Data
Reader small image

You're reading from  Microsoft Forefront Identity Manager 2010 R2 Handbook

Product typeBook
Published inAug 2012
PublisherPackt
ISBN-139781849685368
Edition1st Edition
Tools
Microsoft Identity Manager
Concepts
Identity Management
Right arrow
Author (1)
Kent Nordstrom
Kent Nordstrom
author image
Kent Nordstrom

Kent Nordström wrote his first lines of code in the late 70s so he's been working with IT for quite some time now. When Microsoft released its Windows 2000 operating system he started a close relationship with them that has continued since. For many years Kent has been working part time as a sub-contractor to Microsoft Consulting Services and has been doing many of the implementations of FIM and its predecessors for multinational companies and large organizations in Sweden. Apart from FIM, Kent is also well known within the community for his knowledge around Forefront TMG, Forefront UAG and PKI. Find out more by visiting his blog on http://konab.com.
Read more about Kent Nordstrom

Right arrow

Chapter 4. Basic Configuration

If you have followed this book, you will now have a freshly installed FIM 2010 R2 environment. In this chapter, we will discuss some of the basic configurations we need to look at, no matter how our environment looks or how we plan to use FIM 2010 R2.

If you have an environment already set up, I hope that this chapter can act as a guide for you to verify that you have not missed any important steps causing your FIM environment to not work properly.

In this chapter we will focus on the initial configuration of FIM Synchronization Service and FIM Service. Specifically, we will cover the following topics:

  • Creating Management Agents

  • Schema management

  • FIM Service MA

  • Initial load versus scheduled runs

  • Moving configuration from development to production

Note

All the configurations are made on the FIM-Dev system, and as you will see at the end of this chapter, we will move that configuration from the development to the production servers.

Creating Management Agents

Before we even start to use our FIM implementation to manage identities, we need to decide where the information about the identities will come from and where the information will go.

It is also very important that we start off with the essential connections and then add other connections after verifying that the basics are working.

A very typical scenario is the one we have—The Company has an HR (Human Resource) system that will, for the most part, work as the source of identity information. Then it has Active Directory, which is the primary system to receive identity information.

The basic flow will be HR - FIM - AD.

But that is only the basic flow, and as you will see later in this book, there are other sources of information and also other targets.

Active Directory

Almost 100 percent of the FIM implementations have at least one Management Agent connected to an Active Directory.

There are a few things to consider before creating this Management Agent. I suggest you...

Schema management

Very early on in our FIM deployment, we ran into discussions regarding the need for schema changes in FIM.

The default schema is, in almost every case, not sufficient and needs to be modified.

I will only give a short overview in this chapter about this, and will try to explain more in the coming chapters, as we look into the details of FIM implementation at The Company.

FIM Sync versus FIM Service schema

One of the problems with the FIM Synchronization/FIM Service system is that it holds two schemas. We have one schema for the FIM Synchronization Service database and one for the FIM Service database.

Depending on our needs, we change one or both of these schemas. Whether the attributes or objects are required within FIM Service depends on whether or not they are managed using FIM Portal, or used in some policy. If not, we do not need them in the FIM Service schema.

On the other hand, if an attribute or object type is used in a policy within FIM Service, but is never supposed...

FIM Service MA

The AD and HR (SQL Server) MA only give the synchronization engine the possibility of talking to these data sources. But in order for FIM to apply its logic to the data flow, we need to have the very special MA connecting FIM Synchronization Service to FIM Service.

Even if you implement it like almost any other MA, you will soon find out that this is not a typical MA. In most cases, this will be the first MA we create.

Creating the FIM Service MA

I will walk you through the steps for creating the FIM Service MA, which are as follows:

  1. Start FIM Synchronization Service Manager.

  2. Select the Management Agents tool, and click Create in the Actions pane.

  3. Select the FIM Service Management Agent option in the Management agent for: drop-down list:

  4. Give the MA a descriptive name; at The Company we simply call it FIM Service:

  5. As we are using SQL Aliases, we will use the alias server name dbFIMService:

    The FIM Service MA will not only connect to the FIM Service Database, but also make calls to...

Initial load versus scheduled runs

When we first start to import information into Synchronization Engine it is likely that information already exists in many or all of the connected systems.

We might need to create special synchronization rules just for the initial load, which are not used again unless we need to rebuild the data.

Let me give you an example. At The Company, the basic idea is that users should be imported from the HR system and created in AD. But when we start, there might be existing users in AD and we would need to connect them using a Join rather than provisioning (creating) them in AD. During the initial load we would therefore turn off Provision in FIM, import users from both systems, project them into the MV, and join the users existing in both the systems.

Initial load is usually done manually; that is, we manually start the required run profiles for each MA.

If the environment is large, the initial load might take many hours due to the fact that, when we export our objects...

Moving configuration from development to production

So far, I have done all the changes on the FIM-Dev server, which is my test/pilot/dev environment. We now need to transfer the information from development to production.

The steps to move the configuration vary a little depending on what kind of changes you have made. But basically we have two major areas, FIM Synchronization Service and FIM Service. We move changes to each in different ways.

If I have made any changes to the FIM Synchronization Service schema or any MA, I need to move this configuration as well. Otherwise, I will settle with only moving the FIM Service configuration.

The tool we use to move the FIM Service configuration is PowerShell. When working with FIM, you will realize that PowerShell will be something you will have to learn.

The main steps are as follows:

  1. Export the FIM Service schema, FIM Service Policy configuration, and FIM Synchronization Service configuration on both development and production systems.

  2. Compare the...

Summary

In this chapter, we have seen how The Company configured their first Management Agents and prepared the FIM environment for further configuration.

In my experience, the most common source of errors in the FIM environment is the lack of well-documented processes to make sure the development/test and production environments look the same. Learning and documenting how to move your configuration from development/test to production is vital as the configuration gets more complex.

If you take your time to make sure your basic configuration setup is satisfactory, it will save you many hours of troubleshooting later on. If you feel confident that your basic configuration is correct, moving on and making more complex configuration settings will be easier.

We are now ready to actually do something with our FIM environment. In the next chapter, we will start off by looking at how to configure FIM for user management.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 10 of 21
Next Chapter
You have been reading a chapter from
Microsoft Forefront Identity Manager 2010 R2 Handbook
Published in: Aug 2012Publisher: PacktISBN-13: 9781849685368
© 2012 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Kent Nordstrom

Kent Nordström wrote his first lines of code in the late 70s so he's been working with IT for quite some time now. When Microsoft released its Windows 2000 operating system he started a close relationship with them that has continued since. For many years Kent has been working part time as a sub-contractor to Microsoft Consulting Services and has been doing many of the implementations of FIM and its predecessors for multinational companies and large organizations in Sweden. Apart from FIM, Kent is also well known within the community for his knowledge around Forefront TMG, Forefront UAG and PKI. Find out more by visiting his blog on http://konab.com.
Read more about Kent Nordstrom

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages