Category: FIM

I am getting really close to finalize my FIM 2010 R2 Book! It can now be pre-ordered from http://aka.ms/FIMR2Book. Many thanks to everyone at Pack Publishing, great job!

FIM 2010 Update Rollup 2 will go live on Microsoft Update  today, February 28 at 10 am Pacific time. In addition to including all servicing changes made since RTM, this rollup:

• Adds support for the new Extensible Connectivity Management Agent 2.0 (ECMA 2) framework
• Addresses a possible performance issue for installations with many dynamic groups or criteria-based sets whose membership criteria include several conditions
• Reverts a change in the previous hotfix release that treated SQL wildcard characters as literals
• Addresses a number of other issues.

Especially interesting is the reappearing support for wildcards. Hotfix rollup 2520954 removed support for using the following characters as SQL wildcard characters in queries, in dynamic group filters, and in set filters:

• Underscore (_)
• Percent (%)
• Opening bracket ([)

The functionality was used by many of my customers preventing them from updating their FIM. This hotfix reverts the earlier change.

For details, see KB2635086

Customers using the Self-Service Password Reset feature of FIM 2010 have reported some concerns that users do not answer the “security” questions seriously. They might answer “A” for all questions for example, just to get rid of being required to register for SSPR. In R2 this behaviour can be prevented!

Look at the screenshot below from FIM 2010 R2 RC released yesterday.

QA Gate in FIM 2010 R2

In the new QA gate you can force the users to not having the same answers to two questions and also define a regular expression that the answers need to satisfy.

In my opinion this will increase the number of users who will answer the questions seriously!

Anyone working with FIM today have at some point been forced to do some troubleshooting. In FIM 2010 R2 troubleshooting is made much easier. Let me show you an example.

In current version of FIM when ever an error occured while processing a request we would see the following screen.

FIM 2010 - Error Message

It doesn’t give much of a hint on what went wrong. In FIM 2010 R2 error messages has been enhanced throughout the whole product to make error tracking easier.

If we look at the new error message I get in FIM 2010 R2 it looks something like this.

FIM 2010 R2 - Error Message

Take a special note to the Correlation Id that is introduced in FIM 2010 R2. This Id will be found also in Event Viewer if you need to drill down and find the correlated error event. If the error comes from a custom workflow you have designed it will show the error message thrown by your code.

If the FIM Portal is used for self-service of some kind you will also appreciate the copy to clipboard and send email functionality the user will get directly from the error screen.

This is just one example on how the R2 release of FIM 2010 will make your life, as FIM admin, easier.

I have made room in my calendar and will be delivering FIM training in Stockholm, Sweden 6-8/12. The training will be at Labcenter. Please go to http://www.labcenter.se/lab/2105 and register. If you have trouble understanding how to register on this Swedish site please email sales@labcenter.se.

It’s a 3 day course as described in Mastering Forefront IM. Since FIM training is not that common I have decided that this session will be open for international attendees, therefor I will deliver in English if non-Swedish students attend.

The course is a variant of the training I have delivered for Microsoft, Partner Readiness in Sweden and Norway.

Hurry up and register before the seats are taken!

One of the greatest new features we will get in the R2 release of FIM 2010 is the new built-in reporting capabilities. In ILM and current version on FIM, customers were forced to buy 3:rd party addons to get some useful reports, in FIM R2 it’s finally built-in.

The reporting feature uses the datawarehouse function in System Center Service Manager, and the FIM license will allow you to install and use that feature of SCSM without any extra license costs.

There are two types of reports, “Membership Change Reports” and “Object History Reports” out-of-the-box. But since the data is stored SCSM’s DB and you also can extend what is stored, cu’s can make custom reports if they like.

Membership Change Reports

In these reports you will be able to see how group and set membership have changed and who made and/or approved the change.

Membership Change Report Example

Object History Reports

In these reports we can se changes to objects and key attributes over time.

Object History Report Example

As you can see these reports will together give you a very good historical view and traceability on your identity management.

If I look at my customers running FIM 2010 today, the new reporting features of R2 will be the main reason for them to hurry on and make the upgrade when R2 gets released.

MS have just released some info on the upcoming R2 release of FIM 2010.

It looks like we will not have a solid release-date yet and I guess all changes are subject to change.

From the news they presented I find the following worth mentioning.

• Web based password reset:
  Password reset from non-domain joined computers using only a browser.
  Both registration and reset portals available.
  QA gate can be filtered using security context, giving different QA gates if you come from extranet.
  Request Context added as request attribute to show wich context was used (extranet/intranet).
  No Active-X or similar required, pure browser wizard.
  Still QA gate is the only authn built-in.
  [Update 2011-05-18] At a session @TechEd today MS announced support for OTP as well.
• Reporting:
  Historical data stored in System Center Service Manager data warehouse.
  Several out-of-box reports available.
  Changes of security groups is one great example.
  User history is another, showing the complete history of a user.
  This is a great R2 add-on! My cu’s will love this.
  You can filter what is moved to the data warehouse.
  The sync engine is not used to export the data from FIM DB to data warehouse.
  Scheduled Powershell is used to move data out and reports in.
  NO System Center Service Manager license is required if this is your only use of it!
• Enhanced MA connectivity:
  Exstensible MA will support some new features like “Full Export”.
  New SAP, Oracle ERP and Lotus Notes MA using the new API.
  No “Full Export” for standard MA’s.
• Enhanced Management:
  We will get FIM Best Practice Analyzer.
  Enhanced diagnostic and error messages.
  FIM Portal will work on Sharepoint 2010.

It looks like R2 will add some really nice features. I will now register for the CEP program and will report back here in my blog as soon as there are any news.