Forefront Security

Microsoft Identity Manager online resources (#MIM2016)
  1. Quick note on Microsoft Learn & Docs
  2. Microsoft news and announcements
    1. Microsoft Product support lifecycle
    2. Feeds
  3. Official documentation – Microsoft
    1. Getting prepared
    2. Best practices
    3. Deployment documentation
    4. MIM for developers
    5. MIM reference material
  4. Github
    1. (Microsoft) MIM Configuration Documenter
    2. (Microsoft) Workflow Activity Library (WAL)
    3. MIM projects
  5. Microsoft Community
    1. Forums (Active)
    2. Microsoft Answers
    3. Forums (Achive)
    4. Technet blogs archive
    5. Experts Exchange
    6. Microsoft Wiki
      1. FIM/MIM related content (check the tags)
      2. ILM/FIM/MIM article overview
      3. ILM/FIM/MIM Troubleshooting
    7. The FIM/MIM geek blogs & posts…
  6. Social Media
    1. Facebook
    2. Twitter
  7. Books
    1. Online Companion guide for MIM 2016 book
  8. Visio Stencils
  9. Archives
    1. Microsoft Learn – previous versions

Quick note on Microsoft Learn & Docs

A while ago Microsoft moved from Docs (Docs.microsoft.com) to Learn (Learn.microsoft.com), but still some older information might point to the Docs links. In case the redirect fails, replace the docs prefix in the URL to learn an try again.
If it still fails, Bing it and let me know.

Microsoft news and announcements

Microsoft Product support lifecycle

https://docs.microsoft.com/en-us/lifecycle/products/?terms=Identity

Feeds

Official documentation – Microsoft

Getting prepared

Supported platforms: https://learn.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016-supported-platforms

Best practices

https://learn.microsoft.com/en-us/microsoft-identity-manager/mim-best-practices

Deployment documentation

MIM for developers

MIM reference material

Github

(Microsoft) MIM Configuration Documenter

https://github.com/microsoft/MIMConfigDocumenter

(Microsoft) Workflow Activity Library (WAL)

https://github.com/microsoft/MIMWAL

MIM projects

https://github.com/search?q=mim2016

Microsoft Community

Forums (Active)

Microsoft Answers

Forums (Achive)

Technet blogs archive

Technet blogs archive: https://learn.microsoft.com/en-us/archive/blogs/

Experts Exchange

Microsoft Wiki

FIM/MIM related content (check the tags)

ILM/FIM/MIM article overview

https://social.technet.microsoft.com/wiki/contents/articles/3610.fim-2010-mim-2016-related-wiki-articles.aspx

ILM/FIM/MIM Troubleshooting

https://social.technet.microsoft.com/wiki/contents/articles/3610.fim-2010-mim-2016-related-wiki-articles.aspx#FIM_Troubleshooting_Article

The FIM/MIM geek blogs & posts…

Below you’ll find some interesting and helpful articles and posts (some of the are old/archived… But still valid for MIM too.)

In alphabetic order (on last name)

Social Media

Facebook

Twitter

Books

Online Companion guide for MIM 2016 book

Visio Stencils

https://github.com/PeterGeelen/Microsoft-Identity-Manager/tree/main/FIM-MIM%20stencils

Archives

Microsoft Learn – previous versions

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/forefront-2010/ee652263(v=vs.100)

FIM News: the Microsoft Hybrid identity management (#FIM2010)

Today Andreas Kjellman presented an updated FIM roadmap on the FIM Team User group.
Register and keep an eye on http://thefimteam.com/fim-team-user-group/, as the recording will be published shortly.

Also just a few days ago the new Hybrid Identity website went live (http://www.microsoft.com/en-us/server-cloud/solutions/identity-management.aspx).

The updated website contains the Hybrid Identity White Paper (http://aka.ms/hybrididentitywp)

Microsoft’s approach to identity spans on-premises and the cloud, creating a single user identity for authentication and authorization to all resources, regardless of location.
Also check the Hybrid Identity Datasheet (http://aka.ms/hybrididentityds)

There is a new product “AADSync” to make onboarding to AAD and Office 365 for multi-forest a lot easier. It will also support advanced DirSync scenarios. It is building on FIM2010R2 and DirSync.

The preview is available on Connect. (http://connect.microsoft.com/directory).

Documentation can be found at: http://www.aadsync.com/

There will be more information later in the year about Preview programs and deeper technical information.

There is more news to come, just keep an eye on the Server & Cloud Blog (http://blogs.technet.com/b/server-cloud/)

Also note that the new AADSync tool is referred as Microsoft Azure Active Directory Sync Services (AADSync), as Windows Azure is rebranded to Microsoft Azure

Note-to-self: the Short URL collection bookmarks
Category Short Url Description
Book http://aka.ms/packtpub_da_troubleshooting Book: Direct Access troubleshooting
Exchange http://aka.ms/mostpopularexch2010wiki Most poplar Exchange 2010 articles on TN Wiki
FIM http://aka.ms/ecmaresourcewiki ECMA Resource Wiki
FIM http://aka.ms/fim_codeplex FIM projects on Codeplex
FIM http://aka.ms/fim_portsrightspermissions FIM Ports, rights and permissions
FIM http://aka.ms/fim2010 https://identityunderground.wordpress.com/
FIM http://aka.ms/msidentitypublicreleases Microsoft’s Identity Software: Public Release Build Versions
FIM http://aka.ms/msidmpublicbuilds Microsoft’s Identity Software: Public Release Build Versions
FIM http://aka.ms/msidmpublicreleases Microsoft’s Identity Software: Public Release Build Versions
FIM http://aka.ms/powershellma PowerShell Management Agent > The IDM explorer
FIM http://aka.ms/understandingfimdeprovisioning Understanding Deprovisioning
FIM http://bit.ly/FIM2010R2-RC FIM 2012 R2 RC
FIM http://bit.ly/FIM2010R2BetaDocs FIM R2 Beta docs
FIM http://bit.ly/pGW4gS FIM Exam
FIM http://bit.ly/FIM2010BetaExam FIM Exam
FIM http://bit.ly/TNEdgeCustomizingFIMPortal FIM Portal customisation
FIM http://bit.ly/CreatingCustomRCDC FIM Creating Custom RCDC
FIM http://bit.ly/FIM2010HotfixRSS FIM Hotfix RSS
FIM http://bit.ly/FIMTags FIM tags
FIM http://bit.ly/FIM2010_slowlink Improve FIM performance over slow link
FIM http://bit.ly/FIM2010Solutions FIM 2010 Solutions from partners
FIM http://bit.ly/FIM2010CustomActivity_WF FIM Custom Activity WF
FIM http://bit.ly/FIM2010SDK FIM 2010 SDK
FIM http://bit.ly/FIM2010Resources FIM 2010 Resources
FIM http://aka.ms/fim2010bpa FIM 2010 Best Practice Analyser
FIM http://aka.ms/fim2010functionsref FIM 2010 Functions Reference
FIM http://aka.ms/fim2010partnermas FIM 2010: Management Agents from Partners
FIM http://aka.ms/fim2010r2bpa FIM 2010 Best Practice Analyser
FIM http://aka.ms/fimblogs FIM 2010 Community, feeds & blogs
FIM http://aka.ms/fimbuild_overview FIM Build Overveiw
FIM http://aka.ms/fimbuilds FIM Build Overveiw
FIM http://aka.ms/fimcmpermissions FIM CM Permisssion
FIM http://aka.ms/fimcommunity FIM Community overview
FIM http://aka.ms/fimcommunity_feeds_blogs FIM Community overview
FIM http://aka.ms/fimfilema FIM File MA
FIM http://aka.ms/fimlpdownload FIM Language Pack download
FIM http://aka.ms/fimma_ln8 FIM Lotus Notes MA
FIM http://aka.ms/fimmaportspermissions FIM Rights, Ports & Permissions
FIM http://aka.ms/fimmas FIM Management Agents
FIM http://aka.ms/fimmasfrompartners FIM Management Agents from partners
