The table below lists the public release versions of the product, including service packs, updates, rollups and hotfixes of MIIS 2003, IIFP, ILM 2007,FIM 2010, FIM 2010 R2, MIM 2016, and AAD Connect.

Feel free to update this page however please keep this list to public releases only (no private builds).

 


MIIS 2003

 

Version Product Link
3.0.692.0 MIIS RTM
3.1.287.0 MIIS 2003 SP1
3.1.1016.0 MIIS 2003 SP1 Hotfix
3.1.1020.0 MIIS 2003 SP1 Hotfix
3.1.1026.0 MIIS 2003 SP1 Hotfix
3.1.1030.0 MIIS 2003 SP1 Hotfix
3.1.1036.0 MIIS 2003 SP1 Hotfix
3.1.1042.0 MIIS 2003 SP1 Hotfix
3.1.1046.0 MIIS 2003 SP1 Hotfix http://support.microsoft.com/kb/884192
3.1.1049.0 MIIS 2003 SP1 Hotfix http://support.microsoft.com/kb/925709

 


ILM 2007 (MIIS + CLM)

 

Version Product Link
3.2.559 ILM 2007 RTM -
3.2.1005 IIFP SP2 http://www.microsoft.com/en-us/download/details.aspx?id=11149
3.2.1016 MIIS 2003 Hotfix http://support.microsoft.com/kb/950370
3.2.1016 ILM 2007 Hotfix http://support.microsoft.com/kb/950497

 


ILM 2007 FP1

 

Version Product Link
3.3.0118.0 ILM 2007 FP1 RTM http://support.microsoft.com/kb/2000082
3.3.1051.2 ILM 2007 FP1 Hotfix http://support.microsoft.com/kb/952308
3.3.1067.2 ILM 2007 FP1 Hotfix http://support.microsoft.com/kb/952327
3.3.1087.2 ILM 2007 FP1 Hotfix http://support.microsoft.com/kb/946797
3.3.1101.2 ILM 2007 FP1 Hotfix http://support.microsoft.com/kb/960765
3.3.1139.2 ILM 2007 FP1 SP1 http://support.microsoft.com/kb/977791
3.3.1160.2 ILM 2007 FP1 Hotfix http://support.microsoft.com/kb/982556
3.3.1169.2 ILM 2007 FP1 Hotfix http://support.microsoft.com/kb/2346516

 


FIM 2010

Version Product Link Date
 4.0.2450.49  FIM 2010 - SharePoint 2010    
 4.0.2450.51  FIM 2010 - SharePoint 2013    
4.0.2592.0 FIM 2010 RTM - -
4.0.3531.2 FIM 2010 RTM Update 1 http://support.microsoft.com/kb/978864 October 13, 2010
4.0.3547.2 FIM 2010 RTM Hotfix http://support.microsoft.com/kb/2028634 March 2, 2010
4.0.3558.2 FIM 2010 RTM Hotfix http://support.microsoft.com/kb/2272389 Apr 8, 2011
4.0.3573.2 FIM 2010 RTM Hotfix http://support.microsoft.com/kb/2417774 February 2, 2011
4.0.3576.2 FIM 2010 RTM Hotfix http://support.microsoft.com/kb/2502631 Mar 23, 2011
4.0.3594.2 FIM 2010 RTM Hotfix http://support.microsoft.com/kb/2520954 Oct 23, 2011
4.0.3606.2 FIM 2010 RTM Update 2 http://support.microsoft.com/kb/2635086 Feb 27, 2012
4.0.3617.2 FIM 2010 Hotfix http://support.microsoft.com/kb/2688078 May 30, 2012
4.0.3627.2 FIM 2010 Hotfix http://support.microsoft.com/kb/2737503 Aug 27, 2012
4.0.3644.2 FIM 2010 Hotfix http://support.microsoft.com/kb/2750673 Nov 12, 2012
4.0.3684.2 FIM 2010 Hotfix http://support.microsoft.com/kb/2819338 Mar 19, 2013
4.0.3714.2 FIM 2010 Hotfix http://support.microsoft.com/kb/2887498 Nov 27, 2013
4.0.3733.2 FIM 2010 Hotfix http://support.microsoft.com/kb/2926490 Feb 7, 2014

