Identity Manager Management Agents

This page summarises the posts I’ve made relating to Forefront/Microsoft Identity Manager Management Agents. Mostly custom/bespoke Management Agents that I’ve developed using the Granfeldt PowerShell Management Agent.

Here you will find working examples for;
Active Directory, Active Directory Photos, Azure Active Directory, Azure Active Directory Business to Business (B2B), Exchange, Exchange Online, Have I Been Pwned, Home Directories, Lotus Notes, Office365, Password Sync, SharePoint Online, Skype for Business/Lync, Terminal Services, Twitter, Workday and xMatters.

As I post more I’ll try to keep this page updated. But you can also always use the categories, search and tags.

Getting Started with the Granfeldt PowerShell Management Agent

First up, you can get it from GitHub here. Søren’s documentation is pretty good but does assume you have a working knowledge of FIM/MIM and posts on this blog post are no different. Configuration tasks like adding additional attributes the User Object Class in the MIM Portal, updating MPR’s, flow rules, Workflows, Sets etc are assumed knowledge and if not is easily Bing’able for you to work it out.

Three items I had to work out that I’ll save you the pain of are;

  • You must have a Password.ps1 file. Even though we’re not doing password management on this MA, the PS MA configuration requires a file for this field. The .ps1 doesn’t need to have any logic/script inside it. It just needs to be present
  • The credentials you give the MA to run the scripts as, needs to be in the format of just ‘accountname’ NOT ‘domain\accountname’. I’m using the service account that I’ve used for the Active Directory MA. The target system is the same directory service and the account has the permissions required (you’ll need to add the management agent account to the appropriate Exchange role group for user management)
  • The path to the scripts in the PS MA Config must not contain spaces and be in old-skool 8.3 format. I’ve chosen to store my scripts in an appropriately named subdirectory under the MIM Extensions directory. Tip: from a command shell use dir /x to get the 8.3 directory format name. Mine looks like C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\Exchange

For more advanced functions such as Differential Sync, Paged Imports and Password Sync see these examples.

Differential Sync and Paged Imports

See these two posts on how to configure the Granfeldt PowerShell Management Agent to page the import of data into Microsoft Identity Manager as well as configuring Delta Synchronization for Azure Active Directory.

How to configure Paged Imports on the Granfeldt FIM/MIM PowerShell Management Agent

How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports

Password Sync

See these two posts on how to configure the Granfeldt PowerShell Management Agent to synchronize passwords. 
Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 3

UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager

Azure Active Directory

See these two posts on how to configure the Granfeldt PowerShell Management Agent to connect to Azure Active Directory.

Joining Identities between Active Directory and Azure Active Directory using Microsoft Identity Manager

Dynamic Active Directory User Provisioning placement (OU) using the Granfeldt Powershell Management Agent

Azure Active Directory B2B

See these two posts on how to configure the Granfeldt PowerShell Management Agent to connect to Azure Active Directory for managing Azure AD B2B.

Automating Azure AD B2B Guest Invitations using Microsoft Identity Manager

How to use the FIM/MIM Azure Graph Management Agent for B2B Member/Guest Sync between Azure Tenants

Exchange

See these three posts on how to configure the Granfeldt PowerShell Management Agent to connect to Exchange Server.

Consuming CSV files from an Exchange Mailbox via Exchange Web Services and FIM/MIM 2016 using the Granfeldt PowerShell MA

Provision Users for Exchange with FIM/MIM 2016 using the Granfeldt PowerShell MA, avoiding the AD MA (no-start-ma) error

Configuring Remote PowerShell to a Remote Active Directory Forest for FIM/MIM GalSync

Exchange Online / Office365

See this post on how to configure the Granfeldt PowerShell Management Agent to provision Exchange Online Mailboxes against On Premise Exchange Server.

Provisioning Hybrid Exchange/Exchange Online Mailboxes with Microsoft Identity Manager

Granfeldt PowerShell MA Schema Scripts

See this post on generating the Granfeldt PowerShell Management Agent Schema Definition File script.

Automate the Generation of a Granfeldt PowerShell Management Agent Schema Definition File

Have I been Pwned

See these three posts on how to configure the Granfeldt PowerShell Management Agent to connect to leveraged Have I Been Pwned Password Data.

Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned

UPDATED: Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager

Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager

Home Directory (Windows)

See this post on how to configure the Granfeldt PowerShell Management Agent to manage Windows Home Directories.

Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent

IBM / Lotus Notes / Domino

Three of these four posts detail how to configure the Granfeldt PowerShell Management Agent to synchronise passwords to IBM Domino/Notes Password Fault.

Getting started configuring the latest Microsoft Identity Manager IBM Notes Management Agent with Domino v9.x

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 1

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 2

Synchronizing Passwords from Active Directory to the IBM/Lotus Domino Identity Vault using Microsoft Identity Manager – Part 3

Office365 / Active Directory

See these two posts on how to configure the Granfeldt PowerShell Management Agent to connect to Azure Active Directory for managing Photos and Office365 Licenses.

How to Synchronize users Active Directory/Azure Active Directory Photo using Microsoft Identity Manager

Office365 Licensing Management Agent for Microsoft Identity Manager

SharePoint Online

See this post on how to configure the Granfeldt PowerShell Management Agent to connect to SharePoint Online for managing SharePoint Online User Profiles.

Managing SharePoint Online (SPO) User Profiles with FIM/MIM 2016 and the Granfeldt PowerShell MA

Skype for Business / Lync

See this post on how to configure the Granfeldt PowerShell Management Agent to connect to provision users to Lync/Skype for Business.

Provisioning Users for Lync / Skype for Business with FIM / MIM using the Granfeldt PowerShell Management Agent

Terminal Services

See this post on how to configure the Granfeldt PowerShell Management Agent to manage User Active Directory Terminal Services Profile configuration.

Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent

Twitter

See this post on how to configure the Granfeldt PowerShell Management Agent to connect to Twitter.

A Twitter Management Agent for Microsoft Identity Manager

Workday

See this post on how to configure the Granfeldt PowerShell Management Agent to connect to Workday HR.

Building a Microsoft Identity Manager PowerShell Management Agent for Workday HR

xMatters

See this post on how to configure the Granfeldt PowerShell Management Agent to connect to xMatters.

Building a FIM/MIM Management Agent for xMatters