Microsoft Identity Manager 2016 Handbook: Online Companion Guide
Introduction
This article is a companion to the MIM book release in July 2016, written by David Steadman-MSFT and Jeff Ingalls.
You find a list of online resources that are referenced by the book.
Book
Authors: David Steadman-MSFT and Jeff Ingalls
Published by Packt Publishing
Chapter 1: Overview of MIM 2016
Topic | URL |
Licensing | http://aka.ms/MIMLicense |
Chapter 2: Installation
Chapter 3: MIM Sync Configuration
Topic | URL |
How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account | https://support.microsoft.com/en-us/kb/303972 |
Carol Wapshere's article explaining deprovisioning options at | http://aka.ms/FIMDeprovisioning |
Deprovisioning options | http://bit.ly/MIMDeprovisioningOptions |
Chapter 4: MIM Service Configuration
Topic | URL |
Additional reading on the request processing model can be found at . | http://bit.ly/MIMrequestProcessing |
Function Evaluator: | http://bit.ly/MIMFunctions |
Before you start changing the service schema, you should have a look at | http://bit.ly/MIMServiceSchema |
Information about the syntax used for the regular expressions in MIM can be found at | http://aka.ms/FIMServiceSchema |
concept of deprovisioning | http://aka.ms/FIMDeprovisioning |
create your own usage keywords | http://bit.ly/MIMUsagekeywords |
Introduction to configuring and customizing the portal | http://bit.ly/MIMCustomizeportal |
Resource Control Display Configuration XML reference | http://bit.ly/MIMRCDCXMLRef |
Custom Activities | http://bit.ly/MIMCustomActivities |
full code of RequestZipLookupActivity. | http://bit.ly/MIMRequestZipLookupActivity |
logging custom activity found at | http://bit.ly/MIMCALogging |
Chapter 5: User Management
Topic | URL |
State-based processing | http://bit.ly/MIMStateBasedProcessing |
DRE | http://aka.ms/FIMDRE |
Metaverse extension code | http://aka.ms/FIMMVExtension |
UserAccountControl | http://support .microsoft.com/kb/305144 |
UAC on Wiki | http://social.technet.microsoft.com/wiki/contents/articles/how-to-enable-or-disable-accounts-in-activedirectory-domain-service-using-fim.aspx |
Exchange permissions on ADMA | http://bit.ly/MIMExchangeRecipient |
Chapter 6: Group Management
Topic | URL |
groupType in AD. | http://bit.ly/GroupTypeFlags |
SID -> Domain | http://bit.ly/MIMSyncrules |
more on deprovisioning, at | http://aka .ms/FIMDeprovisioning |
Add-ins and extensions | http://aka.ms/FIMAddIn |
Chapter 7: RBAC
Topic | URL |
BHOLD model loader | http://bit.ly/MIMBHML |
attribute-based authorization ABA. | http://bit.ly/MIMBHConcepts |
BHOLD Core Installation | http://bit.ly/MIMBHCoreInstall |
BHOLD default settings | http://bit.ly/MIMBHReg |
Connector history | http://bit.ly/MIMConnectorHist |
Reserved keywords | http://bit.ly/SQLReservedKeywords |
BHOLD Roles approval | http://bit.ly/MIMBHOLDApproval |
A complete introduction to BHOLD Integration can be found at | http://bit.ly/MIMBHAdmin |
A list of the placeholder tags can be found at | http://bit.ly/MIMBHattestation |
For more information on the Attestation module, you can go to | http://bit.ly/MIMBHAT |
Chapter 8: PAM
Topic | URL |
Microsoft's Best Practices for Securing Active Directory is a must read. Find it at | http://bit.ly/SecuringAD |
More information on PAM with an existing Active Directory forest can be found at | http://bit.ly/MIMPAMWithExistingDomains |
Microsoft's PAM deployment considerations are well documented and can be found at | http://bit.ly/PAMDeploymentConsiderations |
privileged administrative workstations PAW | http://bit.ly/PAWDocs |
Integrity Considerations for Secure Computer Systems, available at | http://bit.ly/BibaModel |
A paper on Bell-LaPadula can be found at | http://bit.ly/BellModel |
Configuring the MIM Environment for Privileged Access Management, available at | http://bit.ly/MIMPAMInstall |
List of updates | http://bit.ly/MIMUpdates. |
SID History migration | http://bit.ly/MIMSIDHistoryMigration |
Preparing PRIV | http://bit.ly/MIMPAMInstall |
Remote Server Administration Tools RSAT | http://bit.ly/Win10RSAT |
A sample demonstration of a custom PAM portal can be downloaded at | http://bit.ly/CustomPAMPortal. |
