Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

New MIM vNext CTP (CTP4) posted on Microsoft Connect #FIM2010 #MIM2015, now #MIM2016

Tue 21 Apr 2015 Leave a comment

Source: http://blogs.technet.com/b/ad/archive/2015/04/21/microsoft-identity-manager-public-preview-updated.aspx

Today the FIM/MIM product group posted a new version of the MIM vNext CTP on Microsoft Connect (Milestone CTP4, 4.3.1790.0)

Head over to the Microsoft Connect site at https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=57668

As you’ll see quickly you’ll need 35GB free space now, to download the documents and VMs.

In addition to the new functionality, if you carefully read the list of downloads we have got a new product name:

Microsoft Identity Manager 2016.

CTP3 MIM CM with Modern App TLG.docx 5,38 MB Download
MICROSOFT EVALUATION SOFTWARE LICENSE TERMS.docx 70 KB Download
PRIVDC.zip 6.429,13 MB Download
CORPDC.zip 7.438,93 MB Download
CORPWKSTN.zip 7.461,45 MB Download
PAMSRV.zip 13.791,65 MB Download
MIM install 4.3.1790.0.zip 158 MB Download
MIM CTP Test Lab Guide for Privileged Access Management.docx 474 KB Download
TLG – MIM2016 Deployment.docx 8,98 MB Download
TLG – MIM2016 RC Self-Service Login Assistance (SSPR+SSAU) with Azure MFA.docx 4,05 MB Download

The beta release can be downloaded as following:

Note-to-self: A quick tip to convert Hyper-V .vhdx to .vhd file formats (prep for Windows Azure)

Fri 17 Apr 2015 Leave a comment

#FIM2010 licensing model is changing as of 1st of april 2015

Wed 1 Apr 2015 1 comment

Source: http://www.microsoft.com/licensing/products/products.aspx
Download the “Microsoft Product Use Rights (WW, English, April 2015)” document at http://www.microsoftvolumelicensing.com/userights/Downloader.aspx?DocumentId=8488

In short, prior to 1st of april 2015, you required

  • a FIM server license for every FIM server installed and a CAL for every user managed in the FIM Service, or
  • Forefront Identity Manager 2010 R2 External Connector
Functionality Covered by
FIM Server Components (FIM Sync, FIM Services, FIM portal, …) FIM Server SKU
CAL Standalone FIM CAL, or Azure Active Directory Premium (AADP), or Enterprise Mobility Suite (EMS) User, orEnterprise Cloud Suite (ECS) User SL
External Users FIM External Connector license (per server)

After 1st of april 2015:

  • Windows Server license (Standard & Datacenter) will include FIM server entitlement
  • FIM Server 2010 R2 lices will not be available anymore on the price lists
Functionality Covered by
FIM Server Components (FIM Sync, FIM Services, FIM portal, …) Windows Server license (Standard & Datacenter) will include FIM server entitlement
CAL Standalone CAL, or Azure Active Directory Premium (AADP), or Enterprise Mobility Suite (EMS) User, orEnterprise Cloud Suite (ECS) User SL
External Users Windows Connector license

Certificate and Identity Management

  • A CAL is also required for any person for whom the software issues or manages identity information.

Synchronization Service

  • A CAL is not required for users only using the Forefront Identity Manager synchronization service.

From the PUR:

  • External Connector License means a license attached to a Server that permits access to the server software by External Users.
  • External Users means users that are not either your or your Affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents.
  • CAL means client access license. There are two kinds of CALs: user and device. A user CAL allows access to the server software from any device by one user. A device CAL allows access to the server software from one device by any user.

FIM / MIM is using a user CAL.

The FIM server will no longer be sold as a separate license, but instead Windows Server licenses will allow customers to install the FIM Server software.
Azure Active Directory Premium (AADP) and any suite that contains AADP, including Enterprise Mobility Suite (EMS) and Enterprise Cloud Suite (ECS), will also entitle users to access FIM.
Since FIM users already required a Windows Server CAL or equivalent to access FIM running on Windows Server, no additional Windows Server CALs (or Windows Server External Connector) will be required.
MIM will have the same licensing model.
All current FIM customers with active SA on the underlying Windows Server, (since the right to install FIM server is now granted with a WS license), will have rights to upgrade to MIM when it launches.