 


FIM 2010 R2

Version Product Link Date
4.1.1906.0 FIM 2010 R2 RC - -
4.1.2089.0 FIM 2010 R2 RC Refresh - -
4.1.2273.0 FIM 2010 R2 RTM - June 14, 2012
4.1.2515.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2734159 August 21, 2012
4.1.2548.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2750671 November 5, 2012
4.1.3114.0 FIM 2010 R2 SP1 http://support.microsoft.com/kb/2772429 January 30, 2013
4.1.3419.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2814853 February 18, 2013
4.1.3441.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2832389 April 25, 2013
4.1.3451.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2849119 June 9, 2013
4.1.3461.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2870703 August 20, 2013
4.1.3469.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2877254 October 6, 2013
4.1.3479.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2889529 October 15, 2013
4.1.3496.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2906832 November 21, 2013
4.1.3508.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2913228 February 13, 2014
4.1.3510.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2934816 February 22, 2014
4.1.3559.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2969673 June 18, 2014
4.1.3599.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2980295 September 2, 2014
4.1.3613.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3011057 November 25, 2014
4.1.3627.0  FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3022704 February 23, 2015
4.1.3634.0  FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3048056 April 30, 2015
4.1.3646.0  FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3054196 June 24, 2015

MIM 2016

Version Product Link Date
4.3.1935.0 MIM 2016 GA http://aka.ms/MIM2016 August 6, 2015

BHOLD

Version Product Link Date
4.1.3441.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2832389 April 25, 2013
4.1.3461.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2870703 August 20, 2013
4.1.3479.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb2889529 October 15, 2013
4.1.3510.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/2934816 March 06, 2014
5.0.2836.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3011057 November 25, 2014
5.0.2959.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3022704 February 23, 2015

 


AAD Connect

Version Product Link Date
1.0.8624 Initial Release of AADConnect http://go.microsoft.com/fwlink/?LinkId=615771 2015/06/18

Connectors (Management Agents)

Lotus Domino Connector

Version Link Date Highlights
5.0.520.0 KB2741896 2012/09/11

Issue 1



After the update is installed, you can set the _MMS_CertDaysToExpire property to a value that is larger than 99 days.

Issue 1



Fixes an issue in which a full import is interrupted or cannot start when the full text index feature is not enabled or updated on the Domino server address book database. After the update is installed, the full import does not require the full text index feature to be enabled.

Issue 1



Fixes an issue in which the distinguished names of imported objects differ from the reference attributes (for example, the member attribute). This issue causes placeholder objects to be created in the connector space.

Issue 1



Fixes an issue in which the Connector reports Argument has been deleted" because of the bad objects in Lotus Domino.

Issue 1



Fixes an issue in which the MailDomain attribute is mapped incorrectly to the Forwarding address attribute.

Issue 1



Fixes an issue in which the KEYFILENAME value in the Notes.ini file is not reset to the original value after Lotus Domino Connector finishes the operation.

Feature 1



Assume that certain references are not in the distinguished name format. This typically occurs on the member attribute for groups. For example, you find that the email addresses that represent the users outside Lotus Domino and the email address that represent users inside Lotus Domino are in different formats. After the update is installed, Lotus Domino Connector can create real objects in the connector space in so that these users can be joined or provisioned to the Forefront Identity Manager 2010 metaverse. Note To enable this update, select Enable creation of place holder objects on the global parameters page, and then select the _Contact object type on the Select object types page. After the configuration is enabled, entries in reference attributes that cannot be translated to a distinguished name are created as a _Contact object.

Feature 2



Adds support to import and set up Contacts and non-certified users. To set up new non-certified users, use the _MMS_IDStoreType property.

Feature 3



Improves performance by using a larger page size setting on the run profile. The default page size now is 1,000. To increase import speed, you can change the setting to a value between 2,500 and 5,000 to reduce the number of data exchange between the Domino server.

