Preface
Microsoft's Forefront Identity Manager simplifies enterprise Identity Management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems.
The Microsoft Forefront Identity Manager 2010 R2 Handbook is an in-depth guide to Identity Management. You will learn how to manage users and groups, and implement self-service parts. This book also covers basic Certificate Management and troubleshooting.
Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure, including both test and production environments. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail.
With the Microsoft Forefront Identity Manager 2010 R2 Handbook you will be able to implement and manage FIM 2010 R2 almost effortlessly.
What this book covers
Chapter 1, The Story in this Book: In this chapter, the author gives a short description of a fictive company, which he uses throughout the book as an example.
He also discusses some of the Identity Management-related challenges faced by the fictive company, solutions to these challenges, and the company's IT system infrastructure.
Chapter 2, Overview of FIM 2010 R2: In this chapter, the author gives an overview of the history of FIM 2010 R2, FIM Synchronization Service, FIM Service, FIM Portal, FIM Reporting, FIM Certificate Management, and licensing.
Chapter 3, Installation: In this chapter, we discuss the prerequisites for installing different components of FIM 2010 R2, see how to actually install the components, and look at a few post-installation steps to get it working.
Chapter 4, Basic Configuration: In this chapter, we discuss some of the basic configurations we need to look at, no matter how our environment looks or how we plan to use FIM 2010 R2. We focus on the initial configuration of FIM Synchronization Service and FIM Service, specifically topics such as creating Management Agents, schema management, FIM Service Management Agents, initial load versus scheduled runs, and moving configurations from the development to the production environment.
If you have an environment already set up, this chapter can act as a guide for you to verify that you have not missed any important steps that will cause your FIM environment to not work properly.
Chapter 5, User Management: User management is the primary goal for most FIM deployments. Synchronizing user information between different Management Agents, and managing user provisioning/deprovisioning is often the first thing we focus on in our FIM deployment.
In this chapter, we discuss how user management is set up in FIM Service and FIM Synchronization Service. We also discuss how to manage users in Active Directory, Microsoft Exchange, a fictive phone system, and how to enable users to do some self-service.
Chapter 6, Group Management: Once you have User Management in place, it is usually time to start looking at Group Management. In this chapter, we will look at the different group scopes and types in AD and FIM, how to manage groups using the Outlook add-in, and synchronizing groups between HR, AD, and FIM.
Chapter 7, Self-service Password Reset: In this chapter, we look at the Self-service Password Reset (SSPR) feature, which allows users to reset their own passwords if they have forgotten them.
We discuss how to enable password management in AD, allow FIM Service to set a password, and configure FIM Service. We also discuss the user experience of the Self-service Password Reset feature.
Chapter 8, Using FIM to Manage Office 365 and Other Cloud Identities: In this chapter, we see how FIM 2010 R2 might fit into the puzzle of managing Office 365 identities and also how FIM might play a role in Identity Federation scenarios.
Chapter 9, Reporting: One of the new features in FIM 2010 R2 is built-in Reporting support. In this chapter, we discuss how to verify the System Center Service Manager 2010 (SCSM) setup, the default reports that are automatically installed, and the SCSM ETL process. We look at the methods to check/verify and modify reports.
Chapter 10, FIM Portal Customization: In this chapter, we take a quick look at the components of the FIM Portal UI. We discuss how to modify the basic FIM Portal UI, and how to customize search scopes and forms.
Chapter 11, Customizing Data Transformations: In this chapter, we will discuss the overall need and options for data transformation and selective deprovisioning. We also look at an example of managing Microsoft Lync, and a case with strange roles.
Chapter 12, Issuing Smart Cards: In this chapter, we will take a look at how we can use FIM CM to issue Smart Cards. You will see how FIM CM adds a lot of functionality and security to the process of managing the complete lifecycle of your Smart Cards.
Chapter 13, Troubleshooting: In this chapter, we discuss how to go about troubleshooting issues, depending on where we see the failure and the type of failure. We also see how to perform backup and restore the various parts of FIM.
What you need for this book
In the book we install and configure a complete FIM 2010 R2 environment. In this book, all the installations and servers use the following operating system:
Microsoft Windows Server 2008 R2 SP1 Enterprise Edition
.NET Framework 3.5.1
The required software is as follows:
Microsoft Forefront Identity Manager 2010 R2
Microsoft SQL Server 2008 R2 SP1
Microsoft Visual Studio 2008 SP1
Microsoft SharePoint Foundation 2010
Microsoft System Center Service Manager 2010
Apart from the software required to get FIM 2010 R2 up and running, the following software is also used or referred to in the book:
Microsoft DirSync x64; this software is used to synchronize data with Office 365.
Microsoft Active Directory Federation Services 2.0.
Granfeldt PowerShell Management Agent 2.0 is used to demonstrate extensible connectivity. More info on this can be found at http://aka.ms/PowerShellMA.
Who this book is for
If you are implementing and managing FIM 2010 R2 in your business, then this book is for you. You will need to have a basic understanding of Microsoft-based infrastructure using Active Directory. If you are new to Forefront Identity Management, the case-study approach of this book will help you understand the concepts and implement them.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "The public domain used by The Company is company.com
; this is also the primary email domain used."
A block of code is set as follows:
<!-- hex-encoded certificate hash. --> <add key="Clm.SigningCertificate.Hash" value="1F9AA53D5D15C17969ACA0A5C1FD102C61978E25" />
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: " Open up the Security tab in the domain.".
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>
, and mention the book title through the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]>
with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]>
if you are having a problem with any aspect of the book, and we will do our best to address it.