And for my Dutch speaking followers… Tous la même chose:

PS: The FIM licensing page on TechNet Wiki will be updated ASAP (http://aka.ms/LicenseToFIM)

Note-to-self: Download free DLA Piper legal start-up pack with legal rules of thumb and templates.

Thu 19 Mar 2015 Leave a comment

Source: http://trends.knack.be/economie/bedrijven/gratis-juridisch-start-up-pack-voor-technologiestarters/article-normal-541367.html

“This Start-up Pack has been designed and prepared by the (DLA PIPER) Technology Sector initiative, which includes lawyers with experience in intellectual property, corporate, employment and tax matters.

The purpose of this Start-up Pack is to provide assistance and support to early stage start-ups who are looking to establish their business on a more formal basis. Creating the right legal framework and ensuring that the business is protected at the outset is vital for a start-up to achieve its full potential.”

Troubleshooting #FIM2010: The Office 365 MA Connector export cycle has stopped. Object with DN CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation for the following attributes: member.

Fri 6 Mar 2015 Leave a comment

 

Event Viewer

Log Name: Application
Source: Directory Synchronization
Date:
32/13/2015 4:48:55 AM
Event ID: 107
Task Category: None
Level:
Error
Keywords: Classic
User: N/A
Computer: <servername
/>.<domain />.<root />
Description:
The Office 365 MA Connector
export cycle has stopped. Object with DN
CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation
for the following attributes: member. Please refer to documentation for
information on object attribute validation.
Event Xml:
<Event
xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt;

<System>
<Provider Name=”Directory Synchronization” />
<EventID
Qualifiers=”0″>107</EventID>
<Level>2</Level>
<Task>0</Task>

<Keywords>0x80000000000000</Keywords>
<TimeCreated
SystemTime=”2015-13-32T03:48:55.000000000Z” />

<EventRecordID>994163</EventRecordID>
<Channel>Application</Channel>

<Computer><servername />.<domain />.<root /></Computer>
<Security />

</System>
<EventData>
<Data>The Office 365 MA Connector export
cycle has stopped. Object with DN
CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation
for the following attributes: member. Please refer to documentation for
information on object attribute validation.</Data>
</EventData>

</Event>

Root Cause

There is a technical limit of 15000 members, that the Office 365 management
agent can support.

Solutions

1. Keeping member numbers under 15000

  • Eg. splitting groups

2. Migrating your O365 connector to AADSync

 

Additional info

Prepare for directory synchronization:
https://msdn.microsoft.com/en-us/library/azure/jj151831.aspx

Note-to-self: Microsoft Virtual Academy: Identity and Access Management

Tue 3 Mar 2015 Leave a comment

Source: Microsoft Security Newsletter – February 2015

Microsoft Virtual Academy: Identity and Access Management

Need tips for moving your Active Directory Federation Services (ADFS) workload to Microsoft Azure, the powerful platform leveraged by IT specialists to provide a range of services and tools to end users?

Look no further!

Get expert advice on design, deployment, maintenance, and more so you can smoothly manage the transition of your ADFS workload to Azure. Explore the various forms of identity, and learn to transition the tools that provide identity services into Microsoft Azure. Plus, see how to resolve common issues. “

And in case you didn’t notice there is a lot more interesting security stuff in the Newsletter, like:

  • Security Tip of the Month: Protect Your Highly Sensitive Information
  • Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications

+ more !

Surf to the Microsoft Security Newsletter – February 2015 and … just a suggestion … subscribe to the newsletter.

TechNet Wiki Summit – Calling IT Professionals | Register Now! #TNWIKISummit15

Mon 2 Mar 2015 Leave a comment

Source: http://blogs.technet.com/b/wikininjas/archive/2015/02/26/wiki-life-disclosing-technet-wiki-summit-2015.aspx

The International TechNet Wiki Summit 2015 aka TNWiki Summit15 will be a landmark in the TechNet Wiki history!

This Summit edition will be a unique conference to be held by Community members, based only on TechNet Wiki articles created to share problems and solutions, providing the opportunity to acquire knowledge and strengthen contacts between IT Professionals and Developers, to improve their professional growth.

Let’s thank what has been accomplished on TechNet Wiki and encourage Attendees to share ideas and knowledge about different articles.

Follow

Get every new post delivered to your Inbox.

Join 67 other followers