5.3.259.0 KB2823899 2013/04/03

Issue 1



In Domino, an object could be a member of a group several times by using a different case. For example "CN=Example,NAB=names.nsf" and "CN=eXample,NAB=names.nsf" may each be found as a member of the same group. The Synchronization Service reports a staging error on objects that have these duplicate distinguished names (DNs).

Issue 2



In Domino, a reference value that has trailing white spaces may cause the Synchronization Service to crash.

Issue 3



For random attributes that use empty string values, the Lotus Notes client may throw the following exception during an import: Index was outside the bounds of an array.

Issue 4



For random attributes, the Lotus Notes client may throw the following exception during an export: Error: Object reference not set to an instance of an object.

Issue 5



When the Lotus Domino connector tries to export an object rename, such as a change of last name, the following exception is thrown from the connector: Encrypted parameter should be retrieved using the Secure Value property.

Issue 6



During a full import from Domino, an object that was flagged for replication conflict is imported. This causes transient objects to be created in connector space so that it becomes possible to have multiple objects that have the same distinguished name (DN). After this update is installed, a new option is added on the global page to enable objects that are marked as conflict resolution victims. These objects are now silently ignored and will not be present in the connector space.

Issue 7



With the earlier algorithm for creating the distinguished name (DN) for _Contact objects, it was possible that the created object would conflict with an existing object in the address book. After this update is installed, all _Contact objects are now created by using the additional VC=_Contact object in their DN.

Issue 8



It was not possible to have both a Lotus Domino connector and the new SharePoint Identity connector on the same server.

Feature 1



In Domino, an object may have multiple distinguished names. The Full name attribute is multivalued, and references from other objects can use any of the values in the Full name attribute. After this update is installed, _Contact objects can be created and enabled for each value in the Full name attribute. This makes sure that these references can be resolved. For these _Contact objects, the following attributes are also added to enable joining to the real object:•_personEmployeeID

  • _personShortName
  • _personEmployeeNumber
  • _personDisplayName
  • _routingName
  • _contactName
  • _displayName
  • UniversalID

Feature 2



In Domino, a reference attribute that has routing information may be embedded as a suffix to the distinguished name (DN). For example, the member attribute in a group could contain "CN=example/organization@routing_information." The routing information is used by Domino to send email messages to the correct Domino system. This might be a system in a different organization. After this update is installed, on the global page, you can specify the format of the routing suffixes that are used within the organization in scope of the connector. If one of these values is found as a suffix in a reference attribute, the routing information is removed from the reference so that the reference attribute will match the DN for the object in the connector space. If the routing suffix on a reference value cannot be matched to one of those that are specified, a _Contact object is created. The _Contact object that is created has "RO=@RoutingSuffix" inserted into the distinguished name. For such _Contact objects, the following attributes are also added to enable joining to a real object if this is necessary:•_routingName

  • _contactName
  • _displayName
  • UniversalID

Feature 3



Support for Lotus Notes 9 is added.

5.3.534.0 KB2875551 2013/08/09

Issue 1



You cannot create new contact objects in the primary address book.

Issue 2



When a string contains a comma, the connector considers the attribute as a multivalued attribute. This causes an "exported-change-not-reimported" warning message when you confirm the import.

Issue 3



The connector removes leading and trailing spaces when strings are exported. This causes an "exported-change-not-reimported" warning message when you confirm the import.

Issue 4



If the export type is set to Append, the connector throws a NullReferenceException message on certain kinds of data.

Issue 5



If the password that is supplied to the connector is empty, such as when you update a schema or when you import a server configuration, the Lotus Notes client stops responding. After this update is installed, the connector protects you from this situation by not permitting any operations against Lotus Notes unless there is a password available to the connector.

5.3.721.0 KB2899874 2013/10/22

Issue 1



The connector removes leading and trailing spaces when strings are exported. This triggers an "exported-change-not-reimported" warning message when you confirm the import.

