In 2017 and the beginning of 2018 I have had some rough times. The Long and the Short of it is that late last year my mother passed away in the hospital. Then early this year, my father died, probably of a broken heart. Thanks to many friends from church, our neighborhood, professionally, other Microsoft MVP’s, I have had a lot of support while mourning their temporary absence from my life.
SharePoint is a great product but I wish that FIM and MIM did not use it. In my opinion, it adds unnecessary infrastructure and really complicates the setup, because SharePoint must be installed and configured (and maintained). Leaving that aside, allow me to point out some gotchas that might impede your ability to install this MIM/FIM prerequisite. First up: if your server has limited access to the Internet you should probably download all of these prerequisites and copy them to the server – because that’s what the SharePoint Installer has to do – it doesn’t include these items.
As most of you know I am regarded as one of the SQL gurus among the Microsoft Identity Management Gurus. For years, in my book and in speaking I have been recommending Ola Hallengren’s SQL Maintenance Solution to help take care of your ILM/FIM/MIM databases. But the SQL Maintenance Plan Wizard has come a long way. Tomorrow morning at 10 AM at Grand Canyon University I will be presenting as part of SQL Saturday #726 a showdown between the SQL Maintenance Plan Wizard and Ola’s solution, discussing when you want to use one vs the other.
In the 1980’s Steve Miller and Clifford Neuman published a new security protocol, called Kerberos, after the mythical three headed dog that guards the gates of Hades. In 2014 the alliance published the FIDO standard. This exciting standard is enabling a passwordless world (yet to come). For example you can use a small USB device with a key on it to login instead of entering a password. FIDO 2.0 is requiring two-factor, type in a PIN plus your key.
JefTek created a niche hybrid tool that tackles a few pieces of the sync and service puzzle in a way that none of the others do. One noteable one for sync: Get and Export MIM Deltas to CSV (based on a drop file either stop and drop or the audit log dropped during the export It is great for setting up SharePoint and the Kerberos authentication to it. While it doesn’t do all that IS4U-FIM-PowerShell (see my review), does or Lithnext resourcemanagement-powershell or Lithnet-miis-powershell (see my review), or even the he FIM PowerShell Module (see my review), it fills a small niche that none of the rest of them do.
Gil Kirkpatrick (a great guy, fellow MVP, who has taught me a lot over the years) created one of the very first, if not the first, PowerShell commandlets libraries to manage FIM/MIM service. It hasn’t had any activity in years, but it served as a great example to get others going. If you like this simple approach you could check out Adam Weigert’s PowerShell for FIM 2010 (see my review).
Wim Beck’s IS4U-FIM-PowerShell is a great example of open source, in that he has built on top of the FIM PowerShell Module (see my review). This is what Open Source is about, building upon each other’s contributions to make great stuff! When I looked at it in Dec 2016 I almost dismissed it since it lacked a wiki, but since then Wim has added a lot of pages. They still lack examples, I plan on pitching in to help out with that by adding some examples to my fork and then asking Wim to pull it in.
Ryan Newington’s Lithnet consists of several items: miis-powershell resourcemanagement-powershell resourcemanagement-webservice googleapps-managementagent acma “Codeless business rules engine for FIM/MIM” umare “Codeless data transform engine for FIM/MIM” I will only review the items I know Managing Sync miis-powershell is amazing it can almost everything you can do through the UI. For example, Clear-FullSyncWarning and it has a great wiki.
PowerShell for FIM 2010 by Adam Weigert consists of three parts but I further break the last into two: Management Agent(MA) and MetaVerse (MV) Extensions that let you run PowerShell scripts as your extensions A Workflow Activity A PowerShell module Managing Sync Managing Service Management Agent(MA) and MetaVerse (MV) Extensions The work done to enable you to write PowerShell scripts to be MA and MV extensions is crazy brilliant.
The FIM PowerShell Module (started by Craig Martin and now updated most frequently by Brian Desmond) is a great set of commandlets that help you to automate Interactions with FIM Service and FIM Sync Service. Managing Sync This library is great for automating tests. This library and Ryan Newington’s Lithnet-Miis-PowerShell (see my review on LithNet) are very complimentary. You can retrieve CS Objects, Run History, start an MA. I found that the most interesting Sync related Cmdlets are the
