The goal of this article is to provide an overview of the available builds for FIM as well as a short overview of the new features they introduce.
This article will not provide an overview of all solved issues.
Bookmark this page as: http: //aka.ms/fimbuilds
↑ Return to Top
While this article is focussing on FIM2010, a more extensive list of build versions of the entire Identity Management stack is available at
Publication date: 2/mar/2010
Article ID: 978864 - Last Review: October 13, 2010 - Revision: 3.0
Article ID: 2028634 - Last Review: March 15, 2011 - Revision: 4.0
A limited set of PowerShell cmdlets are added to allow you to perform some limited editing of the Sync Service configuration.
Article ID: 2272389 (09-Sep-2010) - Last Review: November 11, 2010 - Revision: 3.0
Article ID: 2417774 (21-Jan-2011) Last Review: April 27, 2011 - Revision: 7.0
Article ID: 2502631, 02-Mar-2011 - Last Review: March 23, 2011 - Revision: 1.0
Article ID: 2520954, 11-Oct-2011 - Last Review: July 3, 2012 - Revision: 3.0
Article ID: 2635086 - Last Review: March 30, 2012 - Revision: 5.0
Article ID: 2887498 - Last Review: November 27, 2013 - Revision: 2.0
Article ID: 2926490 - Last Review: February 7, 2014 - Revision: 3.0
Article ID: 2832389 - Last Review: April 25, 2013 - Revision: 3.0
Article ID: 2877254 - Last Review: November 27, 2013 - Revision: 2.0
This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.
Issue 1: When you create a custom solution in FIM 2010 R2, you may experience any of the following scenarios:
To resolve scenario 1, an additionalAuthorizationWaitTimeInSeconds property was added to built-in building-block activities that enables the activity to set how long the request processor should wait for authorization before it throws an
AuthorizationRequiredFault error. We recommend that you set this value to 0 (zero) or a larger value.
New feature 1: By using a new configuration option, you can now hide the Advanced Search link in the FIM Portal.
FIM Service and Portal
Consider the following scenario:
In this scenario, the request fails. Additionally, you receive the following exception:
When an export that is run in the FIM Service MA includes updates to the Filter attribute of multiple dynamic groups, a failed-modification-via-web-services exception may be returned. When you review the details of the exception, you find
that an SQL deadlock occurred.
FIM Synchronization Service
If a multivalued attribute is exported and then changed directly in the target system, the change is not evaluated during delta synchronization. For example, this issue occurs in the following scenario when the Active Directory Management Agent is used:
If an exception is thrown by the Connector’s password extension during password synchronization, the Connector will be unloaded from memory. This behavior may cause high processor usage on the computer that is hosting the FIM Synchronization Service when
that computer processes password synchronization if it is under load or is synchronizing passwords to multiple Connectors.
After this update is installed, exceptions of type PasswordPolicyException and PasswordIllFormedException no longer discard the password interface and unload the Connector. This lets the interface to be reused for another password operation to the connected
data source. The password operation will not be retried and is removed from the queue. Any other exception will still unload the Connector and reload it at the next password operation.
If a FIMService instance loses connection to the FIMService database, it can may stop processing FIM Service MA export requests. This results in failed FIM Service MA exports with a run status of "stopped-server." Additionally, the following exception is
logged in the Forefront Identity Manager event log:
In the Active Directory management agent, changes to a multivalue attribute such as proxyAddresses are not synchronized to the metaverse in the following scenario:
After you apply this update, exceptions of typePasswordPolicyException and
PasswordIllFormedException no longer discard the password interface. This enables the interface to be reused for another password operation to the connected data source.
Issue 1: If a regular expression policy rule is applied for an ABA role, all applied ABA roles are stuck in the pending state for the users and are never assigned.
Issue 3: When you have more than 500 permissions in BHOLD and search permissions on the
Supervised Permissions tab of Default Supervisor Role, no results are returned, and you are returned to the previous page.
Issue 4:When you configure an attribute-based role assignment for a role and then you try to click the
Show Impact link in the policies section of a role, you receive the following error message: Object reference not set to an instance of an object
Issue 5:The SP1 build does not let you re-create a permission that was removed from BHOLD earlier.
Issue 6: When you try to change and save a user without changing the end date, you receive the following error message: Invalid date format.
Issue 7:When you try to move an organization unit in the BHOLD Core Portal, you receive the following warning message: Session ID missing: The Session ID is not found in URL. You can continue working using the menu at the left
Issue 8:The "User by Role" report cannot be generated after the limit of 50,000 users is reached. Additionally, you receive an "Out of memory" exception.
Issue 9:In the BHOLD Self-Service Portal, the role information screen under the
Role Requests-Current Roles tab displays no role descriptions or permission details.
Issue 10:When you log on as a typical end-user in the BHOLD Service Portal, the "My Roles" screen is displayed as an empty page even though the user is assigned with both "active" and "proposed" roles.
Issue 11:The BHOLD - Access Management agent cannot perform full imports because of an SQL time-out issue that occurs when there is a load of more than 50,000 to 100,000 users.
Issue 12:BHOLD cannot add permissions to a user by using the BHOLD Connector after these permissions are denied.Issue 13:
When a steward in the BHOLD Attestation portal has multiple resources to attest and is working on approving or denying permissions for one user, other permissions for a different user are changed in the user interface.
<to be completed>
Prerequisites To apply this update, you must have Forefront Identity Manager 2010 R2 SP1 (build 4.1.3419.0 or a later build) installed.
For BHOLD deployments, you must have hotfix rollup package
4.1.3510.0) installed to apply this update
Replacement information This update replaces the following updates:
For BHOLD deployments, you must have hotfix rollup package 2934816 (build 4.1.3510.0) installed to apply this update.
It must not be installed on a Windows Server 2012 R2 member server. Only the PCNS component can be installed on a Windows Server 2012 R2 domain controller.
When you update the criteria of a group or set, you receive a SQL error if negative conditions exceed 7 in the filter when you click
View members. After you apply this update, the View Members button works as expected.
Fixed: The revocation settings in a profile template can only be configured for all certificates together and not for each certificate separately.
FIM Certificate Management
The card cannot be accessed because the wrong PIN was presented.
FIM Synchronization Service
This update replaces update
3092178 (build 4.1.3671.0) for Forefront Identity Manager 2010 R2.
This update replaces update
2934816 (build 4.1.3510.0) for Forefront Identity Manager 2010 R2. List of fixed issues:
FIM Certificate Management
Article ID: 2784728 - Last Review: December 20, 2012 - Revision: 1.0
Article ID: 2823899 - Last Review: April 2, 2013 - Revision: 1.0
Article ID: 2854417 - Last Review: June 27, 2013 - Revision: 1.0
Article ID: 2875551 - Last Review: August 9, 2013 - Revision: 1.0
Article ID: 2899874 - Last Review: October 28, 2013 - Revision: 1.0