FIMSpecialist

Author: RossDCurrie

  • Changing the Height of a UOCListView Control on MIM2016 under SharePoint 2019

    It’s been a while since I’ve done any kind of UI customisations to MIM Portal for end-users, so when a client asked me how to extend the height of a UOCListView control recently, I had to go hunting on how to actually do it, because naturally MIM makes it hard.

    So, it turns out the UOCListView control itelf doesn’t have a property that allows you to define height. This seems odd, as every other multivalue field in the RCDC allows you to specify “rows”, but all you can specify in this instance is the number of results per page – increase the number of results to 100, and you still have 7 rows displayed with a really big scrollbar.

    This leaves us with using CSS to extend the height of the box, and using Inspect Element pretty quickly lets me find the css that affects the height of the UOCListView control

    Following up the DOM tree, I came up with this snippet of CSS that references the grouping and control names in the RCDC, and that will do the change I want:

    #ctl00_PlaceHolderMain_EditCustomizedObject1_uoc_RoleAttributes_grouping_RoleReference_control_internalListControl_updatePanel .newListViewInternalDiv { height: 450px !important; }

    In terms of loading my custom CSS into the Portal, this is really about modifying SharePoint themes. The first place to stop was the FIM Portal Visual Theme Customization page, but none of this really works in SharePoint 2019 – from what I understand the SharePoint Modern Themes aren’t supported in MIM, and once you change from the selected legacy theme, you can’t actually change it back.

    After a bunch of google’ing, I came up with this approach instead:

    1. On your MIM Portal Server, navigate to C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\TEMPLATE\LAYOUTS\1033\STYLES
    2. Add your custom CSS to fim.css
    3. From a web browser, access https://MIMPORTAL/_layouts/15/1033/Styles/fim.css?v=randomvaluehere – putting a random value where it says randomvaluehere forces sharepoint to refresh its cache for that file
    4. Restart IIS on the MIM Portal Server
    5. Delight in the new height of your UOCListView control

    Important Note: Any MIM updates you install may over-write the fim.css file that you’ve edited, so be sure to re-update this file with your changes after update.

    Anyway, if there is a better way to increase the height of UOCListView controls in the MIM 2016 RCDC, then I haven’t been able to find it in the current documentation. If it gets added to a future update, I shall update this post accordingly. In the meantime, the above is a proven method for making this work

  • New FIM2010/MIM2016 Generic Connectors Update (v1.1.552.0)

    There’s a new support release in Technet this week for the Microsoft Connectors Pack.

    This release specifically fixes the following issues:

    • MIM2016 Generic Web Services Connector
      • WSConfig tool was incorrectly converting JSON arrays for “sample request” for the REST service method.
      • WSConfig tool does not support spaces in JSON attribute names, so a substitution pattern can now be manually added to the WSConfigTool.exe.config file
    • Lotus Notes
      • KeyNotFoundException when performing export operations after the Allow custom certifiers for Organization/Organiztional Units option is disabled
      • KeyNotFoundException when above option is enabled but required certifiers not present

    The update can be downloaded directly at the Microsoft Downloads page. For more information on changes, review the changelog.

  • Microsoft Releases Windows Azure Active Directory Management Agent

    For those that missed the announcement last week, Microsoft’s DirSync and FIM Sync teams have released an evaluation version of their new Windows Azure Active Directory Connector.

    Available through Microsoft Connect, this replaces the Office 365 connector which was previously available only through Microsoft Consulting Services and select Microsoft partners.

    An ECMA2 connector intended to be used when DirSync can’t, Microsoft still recommend using DirSync as the primary option.

    This Management Agent is currently in evaluation stage only, however Microsoft is looking for clients that are willing to install it into production as part of their Technology Adoption Program. So, if you’re running FIM and Azure Active Directory in your organisation, this is probably a pretty good opportunity as they are offering production support as part of the TAP. Interested parties can contact Andreas Kjellman at Microsoft.

    Any further queries should probably be directed to the Microsoft FIM 2010 Forum post covering the launch of the Windows Azure Active Directory connector that I ripped most of this information from.

  • Forefront Identity Manager 2010 R2 hotfix rollup 4.1.3451.0 Available

    This week, Microsoft has released hotfix rollup 4.1.3451.0 for FIM 2010 R2, which you can download from KB2849119.

    This update fixes a few minor issues, detailed in the KB article, which I have kindly provided the summaries for below:

    FIM Synchronization Service

    Issue 1

    Password management operations fail because the path for the cached version of the extension .dll file is too long. This problem also affects the WebService connector that is included in Forefront Identity Manager 2010 R2.

    Issue 2

    In certain cases in which the Synchronization Service processes ancestors, memory leaks occur.

    FIM Certificate Management

    Feature 1

    This update adds the ability in the SubjectAltName policy to specify the RegisteredID alternate name in the Subject Alternate Name entry when a certificate request is issued.

    Reporting

    Issue 1

    If you have Microsoft System Center Service Manager 2012 Service Pack 1 (SP1) installed, and you try to run a change-mode installation for FIM Service and Portal, the installation fails.

    When you install FIM Reporting on a new server that has Service Manager 2012 SP1 installed, follow these steps:

    1. Install the FIM 2010 R2 SP1 FIMService component. To do this, clear the Reporting check box.

    2. Upgrade the FIMService installation to build 4.1.3451.0.

    3. Run the change-mode installation for the FIMService, and then add Reporting.

  • FIM Calendar by Alexey Skalozub

    I was having a poke around on the web today and just noticed FIM Calendar by Alexey Skalozub, who we had previously highlighted for his fantastic FIM Delta tool.

    One of the biggest frustrations that I think many people have with FIM Portal is that features  we’ve come to expect from modern web applications just aren’t there. For example, although even the most basic websites these days can have a date picker on them, FIM Portal forces you to enter a date manually.

    But not anymore!

    Alexey has created FIM Calendar, which allows you to add familiar jQuery datepickers to the FIM Portal.

    fimcalendar

     

    Maybe not the most exciting thing that’s going to happen to me today, but still pretty cool!

    Check out FIMCalendar on github for more information.

  • FIM Reporting Extract, Transform and Load (ETL) process

    With the release of FIM 2010 R2, Microsoft introduced reporting capability into Forefront Identity Manager 2010 via the System Center Service Manager (SCSM) Data Warehousing capabilities.

    Paul Williams over at Microsoft has just released a great article on the FIM Reporting Extract, Transform and Load (ETL) process within FIM 2010 R2, and it’s well worth a read.

    For those that are new to FIM Reporting (all of us!), this is a great overview of how data moves between the FIM Services and the SCSM data warehouse and is helpful if you’re looking at setting up and configuring FIM Reporting.

  • Microsoft Releases FIM 2010 R2 BHOLD Documentation

    With the release of FIM 2010 R2, Microsoft integrated the BHOLD product it had acquired into the FIM 2010 product suite. However, until now there hasn’t been a great deal of documentation available for anyone looking to implement BHOLD. Just recently, it was noted by on Twitter that Microsoft had recently updated its BHOLD documentation:

    BHold Core Operations Guide – this “provides administering and managing information for day-to-day operations of Microsoft BHOLD Core”, contains an “Introduction to administering BHOLD Core” that gives a general overview of BHOLD Core, and a more comprehensive “Administering BHOLD Core” guide, which contains detailed tasks and procedures to accomplish BHOLD objectives and strategies.

    BHold Attestation Operations Guide – Similar to above, this “provides administering and managing information for initial and day-to-day operations of Microsoft BHOLD Attestation” and contains an “Introduction to administering BHOLD Attestation” as well as an “Administering Microsoft BHOLD Attestation” guide.

    FIM 2010 R2 BHOLD Developer Reference – handy for all those developers out there, this contains everything a developer needs to know to connect to BHOLD’s Web service API in  order to create custom applications that can interact with BHOLD (either in .NET or through ASP/VBScript).

    The release of this documentation is definitely a huge step forward in the product lifecycle of BHOLD, and makes it a lot more usable for those of us that have to implement it!

     

  • FIM 2010 R2 Hotfix (4.1.3441.0) Available

    On April 22, 2013, Microsoft released Hotfix 4.1.3441.0 for Forefront Identity Manager 2010 R2. This hotfix features a number of issue fixes, as well as a couple of new features around the MetadirectoryServicesEx.dll and the ECMA framework. The hotfix can be downloaded here.

