The goal of this article is to provide an overview of the available builds for FIM as well as a short overview of the new features they introduce.
This article will not provide an overview of all solved issues.
Microsoft's Identity Software: Public Release Build Versions
Publication date: 2/mar/2010
Article ID: 978864 - Last Review: October 13, 2010 - Revision: 3.0
Article ID: 2028634 - Last Review: March 15, 2011 - Revision: 4.0
A limited set of PowerShell cmdlets are added to allow you to perform some limited editing of the Sync Service configuration.
Article ID: 2272389 (09-Sep-2010) - Last Review: November 11, 2010 - Revision: 3.0
Article ID: 2417774 (21-Jan-2011) Last Review: April 27, 2011 - Revision: 7.0
Article ID: 2502631, 02-Mar-2011 - Last Review: March 23, 2011 - Revision: 1.0
Article ID: 2520954, 11-Oct-2011 - Last Review: July 3, 2012 - Revision: 3.0
Note: This change involves an extensive upgrade to the sync database. This upgrade can take lots of time, depending on your hardware. A progress bar is displayed during the database upgrade.
A new Connector (formerly Management Agent) development framework that is named Extensible Connectivity Management Agent 2.0 (ECMA2.0) is included. This is listed as a new entry in the Management Agent drop-down list.
The FIM Synchronization Service now supports running the Microsoft .NET Framework 4 extension code. This can be used both in rules extension and for Management Agents such as the ECMA 262 language specification version 2.0. The FIM Synchronization
Service will auto detect the latest version of the .NET Framework on the server. If it is needed, you can disable the .NET Framework 4 by removing it from the Runtime section in the Miiserver.exe.config file.
Hotfix rollup 2520954 removed support for using the following characters as SQL wildcard characters in queries, in dynamic group filters, and in set filters. The functionality of some existing customer deployments may use these characters as wildcard
characters. This update reverts the earlier change.
IMPORTANT: FIM 2010 Update Rollup 2 (build 4.0.3606.2) contains a feature that is intended to improve Query performance in the case of certain complex queries. This “tabular functions” feature
is turned off by default. The product team has discovered an issue in this feature that could return incorrect query results when the query includes at least two statements and the same attribute is referenced in the statements.
We strongly advise customers NOT to turn on the Set Partition feature.
Fixed issues in the Sync Engine (ECMA 2.0, ECMA 1.0 and organizational unit provisioning related)
Fixed issues in setup (database upgrade & change/remove installation related)
Fixed issues in the Sync Engine
Fixed issues in the FIM Service MA (.net 4.0 bug, additional logging for FIM MA exceptions)
Fixed DB2 MA issue when connecting to a server that is running on an IBM iSeries V6 server or a later.
When the FIM password reset activity does not connect to the Active Directory, the WMI components now return an error code.
Fixed .NET version numbers in Microsoft.MetadirectoryServicesEx.dll as changes occurred in build 4.0.3617.2, but the version number was not incremented.
Fixed Exchange configuration options on the Active Directory Management Agent
This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.
Issue 1: When you create a custom solution in FIM 2010 R2, you may experience any of the following scenarios:
To resolve scenario 1, an additional AuthorizationWaitTimeInSeconds property was added to built-in building-block activities that enables the activity to set how long the request processor should wait for authorization before it throws an
AuthorizationRequiredFault error. We recommend that you set this value to 0 (zero) or a larger value.
New feature 1: By using a new configuration option, you can now hide the
Advanced Search link in the FIM Portal.
Issue 1: During an export on the FIM Service management agent (MA), the FIM Synchronization Service or the FIM Service may be stopped. In this case, the Synchronization Service may be unable to complete the export on a retry, and you receive the following
error message: The operation failed because the attribute cannot be found.
This problem might occur if an unexported reference attribute was removed by another synchronization process and the result is null.
Issue 3: In rare cases, an import could receive a staging error because of duplicate references in the connector space.
Issue 4: In rare cases, an import could receive a staging error because an object was moved in the connected directory.
Issue 5: An Extensible Connectivity 2.0 Management Agent (ECMA 2.0) connector could end up in an infinite loop. This problem may occur when the capability flag is set not to export references in the first pass. In this case, an object that has no reference
attributes cannot export an attribute. This problem affects the Windows Azure Active Directory connector that is provided by Microsoft.
Issue 6: In ECMA 2.0, an export-only attribute could end up in a bad state. This problem might occur if ECMA 2.0 could not export and therefore caused a staging error on the next import and synchronization.
After installing 4.0.3576.2 you may find your FIM MA exports start failing with a "The request does not conform to the expected request message format of the protocol" exception ... and if you do, chances are you have been using a different service account identity for your FIM MA to that which you specified when you installed the FIM Service. If you get to this point you will need to (a) find out the service account you should be using (HKLM->System->CurrentControlSet->services->FIMService->SynchronizationAccount) and (b) change the FIM MA identity back to this value.
If you then find that you are getting a "Failed to connect to the specified database or Forefront Identity Manager Service. Please check the specified database location, service host address, and account information" error thrown, the problem is database connectivity. Your case might be different, but mine is a lab environment where the FIM Sync Service is also a DC ... I followed the advice of this article - crosbysite.blogspot.com/.../fim-service-management-agent-creation.html - and added the service account to the domain builtin administrators group and I was good again (not that this is a sensible production configuration!).
Correction to my post a few minutes ago ... the problem is indirectly database access, but what I meant to say is that the error is because of missing local logon rights for the FIM MA account.
I would like to get info in the hotfix released notes for Windows 2008 R2 SP1 support, and regarding OS pacth support after SP1
Build 4.0.3594.2 is out: support.microsoft.com/.../en-us
-export the current time on the server to the HTTPPasswordChangeDate field during the password set operation.
-Honor the Active Directory Management Agent (AD MA) the preferred domain controller list when passwords are exported.Feature 3
-Adds the ability to filter objects before they are imported into the AD MA connector space.
-Adds new options to the Storechk.exe tool to enable it to remove orphaned rule fragments that are associated with an MA.
Update Rollup 2 (build 4.0.3606.2) (support.microsoft.com/.../2635086) is out.
RSS feed is not updated yet :(
Please, be aware of the following issue: social.technet.microsoft.com/.../fc8c75bf-65af-453c-9dd7-4bd7557be968