Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

A hotfix rollup package (build 4.1.3646.0) is available for #FIM2010 R2 SP1

Thu 25 Jun 2015 Leave a comment

Source: https://support.microsoft.com/en-us/kb/3054196

Microsoft has release an important update, to fix important issues.
Some of them listed below…

FIM Service

When you update the criteria of a group or set, you receive a SQL error if negative conditions exceed 7 in the filter when you click View members. After you apply this update, the View Members button works as expected.

FIM Portal


  • FIM Credential Provider Extension for Self-Service Password Reset (SSPR), you cannot answer by using double-byte characters through the Windows Input Method Editor (IME) in the “Question and Answer” gate.
  • In the FIM Password Registration Portal, auto-focus on the first text box can cause the first registration question to be hidden from view
  • On the FIM Password Registration and Password Reset websites, autocomplete was not disabled for the logon forms
  • the Object Picker control in the FIM Identity Management Portal returns invalid results if there were special characters in the search string.


Fixed: The revocation settings in a profile template can only be configured for all certificates together and not for each certificate separately.

FIM Sync


  • The management agent for Active Directory receives a “Replication Access Denied” error when you run a Delta Import run profile step on domains that contain a read-only domain controller (RODC).



  • When you create delta-attestation campaign in BHOLD Analytics, an error message is displayed regardless of whether the campaign was created.
  • In BHOLD Attestation, user interface elements may not be available with new versions of Internet Explorer

Happy fixing!

Categories: Security

Note-to-self: By default #FIM2010 Localized information is not migrated using Export-FIMConfig

Wed 17 Jun 2015 Leave a comment

Many of us are using the Export-FIMConfig powershell to export, extract, migrate or document FIM Service and portal configurations.

If someone complains that the localized content is not exported or migrated, I send over the links below.



Many international FIM customer have localized and/or customized content that doesn’t get exported with the default export functionality.
This is explained in Appendix C: “Localized information not migrated by default”:

“By default, the Windows PowerShell scripts that are included in this guide do not migrate localized information. To include localized display names, edit the ExportPolicy.ps1 and the SyncPolicy.ps1 so that the Export-FIMConfig cmdlet includes the –AllLocales option. This option instructs the cmdlet to download all localized information. However, its presence slows down the scripts.

Another parameter  to pay attention to is the -MessageSize parameter

As explained at “Windows PowerShell Examples for Configuring FIM“:

” If a FIM 2010 R2 resource is too large to fit within a single Simple Object Access Protocol (SOAP) message, it may be necessary to increase the message size. This regularly happens when you export Set resources with thousands of explicit members. Often, administrators pick an arbitrarily large message size such as 999,999.”

Keep in mind that exporting the localized information and a large message size will significantly impact your export performance.


Some additional references to bookmark:

And interesting to read:

Note-to-self: free MS Press eBooks on Microsoft Virtual academy

Wed 17 Jun 2015 Leave a comment

Looking for some Azure reference material, planning for Azure certification exams, …? Have a look at the eBooks section on Microsoft Virtual Academy (MVA)…
Short url: http://aka.ms/freemspress

It has a quite interesting collection of free eBooks you can download…


And while you’re there, also check the learning stuff for identity:


And bookmark this link for security related learning material:



Happy learning!


Ignite 2015 session posted: Upgrading from #FIM2010 to #MIM2016 and #AAD

Tue 12 May 2015 Leave a comment
Categories: Security

New #FIM2010 R2 SP1 hotfix released to fully support Windows Server 2012 R2 ADDS (Build 4.1.3634.0)

Sat 2 May 2015 Leave a comment

Microsoft has released a very important hotfix for FIM2010 R2 SP1: full details at https://support.microsoft.com/kb/3048056. (FIM Build 4.1.3634.0)

As indicated in the article, Microsoft recommends that all customers apply this update to their production systems.

The most important fix in this hotfix is that FIM2010 R2 (SP1) now fully supports Windows Server 2012 R2 Active Directory Domain Services, both for domain and forest level.

Still an important condition for this support is that the FIM Synchronization Service must be installed only on

  • Windows Server 2008,
  • Windows Server 2008 R2,
  • or Windows Server 2012 member server.

FIM 2010 Server components must NOT be installed on a Windows Server 2012 R2 member server.

Only the PCNS component can be installed on a Windows Server 2012 R2 domain controller.

More information:

New MIM vNext CTP (CTP4) posted on Microsoft Connect #FIM2010 #MIM2015, now #MIM2016

Tue 21 Apr 2015 Leave a comment

Source: http://blogs.technet.com/b/ad/archive/2015/04/21/microsoft-identity-manager-public-preview-updated.aspx

Today the FIM/MIM product group posted a new version of the MIM vNext CTP on Microsoft Connect (Milestone CTP4, 4.3.1790.0)

Head over to the Microsoft Connect site at https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=57668

As you’ll see quickly you’ll need 35GB free space now, to download the documents and VMs.

In addition to the new functionality, if you carefully read the list of downloads we have got a new product name:

Microsoft Identity Manager 2016.

CTP3 MIM CM with Modern App TLG.docx 5,38 MB Download
PRIVDC.zip 6.429,13 MB Download
CORPDC.zip 7.438,93 MB Download
CORPWKSTN.zip 7.461,45 MB Download
PAMSRV.zip 13.791,65 MB Download
MIM install 4.3.1790.0.zip 158 MB Download
MIM CTP Test Lab Guide for Privileged Access Management.docx 474 KB Download
TLG – MIM2016 Deployment.docx 8,98 MB Download
TLG – MIM2016 RC Self-Service Login Assistance (SSPR+SSAU) with Azure MFA.docx 4,05 MB Download

The beta release can be downloaded as following:

Note-to-self: A quick tip to convert Hyper-V .vhdx to .vhd file formats (prep for Windows Azure)

Fri 17 Apr 2015 Leave a comment

Get every new post delivered to your Inbox.

Join 76 other followers