RunHistory Parsing

In writing some scripts to dig out Sync errors lately I ran into a strange bug.  On the plus side, I wasn’t able to repro on FIM, just on ILM.

Issue

Running this command will eventually start to return null:

Get-WmiObject -Class MIIS_RunHistory -Namespace root/MicrosoftIdentityIntegrationServer -filter("MaName='MyMA'")

This is strange because the query doesn’t change, but eventually it will just stop working.  The cmdlet doesn’t report an error, it just stops returning results.  Once this happens the only way I am able to fix it is to restart the ‘Windows Management Infrastructure’ service.

Workaround

Cycling the WMI service is a bit of a pain, so instead I issue the query using the MaGUID:

$ma = Get-WmiObject -Class MIIS_ManagementAgent -Namespace root/MicrosoftIdentityIntegrationServer -Filter("Name='MyMA'")
Get-WmiObject -Class MIIS_RunHistory -Namespace root/MicrosoftIdentityIntegrationServer -filter("MaGuid='" + $ma.guid + "'")

Issuing the query using the MA Guid did not repro the problem.  A simple little workaround to a strange little problem.

FIM 2010 RTM’d!

Big day today, FIM 2010 RTM was announced at RSA.

Microsoft® Forefront™ Identity Manager 2010 Evaluation Version

FIM is a very important release as it stands on the shoulders of the sync engine to provide a strong workflow engine along with new UI for both administrators and end users.  The sync engine has been an appliance that could largely hide in a datacenter until now.  In FIM Microsoft takes advantage of Microsoft Office to expose identity data to end users.

FIM 2010 is a huge leap forward in terms of functionality and extensibility.  I’m happy to see RTM, and excited about what Microsoft and partners will build on top of this new platform.

Test Exchange Connectivity

Stumbled upon a really cool Exchange troubleshooting tool. Could be handy when troubleshooting Exchange errors in FIM deployments.

https://www.testexchangeconnectivity.com/

FIM Group Management Competition

Couldn’t resist posting a link to a demo of the group management feature in Exchange 2010.  It raises the bar for group management demos at TEC this year.

Microsoft Acquisition of Sentillion

Very interesting, Microsoft intends to buy Sentillion. I worked on a project a few years ago where we used MIIS to sync with Sentillion.

Wonder if this will drive FIM adoption in Healthcare.

UPDATE: Seems like Sentillion integration will make its way into FIM 2010 eventually.

FIM 2010 SDK and IT Pro Docs

FIM 2010 SDK on MSDN
I look in here all the time when trying to figure out the details on how things work in FIM, as well as looking into all the extensibility points. For some reason I wasn't able to find this until just recently.

FIM 2010 IT Pro Docs on TechNet
The IT Pro Docs on TechNet are really useful if you're new to FIM and want to try it out in your own lab. Also handy to sanity checking your lab configurations. The installation guide is especially handy.

Troublshooting Password Resets

FIM Self-Service Password Reset makes use of the FIM Sync Service to deliver the passwords to Active Directory, as described in Anthony Ho's Blog.

When troubleshooting you are probably going to be focusing on different product components:
1. FIM Self-Service Password Reset Client Issues
2. FIM Service Issues
3. FIM Sync Issues

If you've narrowed it down to #3 then it is handy to repro without having to constantly go through the SSPR gates.

To troubleshoot FIM Sync password issues try using PowerShell to call WMI against the ADMA in question. It will quickly tell you what the error is, allowing you to make configuration changes to test different options.

T'here's a WMI script in the MSDN Developer Reference for ILM, but if you look at the bottom of the page there is also a much shorter PowerShell script.

Happy troubleshooting!

TEC 2010 - Got a speaker slot!

I'm honoured to have a speaking opportunity at TEC next year. Hopefully next year I won't lose my voice the night before sessions begin!