FIM http://aka.ms/fimrampup Learning FIM
FIM http://aka.ms/fimresources FIM Resources
FIM http://aka.ms/fimscriptbox FIM Script box
FIM http://aka.ms/fimsecurity FIM Security Setup
FIM http://aka.ms/fimtechoverview FIM Technical Overview
FIM Book http://aka.ms/fim2010r2bestpracticesbook FIM Book
FIM Book http://aka.ms/fim2010r2handbook FIM Book
FIM Book http://aka.ms/fim2010r2handbookshortcuts FIM Book
FIM Book http://aka.ms/fim_r2_best_practices_vol1 FIM Book
FIM Community http://aka.ms/fimteamug FIM Team User Group
FIM Forum http://aka.ms/fimforum FIM Forum on Technet
FIM Forum http://aka.ms/fimforumtn FIM Forum on Technet
FIM Learning http://aka.ms/fim2010rampup Learning FIM
FIM News http://aka.ms/2013fimannouncement 2013 FIM Announcement
FIM Technet http://aka.ms/tnwikiforum FIM 2010 Forum
FIM Wiki http://aka.ms/fim2010resources FIM 2010 Resources
FIM Wiki http://aka.ms/fim2010wiki FIM 2010 Wiki
Forefront http://aka.ms/forefrontroadmap Forefront Roadmap announcement
Forefront http://aka.ms/forefronttechcenter Forefront Tech Center
ILM http://aka.ms/ilm2007gettingstarted ILM Getting Started
Learning http://bit.ly/MS_MVA Microsoft Virtual Academy
PFE http://aka.ms/pfe_wiki Premier Field Engineering at TN Wiki
PFE http://aka.ms/stayoutoftrouble Premier Field Engineering
PKI http://bit.ly/MSPKIBook MS PKI Book
PKI http://bit.ly/CurrentCLMresources Current CLM Resources
Security http://bit.ly/MS_BRS Business Ready Security
Security http://bit.ly/NEAT_Spruce Neat And Spruce at Microsoft
Security http://bit.ly/FBLeak20110510 FB leak
Security http://bit.ly/DownloadBRSTrial Microsoft Business Ready Security Trial Environment
Sharepoint http://aka.ms/sp2010kernelmodeauthn Sharepoint Kernel Mode Authentication
Technet http://aka.ms/fim2010forum FIM Forum on Technet
Visual Studio http://aka.ms/debugextension Extension debugging
Wiki http://aka.ms/fimwiki FIM at Wiki
Wiki http://aka.ms/fixrgb Fix RGB codes to names in HTML
Wiki http://aka.ms/happybirthday_ed Wiki surprise
Wiki http://aka.ms/ninja Wiki Ninja
Wiki http://aka.ms/ninjas Wiki Ninja
Wiki http://aka.ms/notappropriatefortnwiki Wiki guidelines
Wiki http://aka.ms/tnwikibookmarks Wiki Bookmarks
Wiki http://aka.ms/wikitagcloud TechNet Wiki: easy bookmarks to important TNWiki resources
Wiki http://aka.ms/wikitoolbox TN Wiki toolbox
Wiki http://bit.ly/AddTocToYourTNWikiDoc Add TOC to your Wiki article
Wiki Blog http://aka.ms/tnwikiblog TN Wiki Blog
Wiki Blog http://aka.ms/wikiblog TN Wiki blog
Wiki blog http://aka.ms/wikininjablog TN Wiki blog
Wiki Governance http://aka.ms/technetwikicommunitycouncil Wiki Governance
Wiki Governance http://aka.ms/tnwikicouncil Wiki Council
Wiki Governance http://aka.ms/tnwikifeedback Wiki Feedback
Wiki Governance http://aka.ms/wikidevelopment Wiki Governance
Wiki Governance http://aka.ms/wikiguide Wiki Governance
Wiki Governance http://aka.ms/wikininjas Wiki Ninja
Wiki Governance http://aka.ms/wikireputation Wiki Governance
Wiki Governance http://aka.ms/wikuserguidelines_personalisation Wiki Governance

