Microsoft Identity Manager 2016 Handbook: Online Companion Guide
Introduction
This article is a companion to the MIM book release in July 2016, written by David Steadman-MSFT and Jeff Ingalls.
You find a list of online resources that are referenced by the book.
Book
Authors: David Steadman-MSFT and Jeff Ingalls
Published by Packt Publishing
Chapter 1: Overview of MIM 2016
| Topic | URL |
| Licensing | http://aka.ms/MIMLicense |
Chapter 2: Installation
Chapter 3: MIM Sync Configuration
| Topic | URL |
| How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account | https://support.microsoft.com/en-us/kb/303972 |
| Carol Wapshere's article explaining deprovisioning options at | http://aka.ms/FIMDeprovisioning |
| Deprovisioning options | http://bit.ly/MIMDeprovisioningOptions |
Chapter 4: MIM Service Configuration
| Topic | URL |
| Additional reading on the request processing model can be found at . | http://bit.ly/MIMrequestProcessing |
| Function Evaluator: | http://bit.ly/MIMFunctions |
| Before you start changing the service schema, you should have a look at | http://bit.ly/MIMServiceSchema |
| Information about the syntax used for the regular expressions in MIM can be found at | http://aka.ms/FIMServiceSchema |
| concept of deprovisioning | http://aka.ms/FIMDeprovisioning |
| create your own usage keywords | http://bit.ly/MIMUsagekeywords |
| Introduction to configuring and customizing the portal | http://bit.ly/MIMCustomizeportal |
| Resource Control Display Configuration XML reference | http://bit.ly/MIMRCDCXMLRef |
| Custom Activities | http://bit.ly/MIMCustomActivities |
| full code of RequestZipLookupActivity. | http://bit.ly/MIMRequestZipLookupActivity |
| logging custom activity found at | http://bit.ly/MIMCALogging |
Chapter 5: User Management
| Topic | URL |
| State-based processing | http://bit.ly/MIMStateBasedProcessing |
| DRE | http://aka.ms/FIMDRE |
| Metaverse extension code | http://aka.ms/FIMMVExtension |
| UserAccountControl | http://support .microsoft.com/kb/305144 |
| UAC on Wiki | http://social.technet.microsoft.com/wiki/contents/articles/how-to-enable-or-disable-accounts-in-activedirectory-domain-service-using-fim.aspx |
| Exchange permissions on ADMA | http://bit.ly/MIMExchangeRecipient |
Chapter 6: Group Management
| Topic | URL |
| groupType in AD. | http://bit.ly/GroupTypeFlags |
| SID -> Domain | http://bit.ly/MIMSyncrules |
| more on deprovisioning, at | http://aka .ms/FIMDeprovisioning |
| Add-ins and extensions | http://aka.ms/FIMAddIn |
Chapter 7: RBAC
| Topic | URL |
| BHOLD model loader | http://bit.ly/MIMBHML |
| attribute-based authorization ABA. | http://bit.ly/MIMBHConcepts |
| BHOLD Core Installation | http://bit.ly/MIMBHCoreInstall |
| BHOLD default settings | http://bit.ly/MIMBHReg |
| Connector history | http://bit.ly/MIMConnectorHist |
| Reserved keywords | http://bit.ly/SQLReservedKeywords |
| BHOLD Roles approval | http://bit.ly/MIMBHOLDApproval |
| A complete introduction to BHOLD Integration can be found at | http://bit.ly/MIMBHAdmin |
| A list of the placeholder tags can be found at | http://bit.ly/MIMBHattestation |
| For more information on the Attestation module, you can go to | http://bit.ly/MIMBHAT |
Chapter 8: PAM
| Topic | URL |
| Microsoft's Best Practices for Securing Active Directory is a must read. Find it at | http://bit.ly/SecuringAD |
| More information on PAM with an existing Active Directory forest can be found at | http://bit.ly/MIMPAMWithExistingDomains |
| Microsoft's PAM deployment considerations are well documented and can be found at | http://bit.ly/PAMDeploymentConsiderations |
| privileged administrative workstations PAW | http://bit.ly/PAWDocs |
| Integrity Considerations for Secure Computer Systems, available at | http://bit.ly/BibaModel |
| A paper on Bell-LaPadula can be found at | http://bit.ly/BellModel |
| Configuring the MIM Environment for Privileged Access Management, available at | http://bit.ly/MIMPAMInstall |
| List of updates | http://bit.ly/MIMUpdates. |
| SID History migration | http://bit.ly/MIMSIDHistoryMigration |
| Preparing PRIV | http://bit.ly/MIMPAMInstall |
| Remote Server Administration Tools RSAT | http://bit.ly/Win10RSAT |
| A sample demonstration of a custom PAM portal can be downloaded at | http://bit.ly/CustomPAMPortal. |
