FIM 2010 R2 Upgrade – How to Tell MSDN Media Was Used for the 2010 Install

With the new features of FIM 2010 R2 such as external SSPR, reporting, and BHold (not to mention all of the other extras - like the the gains in performance, new connectors, etc.), folks are of course interested in updating their FIM 2010 installations. The problem is that if you installed the …

The NDES CA Thumbprint Hash

Recently, while working on a Microsoft Network Device Enrollment Services (NDES) deployment, a client asked a simple-enough question about the thumbprint for the Certificate Authority (CA) certificate that was displayed on the NDES admin enrollment GUI, “What is that hash? And why doesn’t it match any of the CA certificate thumbprint hashes in my chain-of-authority?”

FIM – Multiple MAs and Attribute Precedence

Recently, I have been involved in several client projects that involve the distribution and synchronization of user accounts between multiple organizations. This is a little different than the standard synchronization scenario, which assumes that there is one organization, and data flows from an authoritative source, such as an HR data store. An example of this basic synchronization can be seen in Figure 1; assume that we have three domains in our organization, and domain A is authoritative.

Keeping Track of Attribute History in the Forefront Identity Manager (FIM) Sync Engine

Recently, one of our clients had a scenario that required them to keep track of the proxyAddresses attribute history between two Microsoft Active Directory (AD) domains. Since FIM Sync Service doesn’t retain any history of attribute values (as simply a state-based synchronization engine), this required a bit of thought and planning.

Examining the need to keep track of the history and exploring options, we came down to the solution through a simple one-revision history mechanism with FIM Sync.