Adventures in identity management
This week I battled with an error from the OOB SQL MA for MIM 2016 (which I don’t think has changed at all from FIM 2010, and probably not earlier versions as well). The MA was working with a SQL database table on a server in another, non-trusting AD forest, and using Windows authentication. The…
Sometimes I want to simulate connectivity from an application another way, usually for troubleshooting or verifying networks and accounts have been set up correctly. One thing that’s always been difficult is testing I can connect to a SQL database in a non-trusting domain, using an AD account in the other domain. I can’t hardcode credentials in…
Most people who work with FIM will be familiar with the “Value Violates Uniquess” errors when you try to export an object through the FIM MA that conflicts with an existing object on an attribute that has enforced uniqueness in the FIM Service. If the duplicate is on a string attribute like AccountName then it’s…
I was asked to evaluate the impact of ticking “Allow Nulls” on the AD export flow for ‘manager’ when it was realised that some people had a manager set in AD, while in FIM they had none. This can be a hard change to test in Dev or Test environments which don’t have the full…
Lately I’ve been doing lots of work with logging various FIM-related data to SQL tables and presenting them with SQL Reporting Services (SSRS). I’ve been having some good fun with SSRS – there seems to be a lot you can do with just a basic understanding of queries and parameters – and I’m sure I’m…
A long time ago now I posted a basic SQL method of archiving the Requests history to another database. I’m still using this with FIM 2010 and have updated the method now to also grab info about Approvals. Note I haven’t tested this with R2.
Once upon a time we used to be able to write Advanced Flow Rules for reference attributes. Admittedly this sometimes led to horribly inefficient code, but it was useful – particluarly when paired with FindMVEntries to lookup and then reference an existing Metaverse object. With FIM we lost this capability, and Microsoft claim we were…
Post deleted because it was a lot easier than I thought! See comments below.
There were a few FIM reporting sessions at TEC, none of which I managed to make it to, though I hope the presenters will be making their solutions generally available as they are undoubtably more correct and complete than what I’ve been doing. However a couple of people did ask that I post my method…
While trying to install update 241774 I got “Error 25009: The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. Windows NT user or group ‘mydomain\fimsync-service-account‘ not found. Check the name again.”