| New-Website cmdlet, server 500 error. | http://bit.ly/MIMportal500 |
| Microsoft's latest Azure MFA details can be found at | http://bit.ly/MIMPAMMFA. |
| Explore the official TechNet documents for PAM at . | http://bit.ly/MIMPAMTechNet |
Chapter 9: Password Management
| Topic | URL |
| More information on security context can be found at | http://bit.ly/MIMSSPRSC |
| change the MPRs to make this work, and they are defined at | http://bit.ly/MIMSSPRDeploy |
| DLL for OTP | http://bit.ly/MIMOTP |
Chapter 10: Certificate Management
| Topic | URL |
| For basic insight on PKI and assurance, take a look at | http://bit.ly/CorePKI |
| Using MIM CM with HSM | http://bit.ly/CMandLunSA |
| More details on PKI design can be found at | http://bit.ly/PKIDesign |
| The MIM CM permissions are defined in a Microsoft TechNet article at | http://bit.ly/MIMCMPermission |
| More information about the CRL status can be found at | http://bit.ly/MIMCMCertificateStatus |
| More detail on the control can be found at | http://bit.ly/MIMCMDiversifyAdminKey |
| More in-depth detail of these policies can be found at | http://bit.ly/MIMCMProfiletempates |
Chapter 11: CM Client Side
| Topic | URL |
| MIMCMWebAgent | http://bit.ly/CMkernel |
| MIMCMWebAgent then needs to be trusted for delegation | http://bit.ly/mimhost |
| final delegation is rpcss from the MIM CM server; | http://bit.ly/MIMRPC |
| Modern App | http://bit.ly/MIMMakeapp |
| test environment | http://bit.ly/MIMModernaaptest |
| Sign Tool is found within Visual Studio; more detailed information can be found at | http://bit.ly/MIMSigntool |
| Non-admins | http://bit.ly/MIMNonadmins |
| Working with the certificate manager | http://bit.ly/MIMCMManager |
Chapter 12: CM Scenarios
| Topic | URL |
| REST API for CM can be found at | http://bit.ly/MIMCMRestAPI |
| TpmVscMgr command can be found at | http://bit.ly/MIMTpmVscMgr |
| More information on the notification mechanism can be found at | http://bit.ly/MIMCMNotification |
| More information on CM plugins can be found at | http://bit.ly/MIMCMModules. |
| MIM CM Trust | http://bit.ly/MIMCMTrust |
| More information on authentication levels can be found at | http://bit.ly/MIMCMselectiveAuth |
| More information about these scenarios is found at | http://bit.ly/MIMCMCAEnrollmentprocessing and |
| ADFS, if you need help with setting it up, visit . | http://bit.ly/MIMCMADFSGuides |
| ConfigureFIMCMClientAndRelyingParty.ps1 script found at | http://bit.ly/ConfigureMIMCMClient |
Chapter 13: Reporting
| Topic | URL |
| the default reports are described, | http://bit.ly/MIMMOOBReports |
| For further reading, a great explanation can be found at | http://bit.ly/MIMReportingETL |
| For detailed guidance on extending MIM Reporting, take a look at | http://aka.ms/FIMReporting |
| TechNet article outlines the general process of extending MIM Reporting | http://technet.microsoft.com/en-us/library/jj133861 |
| Considerations for deploying Reporting • | http://bit.ly/MIMReportingConsiderations |
| System requirements for System Center 2012 R2 | http://bit.ly/MIMSCSMrequirements |
Chapter 14: Troubleshooting
| Topic | URL |
| N/A | N/A |
Chapter 15: Operations And Best Practices
| Topic | URL |
| PowerShell script to clear run history on TechNet at | http://bit.ly/MIMClearRunHistory. |
| Additional run profile guidance is given by the MIM product support team at | http://bit.ly/MIMRunProfileGuidance |
| Backup and Restore Guide for FIM 2010 | http://bit.ly/MIMBackupRestoreGuide |
| FIM CM Backup and Restore | http://bit.ly/MIMCMBackupAndRestore |
| FIM Reporting Disaster Recovery | http://bit.ly/MIMReportingRecovery |
| SCSM Disaster Recovery Guide | http://bit.ly/SCSMDisasterRecoveryGuide |
| High availability and PAM disaster recovery | http://bit.ly/MIMPAMDisasterRecovery |
| SharePoint Foundation 2010 Backup and Recovery | http://bit.ly/SharePoint2010BackupAndRecovery |
| SharePoint Foundation 2013 Backup and Recovery | http://bit.ly/SharePoint2013BackupAndRecovery |
| The official SQL documentation on reorganizing and rebuilding indexes at | http://bit.ly/SQLReorgAndRebuildIndexes |
| Updates are found at | http://bit.ly/MSFTIDMUpdates |
| Best Practices and Microsoft's own best practices page at | http://bit.ly/MIMMSFTBestPractices |