Update: An element of this solution details checking passwords online (using the Have I Been Pwned API). Troy explains succinctly in his blog-post announcing the pwned passwords list why this is a bad idea. If you are looking to implement the concept I detail in this post then WE STRONGLY recommend using a local copy of the pwned password list.… keep reading
Resolving Microsoft Identity Manager “sync-rule-validation-parsing-error” error
A couple of weeks back I inherited a Microsoft Identity Manager development environment that wasn’t quite complete. When I performed a sync on a user object I got the following error; sync-rule-validation-parsing-error
Looking into the error for further details, Details and Stack Trace were both greyed out as shown below.… keep reading
An Identity Consultants Summary of the recent Cloud Identity Summit 2017
I’ve just returned from Chicago and the Cloud Identity Summit that was held at the Sheraton Grand Chicago. It was my first CIS conference and reminded me a lot of the now defunct Quest Experts Conference and The Burton Group Conference, both in terms of the content and scale.… keep reading
Integration of Microsoft Identity Manager with Azure Platform-as-a-Service Services
Overview
This isn’t an out of the box solution. This is a bespoke solution that takes a number of elements and puts them together in a unique way. I’m not expecting anyone to implement this specific solution (but you’re more than welcome to) but more to take inspiration from it to implement solutions relevant to your environment(s).… keep reading
How to access Microsoft Identity Manager Hybrid Report data using PowerShell, Graph API and oAuth2
Update: Dec 20 2018. See this post that details the changes to the Azure AD Reports and Events Rest API.
Hybrid Reporting is a great little feature of Microsoft Identity Manager. A small agent installed on the MIM Sync Server will send reporting data to Azure for MIM SSPR and MIM Group activities.… keep reading
Synchronizing Exchange Online/Office 365 User Profile Photos with FIM/MIM
Introduction
This is Part Two in the two-part blog post on managing users profile photos with MIM (Microsoft Identity Manager). Part one here detailed managing users Azure AD/Active Directory profile photo. This post delves deeper into photos, specifically around Office 365 and the reason why you may want to manage these via FIM/MIM.… keep reading
How to Synchronize users Active Directory/Azure Active Directory Photo using Microsoft Identity Manager
Introduction
Whilst Microsoft FIM/MIM can be used to do pretty much anything your requirements dictate, dealing with object types other than text and references can be a little tricky when manipulating them the first time. User Profile Photos fall into that category as they are stored in the directory as binary objects.… keep reading
Using the Lithnet PowerShell Modules to generate full object metadata FIM/MIM HTML Reports
How many times have you wanted a consolidated report out of FIM/MIM for an object? What connectors does it have, what are the values of the attributes, which Management Agent contributed the value(s) and when? Individually of course you can get that info using the Metaverse Search and looking at the object in MIM Portal.… keep reading
Scripting queries for Lithnet Get-MVObject searches into the Microsoft Identity Manager Metaverse
It probably seems obvious by now, but I seem to live in PowerShell and Microsoft Identity Manager. I’m forever looking into the Microsoft Identity Manager Metaverse for objects.
However, sometimes I get tripped up by the differences in Object Classes between the FIM/MIM Service and the Metaverse, the names of the Object Classes (obviously not Person, Group and Contact) and in situations where they are case-sensitive. … keep reading
Diagnosing FIM/MIM ‘kerberos-no-logon-server’ error on an Active Directory Management Agent
Overview
I have a complex customer environment where Microsoft Identity Manager is managing identities across three Active Directory Forests. The Forests all serve different purposes and are contained in different network zones. Accordingly there are firewalls between the zone where the MIM Sync Server is located and two of the other AD Forests as shown in the graphic below.… keep reading