Month: June 2015

A hotfix rollup package (build 4.1.3646.0) is available for #FIM2010 R2 SP1


Microsoft has release an important update, to fix important issues.
Some of them listed below…

FIM Service

When you update the criteria of a group or set, you receive a SQL error if negative conditions exceed 7 in the filter when you click View members. After you apply this update, the View Members button works as expected.

FIM Portal


  • FIM Credential Provider Extension for Self-Service Password Reset (SSPR), you cannot answer by using double-byte characters through the Windows Input Method Editor (IME) in the “Question and Answer” gate.
  • In the FIM Password Registration Portal, auto-focus on the first text box can cause the first registration question to be hidden from view
  • On the FIM Password Registration and Password Reset websites, autocomplete was not disabled for the logon forms
  • the Object Picker control in the FIM Identity Management Portal returns invalid results if there were special characters in the search string.


Fixed: The revocation settings in a profile template can only be configured for all certificates together and not for each certificate separately.

FIM Sync


  • The management agent for Active Directory receives a “Replication Access Denied” error when you run a Delta Import run profile step on domains that contain a read-only domain controller (RODC).



  • When you create delta-attestation campaign in BHOLD Analytics, an error message is displayed regardless of whether the campaign was created.
  • In BHOLD Attestation, user interface elements may not be available with new versions of Internet Explorer

Happy fixing!

Note-to-self: By default #FIM2010 Localized information is not migrated using Export-FIMConfig

Many of us are using the Export-FIMConfig powershell to export, extract, migrate or document FIM Service and portal configurations.

If someone complains that the localized content is not exported or migrated, I send over the links below.



Many international FIM customer have localized and/or customized content that doesn’t get exported with the default export functionality.
This is explained in Appendix C: “Localized information not migrated by default”:

“By default, the Windows PowerShell scripts that are included in this guide do not migrate localized information. To include localized display names, edit the ExportPolicy.ps1 and the SyncPolicy.ps1 so that the Export-FIMConfig cmdlet includes the –AllLocales option. This option instructs the cmdlet to download all localized information. However, its presence slows down the scripts.

Another parameter  to pay attention to is the -MessageSize parameter

As explained at “Windows PowerShell Examples for Configuring FIM“:

” If a FIM 2010 R2 resource is too large to fit within a single Simple Object Access Protocol (SOAP) message, it may be necessary to increase the message size. This regularly happens when you export Set resources with thousands of explicit members. Often, administrators pick an arbitrarily large message size such as 999,999.”

Keep in mind that exporting the localized information and a large message size will significantly impact your export performance.


Some additional references to bookmark:

And interesting to read:

Note-to-self: free MS Press eBooks on Microsoft Virtual academy

Looking for some Azure reference material, planning for Azure certification exams, …? Have a look at the eBooks section on Microsoft Virtual Academy (MVA)…
Short url:

It has a quite interesting collection of free eBooks you can download…


And while you’re there, also check the learning stuff for identity:

And bookmark this link for security related learning material:


Happy learning!