PowerShell Activity: Issues with GUIDs in Workflow Activities and Sync Rules

I recently faced a problem with GUIDs generated in a PowerShell Workflow Activity. As you can see in my previous blog posts I use the FIM PowerShell Workflow Activity a lot of times (nearly most the time).

Currently I’m working on provisioning of user accounts with exchange mailboxes, in addition I have to activate/create the Online Archive for users.

I’m following this blog article from Eihab Isaac for the correct attributes to set, except that I want to do all this with portal sync rules and declarative provisioning.
If you take a look at the article you can see that you have to provide a new GUID to the msExchArchiveGUID attribute in order to get the archive feature to work. Read more of this post


Preview 2 of Azure AD Connect (AADConnect) is available

Yesterday (on March 20. 2015) Microsoft released the next preview of the cloud (bridge) synchronization tool AADConnect (called Public Preview March 2015).

You can download and test the “fresh” release via the Microsoft Connect site for AADConnect.

Beside the features of the last preview like multi-forest support, password write-back you can now also test group and user write-back from the cloud to on-prem AD.

AADConnect can also setup your ADFS and WAP servers directly from the AADConnect wizard for using SSO with ADFS.
Some of the features (like write-back’s) require a Azure AD Premium license.

The new Preview of AADConnect also provides a very new “neat” feature, beside filter on-premise objects to be synchronized to the cloud by organizationalUnit and attribute values, you are now able to filter objects based on on-premise (AD) group membership. (See screenshots below).

Also the hint for not using this in production has gone, so if you need to implement this right now, contact product group for more information and joining a TAP program.

I’ve done a fast install and configuration in advanced mode:

Read more of this post

Azure AD and Enterprise Mobility Suite available without EA (Enterprise Agreement)


since March 1. Azure AD Premium and EMS (Enterprise Mobility Suite) are available without the need to having an Enterprise Agreement.
Instead you can simple buy them through Cloud Solution Provider or Open program.

Enterprise Mobility Suite contains Azure AD Premium, Microsoft Intune and Azure Rights Management Service.
Keep also in Mind that Azure AD Premium contains a complete licence for FIM 2010 / MIM

See Alex AD blog for more Information

In addition if you are a subscriber of Windows Azure Pack or have a Silver or Gold competence you will get access to licenses for Azure AD and EMS via your Internal Use Rights (IURs) benefits: See this accouncement for more information.


AzureAD: attribute based dynamic groups in preview now


A well know feature of FIM has finds its way into Azure Active Directory Premium for preview:

Attribute based dynamic group membership.

See this Microsoft blog post for more information.
There is in addition a short video on how it works and also a technical documentation.



Preview #2 for Microsoft Identity Manager (MIM) vNext available on connect


just announced a few minutes ago on the AD blog:

Updated preview of the upcoming relase of Microsoft Identity Manager (MIM) vNext is available now.

The release contains Installer and pre-build VMs.
With this release you can get a early look and can test on the following features:

  • Privileged Access Management (PAM): support for running with Windows Server 2012 R2 domain controllers in addition to Windows Server vNext domain controllers, a new REST API and code sample web portal, new enterprise grade PowerShell cmdlets and a new PAM security monitoring service with one way trust between PAM forest and CORP forest.
  • Certificate Management (CM): Client Certificate Management REST API and a Modern Application that leverages it with an updated user experience, Cross forest cert support, CM server side event logging and new self-configured Performance counters.
  • Password Self Service: Self Service Account Unlock alongside Self Service Password Reset
  • In place upgrade from FIM 2010 R2 to MIM 2015


Getting access to this preview is quite simle:

  • Register at the Connect site and sign in
  • Join to the CTP program  (or search for:  “Active Directory Identity and Access Management CTP”)
  • Download documents, product binaries and VMs and try the scenarios
  • Provide Feedback via the connect feedback form



%d bloggers like this: