Share via


Microsoft Identity Manager 2016 Handbook: Online Companion Guide

Introduction

This article is a companion to the MIM book release in July 2016, written by David Steadman-MSFT and Jeff Ingalls.

You find a list of online resources that are referenced by the book.

Book

http://aka.ms/MIM2016Book

Authors: David Steadman-MSFT and Jeff Ingalls

Published by Packt Publishing

Chapter 1: Overview of MIM 2016

 

Topic URL
Licensing http://aka.ms/MIMLicense

 

Chapter 2: Installation

 

Topic URL
Capacity planning http://bit.ly/MIMCapacityPlanning
SCSM Deployment http://aka.ms/SCSM2010Deployment
MIM Planning http://bit.ly/MIMplanning
Hardware http://aka.ms/VirtualizationBestPractices
Supported Platforms http://bit.ly/MIMSupportedplat
FIM Supported Platforms http://bit.ly/FIMSupportedplat
Language packs http://aka.ms/FIMLanguagePacks
SQL Collation http://aka.ms/SQLCollations
SCSM collation problems http://aka.ms/SCSMCollations
Changing collaction http://bit.ly/MIMbefore
SCSM 2010 technet http://bit.ly/SCSMTech
SCSM Two server Deployment http://aka.ms/SCSM2010Deployment
SCSM documentation http://bit.ly/SCSMDeploy
Authorization Manager Hotfix http://support.microsoft.com/kb/975332
Chun Liu blog post on IIS 7 http://blogs.msdn.com/b/chunliu/archive/2010/03/24/why-SharePoint-2010-not-use-kernel-mode-authentication-in-iis7.aspx
2012 AS MO http://www.microsoft.com/en-us/download/details.aspx?id=42295
2008 AS AMO http://www.microsoft.com/en-us/download/details.aspx?id=6375
SCSM Collation vs languages http://bit.ly/MIMSCSMCollations
SQL Collation vs languages http://bit.ly/MIMSQLCollations
Ports Required for SCSM http://aka.ms/SCSM2010Ports

 

Chapter 3: MIM Sync Configuration

Topic URL
How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account https://support.microsoft.com/en-us/kb/303972
Carol Wapshere's article explaining deprovisioning options at http://aka.ms/FIMDeprovisioning
Deprovisioning options http://bit.ly/MIMDeprovisioningOptions

 

Chapter 4: MIM Service Configuration

Topic URL
Additional reading on the request processing model can be found at . http://bit.ly/MIMrequestProcessing
Function Evaluator: http://bit.ly/MIMFunctions
Before you start changing the service schema, you should have a look at http://bit.ly/MIMServiceSchema
Information about the syntax used for the regular expressions in MIM can be found at http://aka.ms/FIMServiceSchema
concept of deprovisioning http://aka.ms/FIMDeprovisioning
create your own usage keywords http://bit.ly/MIMUsagekeywords
Introduction to configuring and customizing the portal http://bit.ly/MIMCustomizeportal
Resource Control Display Configuration XML reference http://bit.ly/MIMRCDCXMLRef
Custom Activities http://bit.ly/MIMCustomActivities
full code of RequestZipLookupActivity. http://bit.ly/MIMRequestZipLookupActivity
logging custom activity found at http://bit.ly/MIMCALogging

 

Chapter 5: User Management

Topic URL
State-based processing http://bit.ly/MIMStateBasedProcessing
DRE http://aka.ms/FIMDRE
Metaverse extension code http://aka.ms/FIMMVExtension
UserAccountControl http://support .microsoft.com/kb/305144
UAC on Wiki http://social.technet.microsoft.com/wiki/contents/articles/how-to-enable-or-disable-accounts-in-activedirectory-domain-service-using-fim.aspx
Exchange permissions on ADMA http://bit.ly/MIMExchangeRecipient

 

Chapter 6: Group Management

Topic URL
groupType in AD. http://bit.ly/GroupTypeFlags
SID -> Domain http://bit.ly/MIMSyncrules
more on deprovisioning, at http://aka .ms/FIMDeprovisioning
Add-ins and extensions http://aka.ms/FIMAddIn

 

Chapter 7: RBAC

Topic URL
BHOLD model loader http://bit.ly/MIMBHML
attribute-based authorization ABA. http://bit.ly/MIMBHConcepts
BHOLD Core Installation http://bit.ly/MIMBHCoreInstall
BHOLD default settings http://bit.ly/MIMBHReg
Connector history http://bit.ly/MIMConnectorHist
Reserved keywords http://bit.ly/SQLReservedKeywords
BHOLD Roles approval http://bit.ly/MIMBHOLDApproval
A complete introduction to BHOLD Integration can be found at http://bit.ly/MIMBHAdmin
A list of the placeholder tags can be found at http://bit.ly/MIMBHattestation
For more information on the Attestation module, you can go to http://bit.ly/MIMBHAT

 