Microsoft announced additional connectors for FIM 2010 R2 (#FIM2010)

Source: Forefront Identity Manager 2010 group at https://www.facebook.com/groups/155109068156/

The FIM team has announced the availability of some additional Connectors for FIM2010R2.

General Availability of PowerShell Connector

The PowerShell Connector can be used to communicate with a system through PowerShell scripts. This allows an easy and flexible way to communicate with other systems but also to pre-/post-process data and files before handed over to the FIM Synchronization Service. We believe the community will help providing scripts for this Connector for various systems and will open a place where scripts can be published for reuse.

TechNet docs:   http://go.microsoft.com/fwlink/?LinkID=393057
Download:          http://go.microsoft.com/fwlink/?LinkID=393056

Release Candidate of Generic SQL Connector

The Generic SQL Connector will allow you to connect to any database where you have an ODBC driver available. It enables new features compared to the built-in MA such as support for Stored Procedures, running SQL scripts, built-in delta import support, import multiple object types, connect to multiple tables, and much more. This Connector is built on ECMA2.3 which allows schema discoverability to be customized in the Sync Engine UI. A pre-release of the next Sync Engine hotfix is included with the Connector download and is required for the Connector to work.

Download:          https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=52652

Release Candidate of SAP Users and Roles/Groups

The updated SAP templates for Users and Roles/Groups allows you to manage Users, Roles, and Groups in SAP. This also include password sync for Users to SAP. The Connector will make sure roles are represented as groups to make it possible to manage these with bhold. This template will require the previously published WebService Connector: http://go.microsoft.com/fwlink/?LinkID=235883.

Download:          https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=52651

Participation on Connect

If you have participated in any other Connector preview program you will have access to the Release Candidate downloads. If you have not participated before then to get access to the preview programs on Connect either join the program “Identity and Access Management”, “FIM Synchronization Service Connectors Pre-release” on http://connect.microsoft.com/directory or follow this link http://connect.microsoft.com/site433/SelfNomination.aspx?ProgramID=6709&pageType=1

Generic LDAP Connector (build 4.3.1082.0)

We have also published an update to the Generic LDAP Connector adding support for some additional LDAP directories, see http://support.microsoft.com/kb/2936070/. If you have additional LDAP directories you think we should support, please feel free to contact provide feedback on the Connect Site or via the FIM 2010 forum on technet.

Note-to-self: new #FIM2010 Connector for Windows Azure Active Directory published

Source: http://www.microsoft.com/en-us/download/details.aspx?id=41166

Forefront Identity Manager Connector for Windows Azure Active Directory helps you synchronize identity information to Azure Active Directory.

Version:
Date Published:
1.0.6567.0002 2/19/2014

#FIM2010 newsletter – looking for more interesting resources

Since a while I’ve been on the lookout for interesting, blogs, articles, sites and feeds on FIM 2010.

I’ve been gathering them in a FIM 2010 weekly newletter on paper.li : http://paper.li/geelenp/1364888465/

If you think there are sources missing from this, list, feel free to let me know.

So far, I found these:

And also

Blog feeds are filtered on keywords: FIM, FIM2010, “FIM 2010”, bhold

All suggestions are welcome to peter(at)fim2010(dot)com.

Reviewed for you: Microsoft DirectAccess Best Practices and Troubleshooting (Packt Publishing)

Packt has recently published a new book "Microsoft DirectAccess Best Practices and Troubleshooting". (http://aka.ms/PacktPub_DA_Troubleshooting)

A few weeks ago I was asked to review the book.

Written by Jordan Krause a Microsoft MVP in Enterprise Security, and specializes in DirectAccess.

Packt Publishes advertises this book is an ideal guide for any existing or future DirectAccess administrator and system administrators who are working on Windows Server 2012.

This book will also be beneficial for someone with a basic knowledge of networking and deployment of Microsoft operating systems and software who wants to learn the intricacies of DirectAccess and its interfaces.

It’s a pretty condensed book of 116 pages in total, of which 98 technical content.

Structured in 5 chapters:

Chapter 1: DirectAccess Server Best Practices
Chapter 2: DirectAccess Environmental Best Practices
Chapter 3: Configuring Manage Out to DirectAccess Clients
Chapter 4: General DirectAccess Troubleshooting
Chapter 5: Unique DirectAccess Troubleshooting Scenarios

From a technical standpoint of view, it’s an interesting read, with lot of interesting advice.

It is quite confusing that the author discusses topics which are explained in a later chapter.
ISATAP for example. Chapter 2 discusses IPv6 vs ISATAP, while chapter 3 explains the ISATAP definition ( Intra-Site Automatic Tunnel Addressing Protocol).

To build the story in the book, it would make more sense to explain the basics first as it’s key information to the topics discussed and explained. It’s a good practice to set a common ground and vocabulary first, to start off on the right foot.

But when I say condensed, it really is condensed and not only on content level. Regarding readability, some of the pages are large blocks of heavy text, long sentences, barely using white space or paragraphs. Sentences reaching 4 lines require you to read the sentence again.

Shorter sentences and using more paragraphs is a simple fix.

Although the book is packed with valuable information, I’m a bit disappointed in the fact that the book does not get it’s full potential.

