Deleting a large number of objects from the FIM Service can be accomplished in several ways: Create a custom workflow activity to delete the object that is triggered on a set transition MPR. Configure an MA to be authoritative for object deletion, then un-join the objects from the FIM MA. […]Continue reading
Author Archive for Sami Van Vliet, Author at Certified Security Solutions
I recently worked on a project where the client had some users who may not be logging into their accounts for 6 months or more, but their corporate policy was to disable accounts that had been dormant for more than 3 months. In order to allow these users to log […]Continue reading
Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes. We created a new reference multivalued attribute called SecurityGroups. 2. Next, we added a binding to the […]Continue reading
FIM requires several service accounts and groups, each with their own configuration requirements. However, there isn’t a single document that I’ve found that lists out all the accounts and the access they need. This is a compilation of information from various Microsoft articles with information on FIM service accounts. Full […]Continue reading
A recent requirement for a project was to have users and groups provisioned from Domain B to Domain A. Simple enough, but a catch was that, as applications were migrated to Domain A, their groups would be “owned” by Domain A, which would now be the authoritative source for all […]Continue reading
I was recently helping someone new to FIM come to grips with the multivalued attribute (MVA) table. The MVA table can be used to populate a multi-valued attribute—in a common scenario, this would be the member attributes of a group object.
Although there are good write ups on how to do this for those familiar with FIM, step by step instructions seemed helpful for those just learning.