    Peter Geelen (Microsoft) has updated the FIM 2010 Build Overview wiki article with a summary of the changes in this release:

    FIM Sync

    • Issues Fixed
      • AD MA) would stop if there was an issue during Exchange provisioning
      • PCNS, the setting for the password source
      • stopped-ma” error on FIMMA on delta import
      • ECMA2 Connectors empty reference attribute data could crash the Synchronization Service
      • error returned on object during add in ECMA2
      • Schema Refresh on an ECMA2 Connector
      • export-only ECMA2 did not correctly handle errors “The image or delta doesn’t have an anchor.”
      • When several exports are run without a confirming import and not all references could be exported, the Synchronization Service could report a “stopped-server” error.
      • Adding a value to a reference value by using scripted code throws an error “Object reference not set to an instance of an object” because of a regression in FIM 2010 R2 SP1
      • When a custom extension does not return control to the Synchronization Service in time, typically 5 minutes, the Synchronization Service crashes
    • New features
      • The Synchronization Service’s contract DLL MetadirectoryServicesEx is no longer dependent on the FIM Synchronization Service. It is now possible to load an ECMA2 Connector outside the Service which enables the ability to create unit tests for these Connectors in Visual Studio.
      • This release includes ECMA2.2 which has several new features added.

    FIMCM

    • Fixed
      • Windows 8 TPM-based virtual smart cards could not be provisioned because of a change in Smart Card Minidriver Specification v.7.
      • The ability to print photos is added by using ID Works.
      • Advanced search in Bulk Client does not work as expected when more than 1,000 results is returned from Active Directory.

    SSPR

    • Fixed
      • If a new password has a string that might violate the ASP.NET request validator such as “<script>”, the operation would fail with the exception “A potentially dangerous Request.Form value was detected from the client”

    BHOLD

    • Fixed
      • In a special case after the bhold connector was deleted in the FIM Synchronization Service and re-created, an import would be unable to see all objects in bhold.

    Nothing too interesting in this release, unless you were having specific problems. However, the new ECMA 2.2 release is worth checking out, as there is a new “capabilities” page during configuration. According to Microsoft, it is now possible to ask the user for information and connect to the target directory and use that information for the Connector’s capabilities. It will be interesting to see how this can be applied. Increased LDAP DN support has also been added, as well as improved handling of delete/update operations during delta imports.Additional details can be found on the Microsoft Developer Network (MSDN) website for ECMA2.

  • Unify Solutions run FIM Event Broker 3.1 Webinar

    Former employers of mine, Unify Solutions, recently released version 3.1 of their FIM Event Broker product, and ran a launch webinar to showcase the features of this product. If you missed it, they just released it on youtube this morning:

    If you’re unfamiliar with FIM Event Broker, it’s essentially an automation tool for the FIM Synchronization Service – but with some smarts. The core premise behind FIM Event Broker seems to be “Event Driven Identity Management” – and when configured properly, it will allow your FIM Sync operations to run in response to events in target systems, rather than on a schedule.

    New user added to HR? FIM Event Broker will detect that and run an import. Change made in the FIM Portal? FIM Event Broker will detect that and run an import. Changes in one  system require an export to another target system? FIM Event Broker has that covered too.

    Definitely an interesting product, and there’s certainly some benefit in reducing overall throughput time of identity changes, and also the number of operations performed. However, you’d have to assess how much of a benefit having event driven sync operations would have within your organisation, when compared against the regular scheduled approach most people go by. For more information about FIM Event Broker, including how to download a trial, visit the Official Website.

  • FIM2010 R2 SP1 now supported on Azure IaaS (IdMaaS?)

    Paul Williams over at Microsoft announced yesterday on his blog that Windows Azure Infrastructure as a Service (IaaS) has now gone into General Availability.

    With that release, Paul points to a KB article (KB2721672) that indicates FIM 2010 R2 SP1 is now a supported product on  Windows Azure Virtual Machines.

    There are some limitations, and some considerations which need to be made, which Paul discusses, but this is certainly very exciting, as it’s the first time that Microsoft has officially supported FIM in the cloud.

    “Identity Management as a Service” (IdmAAS) was something covered at this year’s Redmond Identity Summit, and with FIM in the cloud now becoming a reality, we’re likely to see a lot of knowledge growth in this area over the next few months as it begins to become adopted. Expect to see a lot of lessons learnt by early adopters, especially in the realm of “what not to do”.