Recently I’ve migrated a bunch of Virtual Box Virtual Machines to Azure as detailed here. These VM’s are in Resource Groups with a Network Security Group associated that restricts access to them for RDP based on a source TCPIP address.… keep reading
Diagnosing FIM/MIM ‘kerberos-no-logon-server’ error on an Active Directory Management Agent
Overview
I have a complex customer environment where Microsoft Identity Manager is managing identities across three Active Directory Forests. The Forests all serve different purposes and are contained in different network zones. Accordingly there are firewalls between the zone where the MIM Sync Server is located and two of the other AD Forests as shown in the graphic below.… keep reading
An alternate method for dealing with Orphaned MetaVerse Objects
Update 21 April ’17. The LithnetMIISAutomation PS Module now has a -Force switch for Delete-CSObject
As often happens in development environments, data changes, configurations change and at some point you end up with a whole bunch of objects that are in no-mans land.… keep reading
Adapting to the changes in the AzureAD Preview PowerShell Module ADAL Helper Library
I’m a big proponent of using PowerShell for integration and automation of Azure Active Directory Services using the Azure AD GraphAPI. You may have seen many of my posts leverage the evolving Azure AD Preview PowerShell Module helper libraries. Lines in my scripts that use this look like the one below.… keep reading
Getting started configuring the latest Microsoft Identity Manager IBM Notes Management Agent with Domino v9.x
Lotus Notes. My old nemesis as both a user and as an Administrator is back to haunt me again.
There’s a reasonable amount written by others on the trials and tribulations of getting the FIM/MIM Notes / Domino Management Agent configured and working.… keep reading
Joining Identities between Active Directory and Azure Active Directory using Microsoft Identity Manager
Introduction
One of the foundations of Identity Management is the ability to join an identity between disparate connected systems. As we extend our management of identities into cloud services this adds a few twists.
A key concept is to use an anchor that is persistent.… keep reading
Migrating a VirtualBox (Linux) Windows VDI Virtual Machines to Azure
Overview
Over the years I’ve transitioned through a number of laptops and for whatever reason they never fully get put out to pasture. Two specific laptops are used semi-regularly for functions associated with a few virtual machines they hold. Over the last 10 years or so, I’ve been a big proponent of VirtualBox.… keep reading
Standalone installation of the MIM Self Service Password Reset Portals ends prematurely
Today I was performing a standalone installation of the MIM Self Service Password Reset Portals (Enrollment and Reset). These Portals rely on IIS and not the normal prerequisites associated with the MIM Service Portal (SharePoint etc). As such using PowerShell I’d only installed the Web Server Role with the usual dependencies.… keep reading
A workaround for the Microsoft Identity Manager limitation of not allowing simultaneous Management Agents running Synchronisation Profiles
Why ?
For those of you that may have missed it, in early 2016 Microsoft released a hotfix for Microsoft Identity Manager that included a change that removed the ability for multiple management agents on a Microsoft Identity Manager Synchronization Server to simultaneously run synchronization run profiles.… keep reading
How to create a PowerShell FIM/MIM Management Agent for AzureAD Groups using Differential Sync and Paged Imports
Introduction
I’ve been working on a project where I must have visibility of a large number of Azure AD Groups into Microsoft Identity Manager.
In order to make this efficient I need to use the Differential Query function of the AzureAD Graph API.… keep reading