We have just release Service Pack 1 for ILM 2007.
Link: http://support.microsoft.com/kb/977791
This update sets a new base line for future coming updates to ILM with much easier deployment of such updates. The biggest and most important update in this Services Pack is that we now support provisioning of mailboxes on Exchange 2010.
The AD Management Agent now has a drop down box to choose Exchange Server 2010 or 2007. With Exchange 2010 provisioning there MA uses Remote Powershell to connect to the Exchange Server so no need to have the Exchange admin tools installed on the ILM machine.
You can find some guidance on the MA for Ex 2010 on http://technet.microsoft.com/en-us/library/aa998597.aspx. This was written on a pre-release of the Service Pack so might need some minor tweaks but these should be addressed shortly.
Brjann Brekkan
A few days ago we published four new articles regarding the certificate lifecycle management component of ILM 2007.
http://support.microsoft.com/default.aspx?kbid=2012399
How to add an additional CA to be managed by CLM
http://support.microsoft.com/default.aspx?kbid=2009350
Error "A required privilege is not held by the client" when accessing CLM
http://support.microsoft.com/default.aspx?kbid=2011963
CLM: Exit Module Connection String is Empty
http://support.microsoft.com/default.aspx?kbid=2012394
"Cannot impersonate a user" error in CLM configuration wizard
//Brjann Brekkan
The FIM 2010 Eval VHD has been out for a few weeks now and I wanted to share the steps that I just took to update my version of the image to FIM 2010 RC1 Update 2 via Microsoft Update.
There are two steps in the process for this VHD.
- Adding a new network interface to connect to internet
- Updating – making backups of current machine and then connect to Microsoft Update to install the update.
If you dont want to connect to internet then you can also download the updates from Microsoft Update Catalog and install manually.
1. Adding a new Network interface
1. Shut down the Virtual Machine
2. Add a new NIC to the VM in Hyper V manager
3. Connect the NIC to an External Network that has connectivity to the Internet
Connect to Internet
1. Start the VM again
When the VM starts it will be connected to that External network that you selected above. Now you need to either leave it using DHCP or set a fixed IP depending on your network configuration. In my environment DHCP is needed.
2. Updating
1. Before doing the update you might want to snapshot your environment in HyperV and also make backups of necessary components.
Go to http://support.microsoft.com/kb/977312 for instructions on what to backup and important information about the update as well as pre and post installation steps that you might need.
Release notes for Update 2: http://www.microsoft.com/downloads/details.aspx?FamilyID=ea8312ae-f95c-4980-b8dd-9ffd027a7dc2&displaylang=en
2. When running Windows Update please accept the updates to Windows Update
3. After Windows Update restarts, allow it to check for updates.
4. There will be many updates to the machine and you might want to make all the important updates first and then go back to do the FIM Service updates found under Optional as a second step. I am running the Important updates first but if you want you can run them all at once
This is what my important updates were on 12/15/09
5. After the restart go into Administrative Tools – Services and stop Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service.
6. Go back to Windows Update and select the two updates for FIM and click OK
7. You will get a warning that tells you how many days this evaluation will continue to work. Click OK to continue.
8. Wait a minute and you will get prompted to Update FIM Synchronization Service, Click Update and sit back. You might get prompted about the Evaluation Version one more time and if you do just click OK to continue
9. The FIM Synchronization Service update ends with this screen
10. The update of FIM Portal and Service starts when you click Update on the next screen
11. You are all set to go with FIM 2010 RC 1 Update 2 when you see this screen:
Easy and Done.
/Brjann
The new FIM 2010 RC1 VHD is available for download. The VHD consists of a full environment ready for evaluation. The scenarios that are already enabled are Group Management, User provisioning and Password Reset.
