Following on from Brian’s last post about The Experts Conference, I also wanted to share my experience with the conference and talk about a session that Markus Vilcinskas and I delivered.
This year marked the 6th TEC event that I attended, and I firmly believe that if you work with Microsoft Identity and Access technology (and now Exchange) and you have to pick one conference a year to attend, TEC is the event to go to. As a little backgrounder, the Directory Experts Conference (DEC) was conceived by NetPro’s Gil Kirkpatrick (CTO) and Christine McDermott (VP of Marketing) back in 2002 and was originally designed to be a “get together” of smart AD professionals that would discuss AD over pizza and beer (at least that was Gil’s plan). Gil tells the story better than I could, so here’s a link to his account on the conception of the event. Since the 2002 event in Arizona, NetPro continued the event, growing its constituency and technology focus year over year. DEC 2005 in Vancouver was the first event I attended, and it was the first event to host a dedicated MIIS track. We had a small out of the way room, and between 20 and 30 people in most of the sessions. That year I presented with Andreas Luther, then GPM of the MIIS Product Team, on the changes introduced in MIIS 2003 SP1… man that was a long time ago. For a flash back to that time, here’s the deck for that session. Since 2005, I’ve presented at a few events in Las Vegas, once in Chicago and even once in Belgium (where I badly sprained my ankle on an excursion to Luxemburg and got to spend a lovely evening in the Brussels hospital and the rest of the conference on crutches). As Brian pointed out in last week’s post, the conference has been renamed from DEC to TEC since Quest’s acquisition of NetPro. This is in part to break the “D” for Directory out of the primary name of the conference since the event is branching out to include other technologies. TEC now includes:
- The Experts Conference for Directory and Identity
- The Experts Conference for Exchange
What I love most about this conference are the people that I meet and the experiences that they have to share, both on stage and off. Not only is the conference well attended by the Microsoft Product Teams that are building the technology the conference is focused on, but they are also well attended by our partner community, both ISVs and SIs, and as such is a great opportunity to get together with the people that do the same thing you do and share stories and experiences. My friend Craig Martin talked about this a little during his “ILM 2 Migration Strategies” session this year and compared TEC to the place where the bumble-bee girl finds happiness in the Blind Mellon video for their song “No Rain”. In the video, a little girl finds herself estranged from everyone else because she went around wearing a bumble-bee costume, but finally found her bliss in a place where everyone wears bumble-bee costumes. This hit it on the head for me. In my “normal life”, nobody really wants to hear about the trials and tribulations of Enterprise Identity and Access Management. Of course they do ask, but the deer-in-the-headlights stare quickly makes it evident that they were hoping for a more generic answer. However, at TEC, people do care and we all have stories to share with each other. These experiences help us grow both in our professional and our personal lives, as the connections made at these events lead to friendships as well as a larger networking circle.
While the conference is very serious in its purpose of providing highly technical content to its constituents, there is also a lot of fun to be had. This year included a large chicken making its way around the conference, making for fun photo-ops. Also, every year there is a challenge presented by Stuart Kwan called the Wook Lee Challenge (now called the Wook Lee Memorial Challenge as Wook has failed to make the past few events). Each year, Stuart throws out some suggestions for how to incorporate Microsoft’s IDA technology into some humorous and artistic endeavor (poetry, music, art). For some examples, check out these links:
2008 Winner (From Pam Dingle's Blog)
2009 Winner (From YouTube)
Well… enough about that and on to the session that Markus and I delivered. Markus and I have presented together at the last 4 events and I’ve had a lot of fun in the process. Markus is deeply technical, being one of the longest standing members of the ILM Product Team and he has a great sense of humor, which definitely comes through in his presentation style. The session was a 300/400 level session on Declarative Provisioning (formerly called Codeless Provisioning) in Forefront Identity Manager 2010. This session was a deep dive into how Declarative Provisioning works, which includes a bunch of new acronyms (we Micropeeps love our acronyms!). In the session we explained in detail how the following work and interact with each other:
o Management Policy Rules (MPRs)
o Action Workflows (AWs)
o Synchronization Rule Objects (SROs)
o Inbound Sync Rules (ISRs)
o Outbound Sync Rules (OSRs)
o Expected Rules Lists (ERLs)
o Expected Rules Entries (EREs)
o Detected Rules Lists (DRLs)
o Detected Rules Entries (DREs)
In addition to giving a deep dive into how Declarative Provisioning works, we also introduced a problem space called “Object State Detection” (OSD). Object State Detection is a new feature in FIM 2010 that enables you to document and detect specific states of an object in a connected data source and to take action based on them, allowing rules to be processed based on confirmation of the detected state. In our presentation we used as an example the states of “Enabled AD User” and “Disabled AD User” and demonstrated how to configure the system to send email notifications to a user’s manager when their state was manually changed in the connected system (in this case AD). This scenario implements something Markus and I termed an “Operational Outbound Sync Rule”, whose purpose is simply to define the state of the object, via an Existence Test, that you are looking to perform actions on. Operational OSRs do not actually result in the flow of data to the connected data source because they are not linked to an Action Workflow; their only purpose is to define the Existence Test that will be evaluated during Inbound Synchronization in the FIM Synchronization Service. Note: OSRs that are configured with Existence Tests are processed at the end of an Inbound Synchronization process (in the FIM Synchronization Service) for the purpose of generating DREs. This concept can be applied to any type of state that can be detected via an FIM MA. Some other examples of states that you might be interested in managing via OSD:
- Account exists in system X (perhaps a finance application under SOX scrutiny?)
- AD User is Mailbox Enabled
- AD User is OCS Enabled
- RACF User has TSO Access
The session was well received and is available here for you to review. This deck was not the deck used at TEC, but is a revised version that we used to present the content internally, and as such has a little more content.
Thanks for taking the time to visit The IDA Guys blog. If you have any questions, feel free to post them and I’ll do my best to get back to you shortly.