettingstarted||ILM Getting Started|
|Learning||http://bit.ly/MS_MVA||Microsoft Virtual Academy|
|PFE||http://aka.ms/pfe_wiki||Premier Field Engineering at TN Wiki|
|PFE||http://aka.ms/stayoutoftrouble||Premier Field Engineering|
|PKI||http://bit.ly/MSPKIBook||MS PKI Book|
|PKI||http://bit.ly/CurrentCLMresources||Current CLM Resources|
|Security||http://bit.ly/MS_BRS||Business Ready Security|
|Security||http://bit.ly/NEAT_Spruce||Neat And Spruce at Microsoft|
|Security||http://bit.ly/DownloadBRSTrial||Microsoft Business Ready Security Trial Environment|
|Sharepoint||http://aka.ms/sp2010kernelmodeauthn||Sharepoint Kernel Mode Authentication|
|Technet||http://aka.ms/fim2010forum||FIM Forum on Technet|
|Visual Studio||http://aka.ms/debugextension||Extension debugging|
|Wiki||http://aka.ms/fimwiki||FIM at Wiki|
|Wiki||http://aka.ms/fixrgb||Fix RGB codes to names in HTML|
|Wiki||http://aka.ms/wikitagcloud||TechNet Wiki: easy bookmarks to important TNWiki resources|
|Wiki||http://aka.ms/wikitoolbox||TN Wiki toolbox|
|Wiki||http://bit.ly/AddTocToYourTNWikiDoc||Add TOC to your Wiki article|
|Wiki Blog||http://aka.ms/tnwikiblog||TN Wiki Blog|
|Wiki Blog||http://aka.ms/wikiblog||TN Wiki blog|
|Wiki blog||http://aka.ms/wikininjablog||TN Wiki blog|
|Wiki Governance||http://aka.ms/technetwikicommunitycouncil||Wiki Governance|
|Wiki Governance||http://aka.ms/tnwikicouncil||Wiki Council|
|Wiki Governance||http://aka.ms/tnwikifeedback||Wiki Feedback|
|Wiki Governance||http://aka.ms/wikidevelopment||Wiki Governance|
|Wiki Governance||http://aka.ms/wikiguide||Wiki Governance|
|Wiki Governance||http://aka.ms/wikininjas||Wiki Ninja|
|Wiki Governance||http://aka.ms/wikireputation||Wiki Governance|
|Wiki Governance||http://aka.ms/wikuserguidelines_personalisation||Wiki Governance|
In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations.
Microsoft recommends TLS1.2 with AES-GCM as a more secure alternative which will provide similar performance.
And other interesting reading material referenced in the blog:
Microsoft® Forefront® Identity Manager 2010 R2 SP1 Language Packs
Note: These language packs are only for use with FIM 2010 R2 SP1.
The respective FIM 2010 R2 SP1 client or server components must first be installed before installing their language packs. >
See the FIM 2010 TechNet library* for specific requirements of those components.
For the FIM 2010 R2 language packs, see the download at
For the FIM 2010 language packs, see the download at
*As a refresher: Hardware and Software Requirements, http://technet.microsoft.com/en-us/library/hh332708(v=ws.10).aspx
Soon Microsoft Windows XP and Microsoft Windows Server 2003 come to an official end. Many companies worldwide are still relying heavily on these two Operating Systems and need to change as soon as possible.
The event we organize aims at helping end-users in migrating / switching from XP and 2003 to Windows 8.1 and Windows Server 2012 R2. Not from a marketing perspective, but showing with real-life examples and scenarios how to achieve this in your own organization.
Register at: http://www.goodbyewinxpevent.net/#!register/c24vq
This time of the year Packt Publishing has launched a ‘Buy One Get One Free’ offer across all eBooks for a limited period only.
This sale covers all 2000 eBook and Video in the range and customers can grab as many as they like until the end of this campaign.
The FIM team has announced the availability of some additional Connectors for FIM2010R2.
General Availability of PowerShell Connector
The PowerShell Connector can be used to communicate with a system through PowerShell scripts. This allows an easy and flexible way to communicate with other systems but also to pre-/post-process data and files before handed over to the FIM Synchronization Service. We believe the community will help providing scripts for this Connector for various systems and will open a place where scripts can be published for reuse.
Release Candidate of Generic SQL Connector
The Generic SQL Connector will allow you to connect to any database where you have an ODBC driver available. It enables new features compared to the built-in MA such as support for Stored Procedures, running SQL scripts, built-in delta import support, import multiple object types, connect to multiple tables, and much more. This Connector is built on ECMA2.3 which allows schema discoverability to be customized in the Sync Engine UI. A pre-release of the next Sync Engine hotfix is included with the Connector download and is required for the Connector to work.
Release Candidate of SAP Users and Roles/Groups
The updated SAP templates for Users and Roles/Groups allows you to manage Users, Roles, and Groups in SAP. This also include password sync for Users to SAP. The Connector will make sure roles are represented as groups to make it possible to manage these with bhold. This template will require the previously published WebService Connector: http://go.microsoft.com/fwlink/?LinkID=235883.
Participation on Connect
If you have participated in any other Connector preview program you will have access to the Release Candidate downloads. If you have not participated before then to get access to the preview programs on Connect either join the program “Identity and Access Management”, “FIM Synchronization Service Connectors Pre-release” on http://connect.microsoft.com/directory or follow this link http://connect.microsoft.com/site433/SelfNomination.aspx?ProgramID=6709&pageType=1
Generic LDAP Connector (build 4.3.1082.0)
We have also published an update to the Generic LDAP Connector adding support for some additional LDAP directories, see http://support.microsoft.com/kb/2936070/. If you have additional LDAP directories you think we should support, please feel free to contact provide feedback on the Connect Site or via the FIM 2010 forum on technet.
It can be pretty useful to get an overview of the articles you published on Technet Wiki.
First and best option is to search the TN Wiki for articles you created.
Go to the TNWiki site, and search for: site:http://social.technet.microsoft.com/wiki/ “First published by <your user name>”
Then you’ll see a RSS link, that you can use to read the RSS feed.
For example: Search Technet Wiki with my name (only the originally authored articles)
The RSS feed for this search is then: http://social.technet.microsoft.com/search/en-US/feed?query=site%3ahttp%3a%2f%2fsocial.technet.microsoft.com%2fwiki%2f%20%22First%20published%20by%20Peter%20Geelen%22&format=RSS&refinement=90
The advantage of this search is, that it still works even if you changed your profile or user name.
Another option: tag your articles with a specific tag and use the feed. Disadvantage of this method is you might not find all your articles in case you did not tag all articles.
To get the list of articles, use the tag search like http://social.technet.microsoft.com/wiki/tags/<yourtag>/default.aspx
The related RSS feed is : http://social.technet.microsoft.com/search/en-US/feed?query=<yourtag>&refinement=90
For example, searching with my tag: pgtag
Another option is direct search your favorite search engine like Bing for it, searching the source site (TNWIKI) and your name. Let me provide you with some examples, which you can customize very easily to fullfil your needs.
Using Bing, search for : site:http://social.technet.microsoft.com/wiki/ “First published by Peter Geelen”
This search is available as RSS Feed like (notice the format:rss tag in the URL): http://be.bing.com/search?format=rss&q=site%3Ahttp%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2F+%22First+published+by+Peter+Geelen%22&qs=n&form=QBRE&filt=all&pq=site%3Ahttp%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2F+%22first+published+by+peter+geelen%22&sc=0-0&sp=-1&sk=