It would greatly improve by putting all hints & tips in a quick list (eg in an additional chapter or quick reference card), and/or gathering the do’s and don’ts in an action list like:

Please remember:

  • There are 3 platforms providing Direct Access: Windows 2008 R2, UAG and Windows 2012. Majority of DA deployments are covered by UAG and Windows 2012 as Windows 2008 R2 is quite difficult to handle.
  • Clients must be Windows 7 Enterprise, Windows 7 ultimate or Windows 8 Enterprise
  • Windows 7 pro and Windows 8 Pro do not support Direct Access (See: http://support.microsoft.com/kb/2756536)

Practical Hints & tips

  • The default gateway setting must only be defined on the external NIC
  • Name your NICs intuitively (chapter 1)
  • Set NIC binding correctly (chapter 1)
  • disable NICs not in use (ch.1)
  • Check Receive Side Scaling (RSS) (ch.1)
  • Enable spoofing of MAC addresses on VMs (ch.1)
  • Add static routes
  • Choose proper hostname
  • Join domain
  • Prestage the computer account
  • IP-HTTPS
  • DA must be a remote access platform and nothing else
  • Don’t use the Getting started wizard … + reasons (see chapter 1 of book)
  • Run the full Remote Access Setup Wizard
  • Create your own GPOs (ch.2)
  • Do not host the NLS website on the DA server
  • Set Teredo to Enterprise client
  • Use DNS Round Rbin for DA CLuster (ch.3)
  • Set client side firewall rules for each protocol needed (ch.3)
  • … (and so on)…

Furthermore, in the technical section in the book you won’t find any links to useful references, although there are plenty of opportunities to put in added value, again.

PacktPub has extremely good books that support this book:

  1. Windows Server 2012 Unified Remote Access Planning and Deployment
  2. Microsoft Forefront UAG 2010 Administrator’s Handbook
  3. Mastering Microsoft Forefront UAG 2010 Customization

Sorry, correction, the commercial part at the end refers to one of them.
But that’s not the author’s credit.

    There is a massive amount of additional reading and in depth material out-there, which the author could refer to. I’ll come to that in a second (cfr NRPT)
    I would love to get some insight in the list of hyperlinks the author frequently uses regarding this topic. Show me your favorites, man!
      The author explicitly targets existing DA administrators and “anyone interested in learning more about the technology before diving in for themselves”.

    But the index at the end of the book is missing essential acronym definitions.

    It would be nice to give the explanation with the acronym, like

    DIP, see Dedicated IP, 62,85
    UAG, see Unified Access Gateway, 36
    NRPT,see Name Resolution Policy Table, 50
    NAT, see Network Address Translation, 35-37
    GSW, see Getting Started Wizard

    One stunning example is NRPT, which is frequently touched in the book, but never explained.

    Even in the simplest case a reference to some useful resources would have helped, like:

      So, I’m hoping that Packt Pub will fix the gap.

    Despite, I still consider the Microsoft DirectAccess Best Practices and Troubleshooting book as a quick reference and a companion guide for Direct Access Administrators.

    An additional (online) reference list will make this book on DirectAccess rock, like Jordan kicks off with on page 1.

    And why not building that online reference on Technet Wiki?

    Note to the layout team: a small detail to make it complete: when you use justified layout (left and right aligned), that would make the book more polished.

    Microsoft announces Important Changes to the Forefront Product Line

    Directly from: http://blogs.technet.com/b/server-cloud/archive/2013/12/17/important-changes-to-the-forefront-product-line.aspx

    Today, Microsoft announced an important changes to the roadmaps of Forefront Identity Manager (FIM) and Forefront Unified Access Gateway (UAG):

    (quote)

    We plan to ship another major release of FIM in the first half of calendar year 2015.

    • Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on July 1, 2014.

    Microsoft remains committed to delivering the identity and access capabilities offered in FIM (identity and access management).  Some Forefront UAG scenarios (secure application publishing and remote access) are addressed with new capabilities available in Windows Server 2012 R2 today.

    Forefront Identity Manager

    The next full release of FIM will be delivered as part of Microsoft’s identity and access management product roadmap, which includes both on-premises investments and those we are making in Windows Azure Active Directory and related cloud services.

    The investment areas for this next major release of FIM will include:

    • Hybrid scenarios with Windows Azure AD
    • User & Access Management
    • Audit & Compliance

    We will share more details on specific features and functionality as we get closer to the release date.

