Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By : Kent Nordstrom
Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By: Kent Nordstrom

Overview of this book

Microsoft's Forefront Identity Manager simplifies enterprise identity management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems. The "Microsoft Forefront Identity Manager 2010 R2 Handbook" is an in-depth guide to Identity Management. You will learn how to manage users and groups and implement self-service parts. This book also covers basic Certificate Management and troubleshooting. Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure including both test and production environment. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail. With the "Microsoft Forefront Identity Manager 2010 R2 Handbook" you will be able implement and manage FIM 2010 R2 almost effortlessly.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Forefront Identity Manager 2010 R2 Handbook
Kent Nordstrom
Aug, 2012 | 446 pages
No titles found
Table of Contents (21 chapters)
Microsoft Forefront Identity Manager 2010 R2 Handbook
Microsoft Forefront Identity Manager 2010 R2 Handbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
The Story in this Book
The Story in this Book
The Company
The challenges
The solutions
The environment
Moving forward
Summary

2
Overview of FIM 2010 R2
Overview of FIM 2010 R2
The history of FIM 2010 R2
FIM Synchronization Service (FIM Sync)
FIM Service
FIM Portal
FIM Reporting
FIM Certificate Management (FIM CM)
Licensing
Summary
3
Installation
Installation
Development versus production
Capacity planning
Separating roles
Hardware
Installation order
Prerequisites
Installation
Post-installation configuration
Summary
4
Basic Configuration
Basic Configuration
Creating Management Agents
Schema management
FIM Service MA
Initial load versus scheduled runs
Moving configuration from development to production
Summary
5
User Management
User Management
Modifying MPRs for user management
Configuring sets for user management
Inbound synchronization rules
Outbound synchronization rules
Provisioning
Managing users in a phone system
Managing users in Active Directory
Temporal Sets
Self-service using the FIM portal
Managing Exchange
Summary
6
Group Management
Group Management
Group scope and types
Installing client add-ins
Modifying MPRs for group management
Creating and managing distribution groups
Importing groups from HR
FIM Service and Metaverse
Managing groups in AD
Summary
7
Self-service Password Reset
Self-service Password Reset
Anonymous request
Enabling password management in AD
Allowing FIM Service to set passwords
Configuring FIM Service
The user experience
Summary
8
Using FIM to Manage Office 365 and Other Cloud Identities
Using FIM to Manage Office 365 and Other Cloud Identities
Overview of Office 365
Summary
9
Reporting
Reporting
Verifying the SCSM setup
Default reports
The SCSM ETL process
Looking at reports
Modifying the reports
Summary
10
FIM Portal Customization
FIM Portal Customization
Components of the UI
Portal Configuration
Navigation Bar Resource
Search scopes
Filter Permissions
RCDC
Summary
11
Customizing Data Transformations
Customizing Data Transformations
Our options
Managing Lync
Selective deprovisioning
The case with the strange roles
Summary
12
Issuing Smart Cards
Issuing Smart Cards
Our scenario
Extending the schema
The configuration wizard
Configuring the FIM CM Update Service
Database permissions
Configuring the CA
Installing the FIM CM client
FIM CM permissions
Allowing managers to issue certificates for consultants
RDP using Smart Cards
CM Management Agent
Summary
13
Troubleshooting
Troubleshooting
Reminder
Troubleshooting
Backup and restore
Summary
Afterword
Afterword
Index
Index

Managing users in Active Directory

One of the most common external systems we have in FIM is Active Directory. Managing users in Active Directory is very much a question of understanding how Active Directory works. I have seen many FIM designs violating the basic functionality of Active Directory.

There are also quite a few attributes in Active Directory that require special treatment and knowledge. The most common one is the attribute userAccountControl.

At The Company, the idea is that management of normal users in Active Directory is to be made using FIM. A few things, however, are not managed by FIM; one is the initial password.

At The Company, the initial password is set by the users themselves when they visit the security officer's desk to identify themselves and sign a form about account usage. At the desk, there is a small web application where the user can fill in his initial password.

The initial password, as well as account name and e-mail addresses, are common attributes in Active...

Previous Section
End of Section 8
Next Section