To download go to :
http://www.microsoft.com/forefront/identitymanager/en/us/try-it.aspx
Good luck and keep looking here for new guidelines about the VHD
Brjann
In the last couple of days I have received the same question from people both within Microsoft as well as partners and customers regarding support for Active Directory Domain Services (ADDS) on Windows Server 2008 as a connected directory in ILM 2007. The other popular topic has been if we support running the Password Change Notification Service on ADDS as well.
The answer: Yes,
- We have tested and support the Active Directory Management Agent in ILM 2007 FP1 connecting to AD DS on Windows Server 2008 (32 and 64 bit). This includes the Active Directory Application Mode Management Agent connecting to AD Lightweight Directory Service instances as well.
- We have also tested and support installing the PCNS component on ADDS on Windows Server 2008 (32 and 64bit). One caveat - we have not tested and do not support the PCNS component on ADDS running on Windows Server 2008 Server Core.
- See previous post on this blog for more details about the support for Windows Server 2008 as a platform to install ILM 2007 FP1 on.
Hope this helps
/ Brjann Brekkan
Technical Product Manager - Identity Management
Identity and Security Business Group , Microsoft Corp
ps. The FAQ on the ILM 2007 Product page will get updated as well to clarify this (http://www.microsoft.com/windowsserver/ilm2007/faq.mspx)
Hi
The VHD we have for download from www.microsoft.com/ilm2 has a timeout issue. It is Windows Server that needs to be re armed to get another 60 days of evaluation.
If you log into Windows after the Activate Later button is activated you can run the following command from Start-Run and then restart to get another 60 days.
slmgr.vbs -rearm
Brjann Brekkan
Product Manager - ILM
ps I am intending to build a new image and to replace this one but it is a couple of weeks late so will be available around 15 Feb.
Rollup Fix for Identity Lifecycle Manager 2007 FP1 released
With the release of Identity Lifecycle Manager 2007 FP1 version 3.3.1087 we now support all components running on Windows Server 2008 32 bit as well as using Windows Server 2008 32 bit certificate authorities including clustered CA support. You can also set up multiple CLM servers using Network Load Balancing for redundancy on this layer as well. Running the ILM 2007 metadirectory services features on Windows Server 2008 has been supported for some time but we wanted to wait for CLM to support this as well before updating the system requirements pages on our ILM 2007 product pages. If you want all updates below you should download and apply the updates in KB946797
We have just released two rollup packages.
· KB957181 - ILM 2007 FP1 version 3.3.1080.2
Examples of updates in this version: Updates to how Lotus Notes Management agent as well as password synchronization honors the use of "Run this management agent in separate process".
· KB946797 - ILM 2007 FP1 version 3.3.1087.2
Examples of updates in this version: fix for issue with export only MA's and deprovisioning, fix for issue with creating strong-named extensible MA's and rules extensions, fixes to four issues with CLM including support for Windows Server 2008 32 Bit
Since the release of Featurepack 1 for Identity Lifecycle Manager 2007 there has been a few updates.
· KB952308 - ILM 2007 FP1 version 3.3.1051.2
Examples of updates in this version: Updates with attribute flows as well as some specific issues around connecting to SunOne Directory
· KB952327 - ILM 2007 FP1 version 3.3.1067.2
Examples of updates in this version: Update for how access checks in AD are performed by Certificate Lifecycle Manager
// Brjann
Identity Lifecycle Manager 2 Release candidate was released a few weeks ago and with that we have made some update to our product web site (www.microsoft.com/ilm2) as well as publishing the ILM2 RC bits and an ILM 2 RC virtual machine to the web. The product web has all the content you need to get an understanding of what the product is and then you can use Hands on and/or Webcast section below to learn more. .. Come back to this blog for more information on how to use the Virtual machine and other resources in learning about ILM 2.
Hands on
If all this sounds interesting and you have looked at ILM 2 before than go and get the download from www.microsoft.com/ilm2 right away. If you have not seen ILM 2 before and would like to take a look at what it is first then we have just kicked off a Technet Webcast series in 3 parts.
//Brjann
