FIM Sync Flow with ScreenShots and Code snippets

Years ago Brad Turner and I created a Flow Chart of FIM data flow with Screenshots and Code snippets. Some of the code examples are funny and it still says ILM rather than FIM. It also doesn't include filter based out bound filter-based sync rules that came with R2. Bearing those things in mind it still provides a good bit of value. Someday I will update it with the latest -- until then enjoy.

FIM Hotfix for PCNS to support 2012 R2 DC's

With the latest hotfix MSFT now supports running PCNS on Windows Server 2012 R2. FIM still should not be installed on Windows Server 2012 R2 (2012 yes, 2008 R2 yes, 2008 yes). Only PCNS can be installed on Windows Server 2012 R2. The hotfix article has a slight error indicating that it is ok to install FIM Sync Service on 2012 R2 if you have installed the hotfix PCNS on 2012 R2 -- not true (the article should get corrected soon). Be warned this update may break ECMA 1 and ECMA 2.0 based MA's. That is they may not run returning "stopped-extension-dll-load" There are workarounds published in the article.

Movie Review of Home -- or how IDM could have saved the day.

Over the weekend I took one of my children to see the new animated film  Home starring Jim Parsons, Rihanna, Steve Martin and Jennifer Lopez. A group of technically superior but very cowardly aliens, called the Boov flee from their implacable enemy, the Gorgs, and decide to take over Earth, relocating all of the primitive natives (us) to Australia. Aside from the political commentary of the entire human race being placed in a reservation, the thing that most struck me was how one of the near disasters could have been averted through solid Identity Management Systems. A hapless and lonely Boov, named "Oh" invited his new neighbors to a "warming of house party." When no one showed, he sought out other acquaintances to invite and sent out an Evite ™ but he accidently did a Send All, which somehow included their implacable enemy. Great hilarity ensues as the evite will take 40 hrs to reach their enemy.

First of all the Boov can't be that superior if they don't have automated Group Management that limits their distribution lists to just those that should be in there, excluding, oh I don't know -- your enemies.

Second, the big brains of the Boov figure out that they can just sign in to "oh's" account and cancel his evite. Their Leader Captain Smek victoriously proclaims "Good thing I made everyone use the same password -- of 'password'." But Oh's password is unique. Scratch that idea. They are clearly lacking the capability for the administrator to reset a password.

Third, Oh finally figures out he needs to cancel his invite, so he attempts to log in to his evite/email account. He fails not quite remembering his password. Fortunately his second attempt succeeds. But had it failed it would have been nice if he could have availed himself of a Self Service Password Reset (SSPR) mechanism.

Finally, their recall email message capability is far better than ours. I mean if the evite took 40 hours to reach the Gorgs, then hour did the recall message reach them instantly? Usually when someone recalls a message it just causes all recipients to read it all the more carefully as they try to find out what was so bad that the sender decided to recall it. In fact if you want to ensure that people read a message attempt to recall it ;)