Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

Note-to-self: a new build of the #MIM2016 CTP on Microsoft Connect (Milestone CTP4, 4.3.1935.0)

Mon 6 Jul 2015 Leave a comment

Last update, in april, the FIM/MIM product group posted MIM beta-build  4.3.1790.0.
Yesterday the MIM PG has posted new build install files on Connect. (4.3.1935.0).

You’ll notice this set of data only has the install files and hasn’t got the VMs anymore…
https://connect.microsoft.com/site433/Downloads

Release date, RTM, GA getting close?

Note-to-self: Insider Threat report from Infosecbuddy

Mon 6 Jul 2015 Leave a comment

Source: http://www.infosecbuddy.com/thank-you-here-is-your-insider-threat-report/

(No, you don’t need to leave your precious dummy contact details…)

From the report:

“Highly publicized insider data theft, such as the recent Morgan Stanley breach or Edward Snowden incident,
highlight the increasing need for better security practices and solutions to reduce the risks posed by insider threats.

This report is the result of comprehensive crowd-based research in cooperation with the
260,000+ member Information Security Community on LinkedIn and Crowd Research Partners to gain more insight into the state
of insider threats and solutions to prevent them.”

A hotfix rollup package (build 4.1.3646.0) is available for #FIM2010 R2 SP1

Thu 25 Jun 2015 Leave a comment

Source: https://support.microsoft.com/en-us/kb/3054196

Microsoft has release an important update, to fix important issues.
Some of them listed below…

FIM Service

When you update the criteria of a group or set, you receive a SQL error if negative conditions exceed 7 in the filter when you click View members. After you apply this update, the View Members button works as expected.

FIM Portal

Fixed:

  • FIM Credential Provider Extension for Self-Service Password Reset (SSPR), you cannot answer by using double-byte characters through the Windows Input Method Editor (IME) in the “Question and Answer” gate.
  • In the FIM Password Registration Portal, auto-focus on the first text box can cause the first registration question to be hidden from view
  • On the FIM Password Registration and Password Reset websites, autocomplete was not disabled for the logon forms
  • the Object Picker control in the FIM Identity Management Portal returns invalid results if there were special characters in the search string.

CM

Fixed: The revocation settings in a profile template can only be configured for all certificates together and not for each certificate separately.

FIM Sync

Fixed

  • The management agent for Active Directory receives a “Replication Access Denied” error when you run a Delta Import run profile step on domains that contain a read-only domain controller (RODC).

BHOLD

Fixed:

  • When you create delta-attestation campaign in BHOLD Analytics, an error message is displayed regardless of whether the campaign was created.
  • In BHOLD Attestation, user interface elements may not be available with new versions of Internet Explorer

Happy fixing!

Categories: Security

Note-to-self: By default #FIM2010 Localized information is not migrated using Export-FIMConfig

Wed 17 Jun 2015 Leave a comment

Many of us are using the Export-FIMConfig powershell to export, extract, migrate or document FIM Service and portal configurations.

If someone complains that the localized content is not exported or migrated, I send over the links below.

Source:

 

Many international FIM customer have localized and/or customized content that doesn’t get exported with the default export functionality.
This is explained in Appendix C: “Localized information not migrated by default”:

“By default, the Windows PowerShell scripts that are included in this guide do not migrate localized information. To include localized display names, edit the ExportPolicy.ps1 and the SyncPolicy.ps1 so that the Export-FIMConfig cmdlet includes the –AllLocales option. This option instructs the cmdlet to download all localized information. However, its presence slows down the scripts.

Another parameter  to pay attention to is the -MessageSize parameter

As explained at “Windows PowerShell Examples for Configuring FIM“:

” If a FIM 2010 R2 resource is too large to fit within a single Simple Object Access Protocol (SOAP) message, it may be necessary to increase the message size. This regularly happens when you export Set resources with thousands of explicit members. Often, administrators pick an arbitrarily large message size such as 999,999.”

Keep in mind that exporting the localized information and a large message size will significantly impact your export performance.

 

Some additional references to bookmark:

And interesting to read:

Note-to-self: free MS Press eBooks on Microsoft Virtual academy

Wed 17 Jun 2015 Leave a comment

Looking for some Azure reference material, planning for Azure certification exams, …? Have a look at the eBooks section on Microsoft Virtual Academy (MVA)…
Short url: http://aka.ms/freemspress

It has a quite interesting collection of free eBooks you can download…

 

And while you’re there, also check the learning stuff for identity:

http://www.microsoftvirtualacademy.com/Studies/SearchResult.aspx?q=identity

And bookmark this link for security related learning material:

http://www.microsoftvirtualacademy.com/Studies/SearchResult.aspx?q=security

 

Happy learning!

 

Ignite 2015 session posted: Upgrading from #FIM2010 to #MIM2016 and #AAD

Tue 12 May 2015 Leave a comment
Categories: Security

New #FIM2010 R2 SP1 hotfix released to fully support Windows Server 2012 R2 ADDS (Build 4.1.3634.0)

Sat 2 May 2015 Leave a comment

Microsoft has released a very important hotfix for FIM2010 R2 SP1: full details at https://support.microsoft.com/kb/3048056. (FIM Build 4.1.3634.0)

As indicated in the article, Microsoft recommends that all customers apply this update to their production systems.

The most important fix in this hotfix is that FIM2010 R2 (SP1) now fully supports Windows Server 2012 R2 Active Directory Domain Services, both for domain and forest level.

Still an important condition for this support is that the FIM Synchronization Service must be installed only on

  • Windows Server 2008,
  • Windows Server 2008 R2,
  • or Windows Server 2012 member server.

FIM 2010 Server components must NOT be installed on a Windows Server 2012 R2 member server.

Only the PCNS component can be installed on a Windows Server 2012 R2 domain controller.

More information:

Follow

Get every new post delivered to your Inbox.

Join 76 other followers