We're starting to see this show up more in the press after the PDC. http://www.infoworld.com/article/05/09/21/HNinfocard_1.html

The Microsoft Identity and Access Management Solution Series is a set of prescriptive guidance, code samples, and architecture references that guide customers on building real life Identity Management solutions. This web cast will cover the upcoming release on Provisioning and Workflow as well as a roadmap...

Seriously, this stuff is really hard. I work in the Identity Management space and most of my time has focused more on enterprise Idm solutions (things like metadirectories and provisioning). Recently, I have been studying this from a more wholistic internet identity management topic. Much of the discussion...

This book has some great details on Active Directory Group Policies. I can't wait to get a copy myself. http://www.microsoft.com/MSPress/books/8763.asp

This is somewhat old news by now, but I wanted to remind folks about the announcements in this press release. http://www.microsoft.com/presspass/press/2005/may05/05-13MSSunEventPR.mspx Basically, Microsoft and Sun have really started to show some progress on partnerships that were annouced a year...

I recently found a tool that can help do performance analysis on servers in your environment. This tool gathers the data from the Performance Monitor and does some level of analysis to help diagnose issues. It is especially good at IIS 6.0 and Active Directory. Link: http://www.microsoft.com/downloads...

In general, MIIS solutions have one connected data source that is authoritative for deletes and drives the deprovisioning process. A common MIIS configuration is to set the object deletion rule to delete the MV object when the connector is removed from this authoritative MA. This will cause a MV delete...

The eWeek article below talks about Microsoft and the Liberty Alliance. I guess IBM recently decided to join the Liberty Alliance (along with already being a part of designing the ws-federation standards with Microsoft). Interesting article. http://www.eweek.com/article2/0,1759,1681595,00.asp This stuff...

I have posted on this Blog recently about life in MCS. This probably holds true for consulting engagements in general. Setting a comfortable travel schedule is really important when you are on the road all the time. On the other hand, this travel schedule would need to be negotiated with the client....

My current project is using MIIS to assist with an Exchange Resource Forest. The company has decided to run Exchange in the headquarters and each sub-Company would maintain their own Active Directory for login and security. The Exchange forest has placeholder accounts (mailboxes) that the external accounts...

This could be obvious to many, but this recently slowed me down one time when I did not realize it. When you run an import off of file, table, etc., MIIS will not process deletes if there are any import errors. This is by design and makes sense. If MIIS decides to delete records it does not get in the...

I got a question asking what it is like to work for Microsoft Consulting Services. This may very well be one of my friends messing with me, but regardless, I thought it might be worth telling some stories now and then. The particular question was about work/life balance. There is no sugar coating here;...

For the non-LDAP people, this cause quite a bit of confusion. First name is "givenName" and Last name is "sn." Street in ADUC is "streetAddress" in AD (of course, there is also a 'street' attribute to add to the confusion!). There is a page on MSDN that explains the mapping; this link is your friend...

I am a little sick and tired about hearing that people are tentative about modifying the Active Directory schema! Maybe this is Microsoft's fault since we put so many warnings up about doing this. I say modify it like crazy. In fact, I think we should all add a schema attribute called "i-modified-the...

What ends up happening is that I start a new project and get horribly busy and have no time to post. I ended up making a bunch of notes of good things to post, so I have a little backlog of things. Expect a bunch here over the next couple days.

This is a good set of step by step guides for Active Directory on managing, securing, configuring, etc.

The previous post ( http://weblogs.asp.net/btrst4/archive/2004/08/30/222629.aspx ) on this topic showed you how to import picture data into AD. This post shows you how to retieve the data and write it back out to a file. It might be more realistic to retrieve the data from AD and display it in a portal...

One of the big advantages of an Active Directory implementation is to store all of someone's personal data in their AD object. Nothing could be more personal than a photo. In many cases, companies already have pictures of users for ID badges, portals, etc. It seems like it would make a lot of sense to...

I was working on a project recently and the Exchange 2003 Recipient Update Service (RUS) was adding X.400 addresses and other junk to my mail enabled users. I was basically mail enabling a bunch of users in AD to synchronize the GAL with another email system. I could certainly configure the recipient...

I guess I can write WMI scripts if I have to, but it sure is nice to find samples to do the work. I guess I thought most people were aware (and lived by) the Scriptomatic Utility. I have had a few questions about WMI lately and this excellent utility came to the rescue. Basically you browse many of the...

In many cases, you might just be looking to setup an ADAM instance that is pretty much a replica of the AD data. MIIS could easily solve this requirement, but maybe you need something more lightweight. The AD to ADAM Synchronizer tool might be the perfect solution. Two key things to remember: One way...

If you have ever used Windows Performance Monitor and had trouble changing the time period for really big perf log files, there is a helpful tool for you. I have often driven myself crazy trying to squeeze that time window down to the hour I want and gone crazy. The link below points to a few helpful...

I guess I find it valuable to post painful experiences here. Maybe it will help someone else and it certainly gives me a chance to vent. We were setting up a test forest (single domain) for some very simplistic testing. For some reason, we could not add machines to the domain or dcpromo a second DC...

I got feedback from Brian Senecal that mentioned ADAM also relates to Coleco ADAM, which is a computer / game system from the early 80's. Pretty funny because I never considered that when I posted this. Time for the conspriacy theories to start... Here is a picture : Coleco ADAM seems to still...

ADAM stands for Active Directory Application Mode and is a new application released with Windows Server 2003 (though it can run on Windows XP). It is a lightweight LDAP directory that offers basic LDAP functions with a subset of Active Directory functionality. From the introduction whitepaper on microsoft...