Chapter 8: PAM

Topic URL
Microsoft's Best Practices for Securing Active Directory is a must read. Find it at http://bit.ly/SecuringAD
More information on PAM with an existing Active Directory forest can be found at http://bit.ly/MIMPAMWithExistingDomains
Microsoft's PAM deployment considerations are well documented and can be found at http://bit.ly/PAMDeploymentConsiderations
privileged administrative workstations PAW http://bit.ly/PAWDocs
Integrity Considerations for Secure Computer Systems, available at http://bit.ly/BibaModel
A paper on Bell-LaPadula can be found at http://bit.ly/BellModel
Configuring the MIM Environment for Privileged Access Management, available at http://bit.ly/MIMPAMInstall
List of updates http://bit.ly/MIMUpdates.
SID History migration http://bit.ly/MIMSIDHistoryMigration
Preparing PRIV http://bit.ly/MIMPAMInstall
Remote Server Administration Tools RSAT http://bit.ly/Win10RSAT
A sample demonstration of a custom PAM portal can be downloaded at http://bit.ly/CustomPAMPortal.
New-Website cmdlet, server 500 error. http://bit.ly/MIMportal500
Microsoft's latest Azure MFA details can be found at http://bit.ly/MIMPAMMFA.
Explore the official TechNet documents for PAM at . http://bit.ly/MIMPAMTechNet

 

Chapter 9: Password Management

Topic URL
More information on security context can be found at http://bit.ly/MIMSSPRSC
change the MPRs to make this work, and they are defined at http://bit.ly/MIMSSPRDeploy
DLL for OTP http://bit.ly/MIMOTP

 

Chapter 10: Certificate Management

Topic URL
For basic insight on PKI and assurance, take a look at http://bit.ly/CorePKI
Using MIM CM with HSM http://bit.ly/CMandLunSA
More details on PKI design can be found at http://bit.ly/PKIDesign
The MIM CM permissions are defined in a Microsoft TechNet article at http://bit.ly/MIMCMPermission
More information about the CRL status can be found at http://bit.ly/MIMCMCertificateStatus
More detail on the control can be found at http://bit.ly/MIMCMDiversifyAdminKey
More in-depth detail of these policies can be found at http://bit.ly/MIMCMProfiletempates

 

Chapter 11: CM Client Side

Topic URL
MIMCMWebAgent http://bit.ly/CMkernel
MIMCMWebAgent then needs to be trusted for delegation http://bit.ly/mimhost
final delegation is rpcss from the MIM CM server; http://bit.ly/MIMRPC
Modern App http://bit.ly/MIMMakeapp
test environment http://bit.ly/MIMModernaaptest
Sign Tool is found within Visual Studio; more detailed information can be found at http://bit.ly/MIMSigntool
Non-admins http://bit.ly/MIMNonadmins
Working with the certificate manager http://bit.ly/MIMCMManager

 

Chapter 12: CM Scenarios

Topic URL
REST API for CM can be found at http://bit.ly/MIMCMRestAPI
TpmVscMgr command can be found at http://bit.ly/MIMTpmVscMgr
More information on the notification mechanism can be found at http://bit.ly/MIMCMNotification
More information on CM plugins can be found at http://bit.ly/MIMCMModules.
MIM CM Trust http://bit.ly/MIMCMTrust
More information on authentication levels can be found at http://bit.ly/MIMCMselectiveAuth
More information about these scenarios is found at http://bit.ly/MIMCMCAEnrollmentprocessing and

http://bit.ly/MIMCMCrossForestCAlab

ADFS, if you need help with setting it up, visit . http://bit.ly/MIMCMADFSGuides
ConfigureFIMCMClientAndRelyingParty.ps1 script found at http://bit.ly/ConfigureMIMCMClient

 

Chapter 13: Reporting

Topic URL
the default reports are described, http://bit.ly/MIMMOOBReports
For further reading, a great explanation can be found at http://bit.ly/MIMReportingETL
For detailed guidance on extending MIM Reporting, take a look at http://aka.ms/FIMReporting
TechNet article outlines the general process of extending MIM Reporting http://technet.microsoft.com/en-us/library/jj133861
Considerations for deploying Reporting • http://bit.ly/MIMReportingConsiderations
System requirements for System Center 2012 R2 http://bit.ly/MIMSCSMrequirements

Chapter 14: Troubleshooting 

Topic URL
N/A N/A

 

Chapter 15: Operations And Best Practices

Topic URL
PowerShell script to clear run history on TechNet at http://bit.ly/MIMClearRunHistory.
Additional run profile guidance is given by the MIM product support team at http://bit.ly/MIMRunProfileGuidance
Backup and Restore Guide for FIM 2010 http://bit.ly/MIMBackupRestoreGuide
FIM CM Backup and Restore http://bit.ly/MIMCMBackupAndRestore
FIM Reporting Disaster Recovery http://bit.ly/MIMReportingRecovery
SCSM Disaster Recovery Guide http://bit.ly/SCSMDisasterRecoveryGuide
High availability and PAM disaster recovery http://bit.ly/MIMPAMDisasterRecovery
SharePoint Foundation 2010 Backup and Recovery  http://bit.ly/SharePoint2010BackupAndRecovery
SharePoint Foundation 2013 Backup and Recovery http://bit.ly/SharePoint2013BackupAndRecovery
The official SQL documentation on reorganizing and rebuilding indexes at http://bit.ly/SQLReorgAndRebuildIndexes
Updates are found at http://bit.ly/MSFTIDMUpdates
Best Practices and Microsoft's own best practices page at http://bit.ly/MIMMSFTBestPractices