Issue 1



If the AdminP process doesn't respond in a timely manner, the Synchronization Service seems to stop responding (hang). After you apply this hotfix rollup, the Connector now times out the AdminP request after 15 seconds, and the operation is kept in the Connector Space. At the next export or during confirmation of the import when the change is processed by AdminP, the Connector merges the change.

Feature 1



Logging for the Connector has moved from text files in the extension folder to ETW logging. This was done for consistency with other Connectors from Microsoft. This also addresses an issue in which the FIM Synchronization Service reported an error because of changes in the extension folder.

Feature 2



By default, the Domino Connector uses the directory assistance service in Lotus Domino to detect secondary address books. When this service is not enabled, you can now manually add the secondary address books. To do this, enter the secondary address books in the Additional address books to add to the partition list on the Global property page. The Synchronization Service uses these address books in addition to those returned by the directory assistance service.

Feature 3



There's a new Use AdminP for updating references option. By default, this option is enabled and lets AdminP keep referential integrity intact. In case AdminP is not configured to maintain referential integrity, you can now export reference attributes as they appear in the connector space and thereby bypass AdminP.

Feature 4



In earlier releases, the Connector assumes that all references can be resolved to the names.nsf primary address book. When Lotus Domino is configured to have separate address books with different distinguished names representing the same object, it's now possible to also create _Contact objects for all reference values that are found in an address book. On the Global parameters page under Enable creation of _Contact objects, select the new Reference and Non-Reference Values option.

Feature 5



The Connector now runs in a 64-bit process.

5.3.1003.0 KB2932635 2014/02/10

Issue 1



You export group members that are other groups (also known as nested groups) to Domino. If the groups are located in the root of the directory, the membership will be incorrect. To correctly export group members in this scenario, set the Enable Creation of _Contacts object option on the global page to None.

Issue 2



In a Domino system where records are updated by a back-end process, some records might not appear in a full import. This behavior occurs if search indexes are out-of-date in Domino. This causes some of the records in the FIM Synchronization Service to be deleted. If you experience this problem, change the new Perform Full Import By option from the default setting of Search to Views.

Issue 3



Password synchronization operations are always reported as successful even if the user is not present in Domino. An operation that fails because of a deleted user is now reported as Failed in the event log.

 

Web Services Connector

Version Link Date Highlights
5.3.407.0 KB2854417 2013/06/27

Issue 1



The Web Service Configuration Tool crashes upon initialization because of an unsigned .dll file that is part of the tools package.

Issue 2



The Web Service Configuration Tool gives a warning message when a workflow is selected: "Add-In component for workflow configuration is not found."

Issue 3



The Web Service Connector creates a new connection to SAP for every operation. The new connection remains active until the connection times out on the SAP side. The default time-out value is 30 minutes. This problem occurs when the cookie that is provided by SAP is not saved. To reproduce the expected behavior, open the web service configuration template in the Web Service Configuration Tool, select to rediscover all WSDL endpoints, and then save the updated template.

Issue 4



If there are errors when reference attributes are exported, the data that is reported back from the connector to the Synchronization Service causes the service to crash.

1.0.419.911 KB3008178 2014/10/23

Issue 1



The WebServices connector uses 100 percent CPU during password synchronization if many of the password operations fail with a password violation error. Features that are added

Feature 1



This update adds support for REST-based web services. This includes support for XML and JSON data formats and for parsing these formats.

Feature 2



This update adds support for additional bindings for Transport and Message Level security. The new options are as follows:

  • BasicHTTPBinding
  • WSHttpBinding
  • NetTCPBinding
These bindings also support the following authentication methods:
  • Basic
  • Certificate
  • Digest
  • Windows

Feature 3



In new WebServices connectors, the capabilities page is visible. This makes it possible to configure the connectors’ behavior.

Feature 4



This update adds event tracing for Windows (ETW) logging to the WebServices connector and the configuration tool.

