MIM2016: Configuration best practices with MIMCheck

My fellow MVP Jeff Ingalls released a new cool tool to check your MIM solution against well known best practices. There was a FIM 2010 R2 BPA (Best practice analyzer) in the past but that tool has not get updates for a long time.

So Jeff decided to create his own tool putting in all the know best practices spread over the internet.

These are the bullet points of MIMCheck:

A read-only, stand-alone, remote, command-line tool that performs Microsoft Identity Manager best practice analysis checks.

Version 1.0 features include:

  • 38 best practice task checks including data integrity checks of the synchronization service database
  • Run an entire category of tasks: syncserver, portalserver, syncdb, portaldb
  • Manually specify synchronization or portal server names, ports, instance names, and database names
  • Export all tasks, description, and references to output without performing any action
  • Verbose output which includes task names, which can be used to run the task individually, requirements to run the task, reference(s) for further reading, a description of the task, number of errors, and a task result.
  • Redirection of output to a datetime name stamped file for periodic automation
  • Digitally signed
  • Licensing options available for consultants and consulting companies who which to use the product as a service and/or charge for the use of the software.

You can download the tool from here: http://www.ingallsdesigns.com/downloads.html

You can drop Jeff a mail for feedback or feature requests.

He did also a small presentation of the tool at the MIM Team User Group meeting yesterday, so you can wait for the recording of that presentation available on the Unify Solutions youtube channel within a few days.

 

MIM Configuration Documenter released on GitHub

The Identity community project team has recently released the MIM Configuration Documenter on GitHub as an open source project.

Its a very cool and easy tool to document your MIM solution (Sync and Service).
It also supports MIMWAL.

The main intend of that tool is:

  • Document deployment configuration details for the MIM / FIM solution!
  • Track any configuration changes you have made since a specific baseline!!
  • Build confidence in getting things right when making changes to the deployed solution!!

Current Version 1.17.0522.0 is the public beta which has limitation one some Management Agents but I’m sure there is more to come.

You can download precompiled binaries and source code from the Microsoft Repo:

https://github.com/Microsoft/MIMConfigDocumenter

 

Global Azure Bootcamp: Speaking at Let’s talk Azure in Saarbruecken

On Saturday, 22.04.2017 there will be the next Global Azure Bootcamp.

I will speak at the meetup “Let’s talk Azure” in Germany, Saarbruecken. There are still some seats free, so come an join us.

My topic will be Microsoft Identity Manager 2016 (MIM) as an extented tool for Hybrid Identity.
The following points will be covered by my presentation and demos:

  • Manage Azure AD and PIM Role with on-Premises groups
  • Customized group write-back for static and dynamic security groups
  • Manage licenses and group membership of cloud-only and B2B users
  • B2B user write-back to on-Premises Active Directory

 

 

New versions of additonal FIM/MIM connectors released

New version of the additional FIM/MIM connectors are relased some days ago.

This connector package contains the following connectors:

There are a couple of fixes and enhancements on those connectors, you can get the complete list from the version release history:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-connector-version-history

(And yes, the placement of the documentation also makes no sense to me since these are FIM/MIM only connectors)

Connectors can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=51495

 

New Azure Group Based Licensing (V2) available as public preview

Just saw it in my demo tenant today that the new Azure Group Based Licensing (V2) is now available within the new Azure portal http://portal.azure.com under the Active Directory Node.

Until today, since all of you know, you could only assign EMS licenses by groups created in Azure or synchronized from an On-Premises directory. In addition, you could only assign the whole license/suite in one piece without the ability to disable sub plans, like RMS for example.

With the new group based licensing, you now can also assign other services license like Office 365 for example and are also be able to disable specific sub plans.

Here is how it looks like:

Navigate to the new portal (the artist formerly known as “the island”): http://portal.azure.com

Go to the Azure Active Directory Management (Preview):

01

You will see an overview of all your licenses and current assigned users and groups via the “All products” option:

02

03

Let us assign the Office 365 license by a group and disable some of the features:

Click “Licensed Group” and then “+ Assign”

04

Select a group created in Azure or synchronized from your On-Premises directory.

Click “assignment option (optional)”

05

Done, license assignment changes will now be scheduled and you can check the state of pending or active (should be active within one minute.)

06

You can have multiple groups with different sub plans disabled to reflect the licenses needed for different user type (Power Users, Limited Users or Guests)

There is also an audit log for all license assignment but with by early tests there is nothing logged, I assume because the necessary categories are missing until rollout of preview is complete.

 

Re-Awarded a 3rd time as an MVP

Just recieved my mail that I got the MVP award a 3rd time.

Still honored and proud to be part of the great community.

Lithnet FIM/MIM Synchronization Service PowerShell Module released

Ryan Newington (Developer of FIM/MIM Lithnet PS Module, new FIM/MIM Service Client and RestAPI) already anounced new PowerShell Cmdlets for the FIM/MIM Synchronization Service on the last MIM Team User Group Meeting.

You can now download that module on github.

See documentation on the modules and also the disclaimer.

Download the FIM/MIM Sync PowerShell Module.

Great job again Ryan.

Here is a list of modules included:

Read more of this post

%d bloggers like this: