Microsoft Forefront Identity Manager 2010 R2 Handbook

Microsoft Forefront Identity Manager 2010 R2 Handbook
eBook: $32.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $87.98    Print cover: $54.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • A comprehensive handbook that takes you through how to implement and manage FIM 2010 R2
  • Includes how to implement a complete FIM 2010 R2 infrastructure
  • Covers codeless identity management using FIM 2010 R2

Book Details

Language : English
Paperback : 446 pages [ 235mm x 191mm ]
Release Date : August 2012
ISBN : 1849685363
ISBN 13 : 9781849685368
Author(s) : Kent Nordström
Topics and Technologies : All Books, Enterprise Products and Platforms, Microsoft Other, Enterprise, Microsoft

Table of Contents

Chapter 1: The Story in this Book
Chapter 2: Overview of FIM 2010 R2
Chapter 3: Installation
Chapter 4: Basic Configuration
Chapter 5: User Management
Chapter 6: Group Management
Chapter 7: Self-service Password Reset
Chapter 8: Using FIM to Manage Office 365 and Other Cloud Identities
Chapter 9: Reporting
Chapter 10: FIM Portal Customization
Chapter 11: Customizing Data Transformations
Chapter 12: Issuing Smart Cards
Chapter 13: Troubleshooting
  • Chapter 1: The Story in this Book
    • The Company
    • The challenges
      • Provisioning of users
      • Identity lifecycle procedures
      • Highly Privileged Accounts (HPA)
      • Password management
      • Traceability
    • The solutions
      • Implement FIM 2010 R2
      • Start using smart cards
      • Implement federation
    • The environment
    • Moving forward
    • Summary
    • Chapter 2: Overview of FIM 2010 R2
      • The history of FIM 2010 R2
      • FIM Synchronization Service (FIM Sync)
        • Management Agents
        • Non-declarative vs. declarative synchronization
        • Password synchronization
        • FIM Service Management Agent
      • FIM Service
        • Request pipeline
        • FIM Service Management Agent
        • Management Policy Rules (MPRs)
      • FIM Portal
        • Self Service Password Reset (SSPR)
      • FIM Reporting
      • FIM Certificate Management (FIM CM)
        • Certificate Management portal
      • Licensing
      • Summary
      • Capacity planning
      • Separating roles
        • Databases
        • FIM features
      • Hardware
      • Installation order
      • Prerequisites
        • Databases
          • Collation and languages
          • SQL aliases
          • FIM-Dev
          • SQL
          • SCSM
        • Web servers
          • FIM Portal
          • FIM Password Reset
          • FIM Certificate Management
        • Service accounts
        • Kerberos configuration
          • SETSPN
          • Delegation
        • System Center Service Manager Console
      • Installation
        • FIM Synchronization Service
        • FIM Service and FIM Portal
        • FIM Password Reset portal
        • FIM Certificate Management
        • SCSM management
        • SCSM Data Warehouse
      • Post-installation configuration
        • Granting FIM Service access to FIM Sync
        • Securing the FIM Service mailbox
        • Disabling indexing in SharePoint
        • Redirecting to IdentityManagement
        • Enforcing Kerberos
        • Editing binding in IIS for FIM Password sites
        • Registering SCSM Manager in Data Warehouse
        • FIM post-install scripts for Data Warehouse
      • Summary
        • Chapter 4: Basic Configuration
          • Creating Management Agents
            • Active Directory
              • Least privileged
              • Directory replication
              • Password reset
              • Creating AD MA
            • HR (SQL Server)
              • Creating SQL MA
            • Run profiles
              • Single or Multi step
          • Schema management
            • FIM Sync versus FIM Service schema
            • Object deletion in MV
            • Modifying FIM Service schema
          • FIM Service MA
            • Creating the FIM Service MA
            • Creating run profiles
            • First import
            • Filtering accounts
          • Initial load versus scheduled runs
          • Moving configuration from development to production
            • Maintenance mode for production
              • Disabling maintenance mode
            • Exporting FIM Synchronization Service settings
            • Exporting FIM Service settings
              • Exporting the FIM Service schema
              • Exporting the FIM Service policy
            • Generating the difference files
              • Generating the schema difference
              • Generating the policy difference
            • Importing to production
              • Importing custom code
              • Importing the Service schema difference
              • Importing the Synchronization Service settings
              • Importing the FIM Service policy
            • PowerShell scripts
          • Summary
          • Chapter 5: User Management
            • Modifying MPRs for user management
            • Configuring sets for user management
            • Inbound synchronization rules
            • Outbound synchronization rules
              • Outbound synchronization policy
              • Outbound system scoping filter
              • Detected rule entry
            • Provisioning
              • Non-declarative provisioning
            • Managing users in a phone system
            • Managing users in Active Directory
              • userAccountControl
              • Provision users to Active Directory
                • Synchronization rule
                • Set
                • Workflow
                • MPR
              • Inbound synchronization from AD
            • Temporal Sets
            • Self-service using the FIM portal
              • Managers can see direct reports
              • Users can manage their own attributes
            • Managing Exchange
              • Exchange 2007
              • Exchange 2010
              • Synchronization rule for Exchange
                • Mailbox users
                • Mail-enabled users
            • Summary
            • Chapter 6: Group Management
              • Group scope and types
                • Active Directory
                • FIM
                  • Type
                  • Scope
                  • Member Selection
              • Installing client add-ins
                • Add-ins and extensions
              • Modifying MPRs for group management
              • Creating and managing distribution groups
              • Importing groups from HR
              • FIM Service and Metaverse
              • Managing groups in AD
                • Security groups
                • Distribution groups
                  • Synchronization rule
                  • Set
                  • Workflow
                  • MPR
              • Summary
              • Chapter 7: Self-service Password Reset
                • Anonymous request
                  • QA versus OTP
                • Enabling password management in AD
                • Allowing FIM Service to set passwords
                • Configuring FIM Service
                  • Security context
                  • Password Reset Users Set
                  • Password Reset AuthN workflow
                    • Configuring the QA gate
                    • The OTP gate
                    • Require re-registration
                  • SSPR MPRs
                • The user experience
                • Summary
                  • Chapter 9: Reporting
                    • Verifying the SCSM setup
                      • Synchronizing data from FIM to SCSM
                    • Default reports
                    • The SCSM ETL process
                    • Looking at reports
                      • Allowing users to read reports
                    • Modifying the reports
                    • Summary
                    • Chapter 10: FIM Portal Customization
                      • Components of the UI
                      • Portal Configuration
                      • Navigation Bar Resource
                      • Search scopes
                        • Usage Keyword
                        • Search Definition
                        • Results
                        • Creating your own search scope
                      • Filter Permissions
                      • RCDC
                      • Summary
                      • Chapter 11: Customizing Data Transformations
                        • Our options
                          • PowerShell
                          • Classic rules extensions
                          • SSIS
                          • Workflow activities
                          • Extensible Connectivity Management Agent
                        • Managing Lync
                          • Provision Lync Users
                          • Managing multivalued attributes
                        • Selective deprovisioning
                        • The case with the strange roles
                        • Summary
                        • Chapter 12: Issuing Smart Cards
                          • Our scenario
                            • Assurance level
                          • Extending the schema
                          • The configuration wizard
                            • Create service accounts
                            • Create certificate templates for FIM CM service accounts
                              • FIM CM User Agent certificate template
                              • FIM CM Enrollment Agent certificate template
                              • FIM CM Key Recovery Agent certificate template
                              • Enable the templates
                            • Require SSL on the CM portal
                            • Kerberos again!
                            • Install SQL Client Tools Connectivity
                            • Run the wizard
                            • Backup certificates
                            • Rerunning the wizard
                              • The accounts
                              • The database
                          • Configuring the FIM CM Update Service
                          • Database permissions
                          • Configuring the CA
                            • Installing FIM CM CA files
                            • Configuring Policy Module
                          • Installing the FIM CM client
                          • FIM CM permissions
                            • Service Connection Point
                            • Users and groups
                            • Certificate Template
                            • Profile Template object
                            • Profile Template settings
                          • Allowing managers to issue certificates for consultants
                            • Creating a Profile Template for consultant Smart Cards
                            • Configuring permissions for consultant Smart Cards
                            • John enrolls a Smart Card
                          • RDP using Smart Cards
                          • CM Management Agent
                          • Summary
                          • Chapter 13: Troubleshooting
                            • Reminder
                            • Troubleshooting
                              • Kerberos
                              • Connected Data Sources
                              • FIM Sync
                              • FIM Service
                                • Request errors
                                • Sync errors
                                • Reporting
                              • FIM CM
                                • Agent certificates
                                • CA
                              • FIM clients
                            • Backup and restore
                              • FIM Sync
                              • FIM Service and Portal
                              • FIM CM
                              • Source code
                            • Summary

                            Kent Nordström

                            Kent Nordström wrote his first lines of code in the late 70s so he’s been working with IT for quite some time now. When Microsoft released its Windows 2000 operating system he started a close relationship with them that has continued since. For many years Kent has been working part time as a sub-contractor to Microsoft Consulting Services and has been doing many of the implementations of FIM and its predecessors for multinational companies and large organizations in Sweden. Apart from FIM, Kent is also well known within the community for his knowledge around Forefront TMG, Forefront UAG and PKI. Find out more by visiting his blog on

                            Code Downloads

                            Download the code and support files for this book.

                            Submit Errata

                            Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                            Sample chapters

                            You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                            Frequently bought together

                            Microsoft Forefront Identity Manager 2010 R2 Handbook +    IBM Websphere Portal 8: Web Experience Factory and the Cloud =
                            50% Off
                            the second eBook
                            Price for both: ₨424.80

                            Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                            What you will learn from this book

                            • Prerequisites for installing FIM 2010 R2
                            • How to install and scale the solution
                            • Implementation of User Management including Self-Service
                            • Implementation of Group Management including Self-Service
                            • Configuration of the Self-Service Password Reset feature
                            • Getting Reports from FIM
                            • Issuing Smart Cards using FIM Certificate Management
                            • Troubleshooting FIM 2010 R2

                            In Detail

                            Microsoft's Forefront Identity Manager simplifies enterprise identity management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems.

                            The "Microsoft Forefront Identity Manager 2010 R2 Handbook" is an in-depth guide to Identity Management. You will learn how to manage users and groups and implement self-service parts. This book also covers basic Certificate Management and troubleshooting.

                            Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure including both test and production environment. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail.

                            With the "Microsoft Forefront Identity Manager 2010 R2 Handbook" you will be able implement and manage FIM 2010 R2 almost effortlessly.


                            Throughout the book, we will follow a fictional company, the case study will help you in implementing FIM 2010 R2. All the examples in the book will relate to this fictive company and you will be taken from design, to installation, to configuration of FIM 2010 R2.

                            Who this book is for

                            If you are implementing and managing FIM 2010 R2 in your business, then this book is for you. You will need to have a basic understanding of Microsoft based infrastructure using Active Directory. If you are new to Forefront Identity Management, the case-study approach of this book will help you to understand the concepts and implement them.

                            Code Download and Errata
                            Packt Anytime, Anywhere
                            Register Books
                            Print Upgrades
                            eBook Downloads
                            Video Support
                            Contact Us
                            Awards Voting Nominations Previous Winners
                            Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                            Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software