Feature 5



This update adds new templates for SAP to support the following object types: •User •Role •Group


Generic LDAP Connector

Forefront Identity Manager Connector for Generic LDAP ( Technical Reference )

Version Link Date Highlights
4.3.836.0 Initial Release 2014/03/10  
4.3.1082.0 KB2936070 2014/03/10

Issue 1



When you try to connect to a Lightweight Directory Access Protocol (LDAP) server that has Secure Sockets Layer (SSL) protocol/Transport Layer Security (TLS) protocol enabled, the connection fails unless mutual authentication is enabled. After this update is applied, the certificate information on the connectivity page is used only when mutual authentication is enabled. If the server uses SSL/TLS, the certificate that is presented is visible on the global page.

Issue 2



A DN-rename operation fails for some LDAP directories during a delta import if the connected system returns more results than the configured page size on the connector can hold.

Issue 3



When a change in an attribute value involves only a change in letter case (uppercase to lowercase or vice-versa), the change fails for some LDAP directories. For example, if the attribute value is changed from “contoso” to “Contoso,” the change fails for some LDAP directories.

Feature 1



Added support for the following additional LDAP directories, including delta import support:

  • Open DS
  • Open DJ
  • Active Directory Lightweight Directory Services (AD LDS)
  • Active Directory Global Catalog (AD GC)
Added support for the following additional LDAP directory:
  • Apache Directory Server
1.0.419.911

KB3008177

2014/10/23

Issue 1



An attribute in the Lightweight Directory Access Protocol (LDAP) schema that is defined as ‘NumericString’ - 1.3.6.1.4.1.1466.115.121.1.36 is defined incorrectly as an integer in the connector. These attributes are now defined as strings instead.

Issue 2



Delta import on Open LDAP is not processing object moves between organizational units (OUs) and containers correctly.

Feature 1



You can now authenticate on an LDAP server by using only a certificate. A username and password are not required.

Feature 2



If the Generic LDAP connector cannot automatically detect the correct way to do a delta import, a drop-down menu is now available that includes the supported options, and the administrator can select the correct option.

Feature 3



This hotfix adds support for the RadiantOne Virtual Directory Server (VDS) version 7.1.1. This version or a later version must be used for the connector to function correctly.

1.0.549.0313 KB3044896 2015/06/30

Issue 1



You export a date/time attribute. When you import the attribute, you receive an "export-not-reimported" error. For example, if the exported value is "9999-12-31T00:00:00.000," the generic LDAP connector incorrectly reports the value as "00.000" when it confirms the import. It drops all characters before the last colon (:).

Issue 2



Some LDAP directories will in some cases provide the distinguishedName attribute (DN) in lowercase and will in other cases return the DN with its case preserved. This can cause delta import to ignore the change in case if it occurs, because the change is considered to have its source in a different partition than the current one.

Issue 3



NetIQ eDirectory is not recognized because it is rebranded. Version 8.8 Service Pack 8 is now detected and follows the same behavior as the previous Novell eDirectory.


Windows Azure Active Directory Connector

Version Product Link Date
1.0.6567.0002 Forefront Identity Manager Connector for AAD (Technical Reference) http://www.microsoft.com/en-us/download/details.aspx?id=41166 February 19, 2014

SharePoint User Profile Store Connector

Version Product Link Date
4.3.836.0 Forefront Identity Manager Connector for SharePoint Services (Technical Reference) http://www.microsoft.com/en-us/download/details.aspx?id=41164 November 20, 2013

PowerShell Connector

Version Product Link Date
4.3.1082.0 Forefront Identity Manager Connector for PowerShell (Technical Reference) http://www.microsoft.com/en-us/download/details.aspx?id=42260 March 13, 2014
1.0.419.911 Forefront Identity Manager Connector for PowerShell http://support2.microsoft.com/kb/3008179 October 23, 2014

Access Management Connector 

 

Version Product Link Date
5.0.2836.0 FIM 2010 R2 Hotfix http://support.microsoft.com/kb/3011057 November 25, 2014

Glossary

 

Name Product
MIIS Microsoft Identity Integration Server 2003
IIFP Identity Integration Feature Pack
ILM Identity Lifecycle Manager 2007
FIM Forefront Identity Manager 2010
AAD Azure Active Directory
MIM Microsoft Identity Manager

 


See also