    Forefront Unified Access Gateway

    Based on product strategy, customer feedback, and prevailing market dynamics, Microsoft has made the decision not to deliver any further full version releases of Forefront UAG.

    Microsoft customers continue to have access to select remote access and secure application publishing capabilities through Windows Server 2012 R2.  Windows Server is not a complete replacement for all UAG scenarios, but it does provide:

    • DirectAccess deployment and policy management.  This capability has been part of Windows Server 2012 since its initial release in September 2012.
    • Basic secure application publishing via the new Web Application Proxy service in the Remote Access role of Windows Server 2012 R2.  This new service allows customers to securely publish access to resources through a reverse proxy and includes integration with Active Directory Federation Services (ADFS) for conditional access policy and multi-factor authentication capabilities.

    Customers will be granted a Windows Server 2012 Standard server license for each UAG server license with active Software Assurance to allow them to make the transition.  For customers who wish to continue using Forefront UAG, Microsoft will provide maintenance and support through the standard Microsoft support lifecycle.  Mainstream support will continue through April 14, 2015, and extended support will continue through April 14, 2020.  Customers with active Software Assurance on UAG as of Dec. 1, 2013 may also add new UAG server instances, users, and devices without any requirement to order additional licenses.”

    (end quote)

    Release of three new Connectors for #FIM2010 R2 for public General Availability

    Source: https://www.facebook.com/groups/155109068156/

    Microsoft has announced the release of three new Connectors for FIM2010R2 for public General Availability.

    Windows Azure Active Directory Connector
    This conector can be used in scenarios not supported by DirSync, for example multi-forest or non-AD.
    Microsoft still recommends to use DirSync as the primary solution to synchronize AD to AAD and use it whenever possible.
    The Connector comes with sample code and configuration for a resource/account-forest scenario.

    For more information: please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=330371.

    Generic LDAP
    This Connector will allow you to connect to an LDAPv3 compliant directory.
    It currently supports the same LDAP directories (IBM, Novell, and Oracle) we ship with FIM2010R2 and will over time replace the built-in LDAP Management Agents.

    For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=270179.

    SharePoint User Profile Store
    This Connector will connect to the SharePoint User Profile Store and can be used as a replacement for the built-in synchronization engine which comes with SharePoint, for example in multi-forest or non-AD scenarios.

    For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=331344.

    Microsoft Forefront Identity Manager 2010 R2 Handbook – shortcuts

    As you know (or not) I’ve been involved in reviewing Kent Nordstrom’s book… (http://konab.com/fim-2010-r2-book/)

    You can order print and/or E-book at: http://aka.ms/FIMR2Book.