New-Website cmdlet, server 500 error. | http://bit.ly/MIMportal500 |
Microsoft's latest Azure MFA details can be found at | http://bit.ly/MIMPAMMFA. |
Explore the official TechNet documents for PAM at . | http://bit.ly/MIMPAMTechNet |
Chapter 9: Password Management
Topic | URL |
More information on security context can be found at | http://bit.ly/MIMSSPRSC |
change the MPRs to make this work, and they are defined at | http://bit.ly/MIMSSPRDeploy |
DLL for OTP | http://bit.ly/MIMOTP |
Chapter 10: Certificate Management
Topic | URL |
For basic insight on PKI and assurance, take a look at | http://bit.ly/CorePKI |
Using MIM CM with HSM | http://bit.ly/CMandLunSA |
More details on PKI design can be found at | http://bit.ly/PKIDesign |
The MIM CM permissions are defined in a Microsoft TechNet article at | http://bit.ly/MIMCMPermission |
More information about the CRL status can be found at | http://bit.ly/MIMCMCertificateStatus |
More detail on the control can be found at | http://bit.ly/MIMCMDiversifyAdminKey |
More in-depth detail of these policies can be found at | http://bit.ly/MIMCMProfiletempates |
Chapter 11: CM Client Side
Topic | URL |
MIMCMWebAgent | http://bit.ly/CMkernel |
MIMCMWebAgent then needs to be trusted for delegation | http://bit.ly/mimhost |
final delegation is rpcss from the MIM CM server; | http://bit.ly/MIMRPC |
Modern App | http://bit.ly/MIMMakeapp |
test environment | http://bit.ly/MIMModernaaptest |
Sign Tool is found within Visual Studio; more detailed information can be found at | http://bit.ly/MIMSigntool |
Non-admins | http://bit.ly/MIMNonadmins |
Working with the certificate manager | http://bit.ly/MIMCMManager |
Chapter 12: CM Scenarios
Topic | URL |
REST API for CM can be found at | http://bit.ly/MIMCMRestAPI |
TpmVscMgr command can be found at | http://bit.ly/MIMTpmVscMgr |
More information on the notification mechanism can be found at | http://bit.ly/MIMCMNotification |
More information on CM plugins can be found at | http://bit.ly/MIMCMModules. |
MIM CM Trust | http://bit.ly/MIMCMTrust |
More information on authentication levels can be found at | http://bit.ly/MIMCMselectiveAuth |
More information about these scenarios is found at | http://bit.ly/MIMCMCAEnrollmentprocessing and |
ADFS, if you need help with setting it up, visit . | http://bit.ly/MIMCMADFSGuides |
ConfigureFIMCMClientAndRelyingParty.ps1 script found at | http://bit.ly/ConfigureMIMCMClient |
Chapter 13: Reporting
Topic | URL |
the default reports are described, | http://bit.ly/MIMMOOBReports |
For further reading, a great explanation can be found at | http://bit.ly/MIMReportingETL |
For detailed guidance on extending MIM Reporting, take a look at | http://aka.ms/FIMReporting |
TechNet article outlines the general process of extending MIM Reporting | http://technet.microsoft.com/en-us/library/jj133861 |
Considerations for deploying Reporting • | http://bit.ly/MIMReportingConsiderations |
System requirements for System Center 2012 R2 | http://bit.ly/MIMSCSMrequirements |
Chapter 14: Troubleshooting
Topic | URL |
N/A | N/A |
Chapter 15: Operations And Best Practices
Topic | URL |
PowerShell script to clear run history on TechNet at | http://bit.ly/MIMClearRunHistory. |
Additional run profile guidance is given by the MIM product support team at | http://bit.ly/MIMRunProfileGuidance |
Backup and Restore Guide for FIM 2010 | http://bit.ly/MIMBackupRestoreGuide |
FIM CM Backup and Restore | http://bit.ly/MIMCMBackupAndRestore |
FIM Reporting Disaster Recovery | http://bit.ly/MIMReportingRecovery |
SCSM Disaster Recovery Guide | http://bit.ly/SCSMDisasterRecoveryGuide |
High availability and PAM disaster recovery | http://bit.ly/MIMPAMDisasterRecovery |
SharePoint Foundation 2010 Backup and Recovery | http://bit.ly/SharePoint2010BackupAndRecovery |
SharePoint Foundation 2013 Backup and Recovery | http://bit.ly/SharePoint2013BackupAndRecovery |
The official SQL documentation on reorganizing and rebuilding indexes at | http://bit.ly/SQLReorgAndRebuildIndexes |
Updates are found at | http://bit.ly/MSFTIDMUpdates |
Best Practices and Microsoft's own best practices page at | http://bit.ly/MIMMSFTBestPractices |