The goal of this article is to provide an overview of the available builds for FIM as well as a short overview of the new features they introduce.
This article will not provide an overview of all solved issues.
Bookmark this page as : http://aka.ms/fimbuilds
Microsoft's Identity Software: Public Release Build Versions
Publication date: 2/mar/2010
Article ID: 978864 - Last Review: October 13, 2010 - Revision: 3.0
Article ID: 2028634 - Last Review: March 15, 2011 - Revision: 4.0
A limited set of PowerShell cmdlets are added to allow you to perform some limited editing of the Sync Service configuration.
Article ID: 2272389 (09-Sep-2010) - Last Review: November 11, 2010 - Revision: 3.0
Article ID: 2417774 (21-Jan-2011) Last Review: April 27, 2011 - Revision: 7.0
Article ID: 2502631, 02-Mar-2011 - Last Review: March 23, 2011 - Revision: 1.0
Article ID: 2520954, 11-Oct-2011 - Last Review: July 3, 2012 - Revision: 3.0
Article ID: 2926490 - Last Review: February 7, 2014 - Revision: 3.0
Article ID: 2832389 - Last Review: April 25, 2013 - Revision: 3.0
Article ID: 2877254 - Last Review: November 27, 2013 - Revision: 2.0
This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.
Issue 1: When you create a custom solution in FIM 2010 R2, you may experience any of the following scenarios:
To resolve scenario 1, an additional AuthorizationWaitTimeInSeconds property was added to built-in building-block activities that enables the activity to set how long the request processor should wait for authorization before it throws an
AuthorizationRequiredFault error. We recommend that you set this value to 0 (zero) or a larger value.
New feature 1: By using a new configuration option, you can now hide the
Advanced Search link in the FIM Portal.
Consider the following scenario:
In this scenario, the request fails. Additionally, you receive the following exception:
When an export that is run in the FIM Service MA includes updates to the
Filter attribute of multiple dynamic groups, a failed-modification-via-web-services exception may be returned. When you review the details of the exception, you find that an SQL deadlock occurred.
If a multivalued attribute is exported and then changed directly in the target system, the change is not evaluated during delta synchronization. For example, this issue occurs in the following scenario when the Active Directory Management Agent is used:
If an exception is thrown by the Connector’s password extension during password synchronization, the Connector will be unloaded from memory. This behavior may cause high processor usage on the computer that is hosting the FIM Synchronization
Service when that computer processes password synchronization if it is under load or is synchronizing passwords to multiple Connectors.
After this update is installed, exceptions of type PasswordPolicyException and PasswordIllFormedException no longer discard the password interface and unload the Connector. This lets the interface to be reused for another password operation to the connected
data source. The password operation will not be retried and is removed from the queue. Any other exception will still unload the Connector and reload it at the next password operation.
Article ID: 2784728 - Last Review: December 20, 2012 - Revision: 1.0
Article ID: 2823899 - Last Review: April 2, 2013 - Revision: 1.0
Article ID: 2875551 - Last Review: August 9, 2013 - Revision: 1.0
Article ID: 2899874 - Last Review: October 28, 2013 - Revision: 1.0
After installing 4.0.3576.2 you may find your FIM MA exports start failing with a "The request does not conform to the expected request message format of the protocol" exception ... and if you do, chances are you have been using a different service account identity for your FIM MA to that which you specified when you installed the FIM Service. If you get to this point you will need to (a) find out the service account you should be using (HKLM->System->CurrentControlSet->services->FIMService->SynchronizationAccount) and (b) change the FIM MA identity back to this value.
If you then find that you are getting a "Failed to connect to the specified database or Forefront Identity Manager Service. Please check the specified database location, service host address, and account information" error thrown, the problem is database connectivity. Your case might be different, but mine is a lab environment where the FIM Sync Service is also a DC ... I followed the advice of this article - crosbysite.blogspot.com/.../fim-service-management-agent-creation.html - and added the service account to the domain builtin administrators group and I was good again (not that this is a sensible production configuration!).
Correction to my post a few minutes ago ... the problem is indirectly database access, but what I meant to say is that the error is because of missing local logon rights for the FIM MA account.
I would like to get info in the hotfix released notes for Windows 2008 R2 SP1 support, and regarding OS pacth support after SP1
Build 4.0.3594.2 is out: support.microsoft.com/.../en-us
-export the current time on the server to the HTTPPasswordChangeDate field during the password set operation.
-Honor the Active Directory Management Agent (AD MA) the preferred domain controller list when passwords are exported.Feature 3
-Adds the ability to filter objects before they are imported into the AD MA connector space.
-Adds new options to the Storechk.exe tool to enable it to remove orphaned rule fragments that are associated with an MA.
Update Rollup 2 (build 4.0.3606.2) (support.microsoft.com/.../2635086) is out.
RSS feed is not updated yet :(
Please, be aware of the following issue: social.technet.microsoft.com/.../fc8c75bf-65af-453c-9dd7-4bd7557be968