    Overview

    Page Chapter Title URL Description
    About the Author http://konab.com
    About the Reviewers http://be.linkedin.com/in/pgeelen Peter Geelen
    About the Reviewers http://aka.ms/FIM_R2_Best_Practices_Vol1 FIM R2 Best Practices Volume by David Lundell
    Support files, eBooks, http://PacktLib.PacktPub.com
    4 Preface http://aka.ms/PowerShellMA Granfeldt PowerShell MA 2.0 used to demonstrate ECMA
    5 Downloading the example code http://www.packtpub.com. extensible connectivity
    10 The Story in the book http://aka.ms/ADFSOverview Implement federation
    10 The Story in the book http://office365.microsoft.com Read more about Office 365
    19 Management agents http://aka.ms/FIMPartnerMA
    20 Management agents http://aka.ms/FIMMA
    28 FIM Licensing http://aka.ms/FIMLicense
    30 3 Installation http://aka.ms/FIMCapacityPlanning Capacity Planning
    32 3 http://aka.ms/SCSM2010Deployment SCSM for reporting
    32 3 http://aka.ms/FIMPlanning
    32 3 http://aka.ms/VirtualizationBestPractices
    35 3 http://aka.ms/FIMLanguagePacks
    35 3 http://aka.ms/SQLCollations
    35 3 http://aka.ms/SCSMCollations
    35 3 http://technet.microsoft.com/en-us/library/hh332707 Technet Site
    37 3 http://technet.microsoft.com/en-us/library/ff461010
    40 3 http://aka.ms/SCSM2010Deployment
    40 3 http://support.microsoft.com/kb/975332 AuthZ Man Hotfix
    49 3 http://blogs.msdn.com/b/chunliu/archive/2010/03/24/why-SharePoint-2010-not-use-kernel-mode-authentication-in-iis7.aspx turn off Kernel Mode authentication
    72 3 http://aka.ms/SCSM2010Ports complete list of ports required by SCSM 2010
    87 3 http://blog.konab.com/fim-2010-r2-book/reporting FIM post-install scripts for Data Warehouse
    93 4 Basic configuration http://support.microsoft.com/kb/303972 Replicating Directory Changes
    98 4 http://blogs.technet.com/b/doittoit/archive/2009/05/20/introducing-hierarchal-provisioning.aspx Hierarchical Provisioning
    101 4 http://aka.ms/FIMPreImportFilter
    104 4 http://aka.ms/FIMDeprovisioning
    116 4 http://aka.ms/FIMRunProfile
    118 4 http://aka.ms/UnderstandingFIMDeprovisioning
    118 4 http://aka.ms/FIMServiceSchema
    130 4 http://blog.konab.com/2011/09/performance-improvements-in-fim-2010-r2
    134 4 http://blog.konab.com/fim-2010-r2-book/basic-configuration/
    161 5 User management http://aka.ms/FIMDRE
    163 5 http://aka.ms/FIMMVExtension
    170 5 http://support.microsoft.com/kb/305144 UAC attribute
    172 5 http://aka.ms/FIMFunctions
    173 5 http://social.technet.microsoft.com/wiki/contents/articles/how-toenable-or-disable-accounts-in-active-directory-domain-service-usingfim.aspx
    200 6 Group management http://msdn.microsoft.com/en-us/library/cc223142 Group Type bitmask
    206 6 http://aka.ms/FIMAddIn Add-ins & extensions
    251 7 Self-service Password Reset http://aka.ms/FIMR2Upgrade
    254 7 http://aka.ms/SSPRconfigureSMSOT
    262 7 http://aka.ms/FIMR2QuickStart
    276 8 FIM & Office 365 http://fimattributestore.codeplex.com ADFS 2.0 Attribute Store for Forefront Identity Manager
    277 8 http://fim.codeplex.com .
    279 8 http://www.pointsharp.com
    285 9 Reporting http://technet.microsoft.com/en-us/library/jj133843 Default Report
    289 9 http://technet.microsoft.com/en-us/library/jj133844 ETL Script
    294 9 http://aka.ms/FIMReporting Modifying FIM Reports
    295 9 http://technet.microsoft.com/en-us/library/jj133861 Extending FIM reporting
    297 10 FIM Portal Customization http://aka.ms/CustomizeFIMPortal
    300 10 http://fim2010client.codeplex.com
    314 10 http://aka.ms/FIMxPath
    319 10 http://aka.ms/RCDCRef
    321 10 http://idmcrisis.com/post/2009/11/14/Working-with-RCDCe28099s-in-Visual-Studio.aspx Working with RCDCS in Visual Studio
    325 11 Customizing Data transformations http://aka.ms/FIMFunctions
    328 11 http://aka.ms/FIMWALExample
    328 11 http://aka.ms/ECMA2
    329 11 http://aka.ms/FIMPartnerMA
    329 11 http://aka.ms/PowerShellMA
    331 11 http://aka.ms/FIMFunctions
    337 11 http://aka.ms/DebugExtension
    348 12 Issuing Smart Cards http://aka.ms/CorePKI
    348 12 http://aka.ms/FIMCMandLunaSA
    353 12 https://identityunderground.wordpress.com/2010/05/17/clm-vs-key-recovery-agent-certificatetemplate
    374 12 http://aka.ms/FIMCMPermissions
    387 12 http://fimcmextensions.codeplex.com
    390 13 Troubleshooting http://aka.ms/FIMTroubleshooting
    405 13 http://aka.ms/FIMCMTroubleshooting
    408 13 http://aka.ms/FIMBackup
    408 13 http://aka.ms/FIMCMBackup
    409 13 http://aka.ms/SPFoundationBackup
    410 13 http://aka.ms/CABackup
    411 13 Summary http://blog.konab.com/fim-2010-r2-book
    413 Afterword http://aka.ms/FIMForumTN
    Afterword http://aka.ms/FIM2010Resources
    Afterword http://aka.ms/FIM2010Wiki

    References