none
General Product Information RRS feed

  • Question

  • I'd like to know if FIM can be used to monitor and manage service accounts who are spreading world wide over member servers, or if domain membership is required for the usage of FIM.

    We'd like to manage the following:

    • SQL Logins.
    • SharePoint credentials.
    • Local user/service accounts.

    As well as domain user administration.

    Best regards.


    Infrastructure Management Sr. Analyst | MCSA Windows Server 2012

    Monday, May 12, 2014 3:04 PM

Answers

  • Domain user administration is a standard FIM use case, and a slight variation on this can be domain service accounts using the Active Directory Connector.

    SharePoint credentials are generally AD credentials, but you are probably referring to the SharePoint 'user profile' which must be synchronised with corresponding AD user credentials - these also now are a standard FIM use case (SharePoint User Profile Connector).

    SQL logins and local machine users have no OOTB connector, but a generic PowerShell connector can be used in lieu of this allowing you to integrate standard PowerShell scripts into your FIM provisioning/sync model.  Alternatively you can write your own ECMA (extensible management agent/connector), or you may prefer a popular 3rd party PowerShell connector from a FIM MVP.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Wednesday, May 14, 2014 3:05 PM
  • With the right skill set definitely - FIM is what they call a 'dev ops' kit.

    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Wednesday, May 14, 2014 3:47 PM
  • Fernando - I would start with Planning and Architecture for FIM 2010 to make sure you're across the basic concepts and feasibility for you, and then proceed to the FIM 2010 R2 landing page.  Then use the links I gave you earlier for specific connectors - noting that a link to 3rd party connectors is also listed at the foot of the FIM R2 Management Agents page.

    After that I can recommend the FIM Mentoring Program for you if you need a "leg up" for your own FIM development exercise, considering that you should take this on as a software development lifecycle project, and I take it you will be looking to build your own FIM skills in-house.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Thursday, May 15, 2014 2:06 AM

All replies

  • I would say it is possible to be done, but management of domain membership from FIM is much easier than configuring FIM to manage SQL logins for example. But again: it could be done.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, May 13, 2014 3:55 AM
  • Thank you for your reply Dominik. Is it possible to look for implementation scnerarios documentation? I couldn't find such information for FIM yet :(

    Infrastructure Management Sr. Analyst | MCSA Windows Server 2012

    Tuesday, May 13, 2014 2:34 PM
  • Domain user administration is a standard FIM use case, and a slight variation on this can be domain service accounts using the Active Directory Connector.

    SharePoint credentials are generally AD credentials, but you are probably referring to the SharePoint 'user profile' which must be synchronised with corresponding AD user credentials - these also now are a standard FIM use case (SharePoint User Profile Connector).

    SQL logins and local machine users have no OOTB connector, but a generic PowerShell connector can be used in lieu of this allowing you to integrate standard PowerShell scripts into your FIM provisioning/sync model.  Alternatively you can write your own ECMA (extensible management agent/connector), or you may prefer a popular 3rd party PowerShell connector from a FIM MVP.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Wednesday, May 14, 2014 3:05 PM
  • Thanks a lot Bob and yes... you were right about SharePoint.

    So based on your experience by using connectors I can extend FIM to cover what we need to achieve, right?


    Infrastructure Management Sr. Analyst | MCSA Windows Server 2012

    Wednesday, May 14, 2014 3:34 PM
  • With the right skill set definitely - FIM is what they call a 'dev ops' kit.

    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Wednesday, May 14, 2014 3:47 PM
  • Once again, thanks a lot Bob. You've cleared our doubts about FIM's capabilities.

    Lucky for us we have a dev. deptartament so I guess with a little help on the kick off we can extend this credential management process to the applicaciones we own. If you could be so kind and point me in the proper deployment direction (that's for my understanding being an Infra resource) including an introduction to FIM connectors developement (for dev team knowledge) I'll be more than appreciated by you Bob.

    Once we can assure this solution is exactly what we need we'll look after licenses.


    Infrastructure Management Sr. Analyst | MCSA Windows Server 2012

    Wednesday, May 14, 2014 3:52 PM
  • Fernando - I would start with Planning and Architecture for FIM 2010 to make sure you're across the basic concepts and feasibility for you, and then proceed to the FIM 2010 R2 landing page.  Then use the links I gave you earlier for specific connectors - noting that a link to 3rd party connectors is also listed at the foot of the FIM R2 Management Agents page.

    After that I can recommend the FIM Mentoring Program for you if you need a "leg up" for your own FIM development exercise, considering that you should take this on as a software development lifecycle project, and I take it you will be looking to build your own FIM skills in-house.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Thursday, May 15, 2014 2:06 AM
  • You've been so helpful to me, Bob. Thank you so much!

    Infrastructure Management Sr. Analyst | MCSA Windows Server 2012

    Thursday, May 15, 2014 1:32 PM