Microsoft Identity Manager – aka FIM vNext

Couple of seconds ago, Microsoft disclosed new information about FIM vNext – now called Microsoft Identity Manager (MIM)!

Go quickly to to get the latest update about the on-premis part of Microsoft’s hybrid identity management solution. It’s worth the time…

Hybrid Identity Management

Yesterday, Microsoft has published a new page covering hybrid identity management –

So what’s new and what’s Microsoft’s approach regards hybrid identity management?

Microsoft has a rich history in identity management, via Windows Server Active Directory and Forefront Identity Manager. Now, Microsoft is expanding this lineup to include cloud-based identity and access management solutions on Azure Active Directory. The result provides Microsoft customers with a powerful set of hybrid identity solutions to maintain a single identity for each user across on-premises and in the cloud.

In addition to the new web page, a white paper and datasheet have been published as well:

New Microsoft Azure Active Directory Content

Note-to-self: Microsoft has published lot of new Azure Active Directory (AAD) content after //build:

Easiest way to troubleshoot DirectAccess issues – The DirectAccess Client Troubleshooting tool

Yesterday was a really great day, because Microsoft released or published the DirectAccess Client Troubleshooting tool on Microsoft Downloads.

But what’s the DirectAccess Client Troubleshooting Tool? Well, here’s a very short description:

The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests.  The following tests are currently implemented:

  • Network interfaces
  • Network location (NLS and NRPT DNS)
  • IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS)
  • Windows Firewall (applied profile, Firewall outbound rules)
  • Certificates (EKU Client Authentication, trust chain for AIA and CRL)
  • IPsec infrastructure tunnel (Domain SysVol share)
  • IPsec intranet tunnel (PING and HTTP probes)

And there are more “hidden” features that I will describe in a next blog. Oh and yes, the development team of this tool is working on the next release, which will include even more awesome features! :-)

Go and crab your copy from

General Availability of Azure Active Directory, Generic LDAP, and SharePoint UPS Connectors for FIM 2010 R2

After a couple of months, the three new FIM 2010 R2 Connectors have left the RC phase and are now GA! Here’s a short overview about the three new Connectors:

Windows Azure Active Directory Connector

This Connector can be used in scenarios not supported by DirSync, for example multi-forest or non-AD. The Connector comes with sample code and configuration for a resource/account-forest scenario. For more information, please refer to the TechNet documentation:

Generic LDAP

This Connector will allow you to connect to an LDAPv3 compliant directory. It currently supports the same LDAP directories (IBM, Novell, and Oracle) we ship with FIM 2010 R2 and will over time replace the built-in LDAP Management Agents. For more information, please refer to the TechNet documentation:

SharePoint User Profile Store

This Connector will connect to the SharePoint User Profile Store and can be used as a replacement for the built-in synchronization engine which comes with SharePoint, for example in mulit-forest or non-AD scenarios. For more information, please refer to the TechNet documentation:

A Swiss blog about Microsoft's Security & Identity and Access Management solutions for Private and Public Clouds