FIM 2010 and FIM 2010 R2 language support

Posted on March 20, 2012 by

I’ve recently started working with a customer that needs to support a large number of users spread across multiple geographies with multiple languages.  This is a first for me.  I’ve been able to successfully avoid localisation for more than ten years.  Smile

Anyway, as a result I needed to know what languages were supported by FIM R2 and couldn’t find the information –only FIM 2010 information.  I got the information I needed from the PG and thought I’d post it here as a reference.

Languages supported by Forefront Identity Manager 2010

FIM 2010 supports the following languages over and above English.

FIM Service and Portal (9 languages)

  • Chinese (Traditional)
  • Chinese (Simplified)
  • Dutch
  • French
  • German
  • Italian
  • Japanese
  • Portuguese
  • Spanish

FIM Password Reset client and Outlook add-in (34 languages)

The FIM 2010 Password Reset client and Outlook add-in support all languages supported by Microsoft Office except right-to-left (RTL) languages.  There are 34 in total.

Languages supported by Forefront Identity Manager 2010 R2

FIM 2010 R2 supports the following languages over and above English.

FIM Service and Portal (19 languages)

  • Chinese (Simplified)
  • Chinese (Taiwan)
  • Czech
  • Danish
  • Dutch
  • Finnish
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Norwegian
  • Polish
  • Portuguese (Brazil)
  • Portuguese (Portugal)
  • Russian
  • Spanish
  • Swedish
  • Turkish

FIM Password Registration and Reset Portal (33 languages)

  • Bulgarian
  • Chinese (Simplified)
  • Chinese (Taiwan)
  • Croatian
  • Czech
  • Danish
  • Dutch
  • Estonian
  • Finnish
  • French
  • German
  • Greek
  • Hindi
  • Hungarian
  • Italian
  • Japanese
  • Korean
  • Latvian
  • Lithuanian
  • Norwegian
  • Polish
  • Portuguese (Brazil)
  • Portuguese (Portugal)
  • Romanian
  • Russian
  • Serbian
  • Slovak
  • Slovenian
  • Spanish
  • Swedish
  • Thai
  • Turkish
  • Ukranian

FIM Add-ins and Extensions

  • All 34 Office languages

Unsupported languages

For countries not supported, we fall back to the default English locale.

Self-service password reset (SSPR) QA Gate

For SSPR portals, parameters entered in the AuthN workflow (such as the question text, the message that describes the QA gate constraint, the error text to be displayed when the answer does not meet QA gate constraints) are not localised.  It is the job of the implementer to define multiple QA Gates each with a different set of questions expressed in a different language, within the confines of what characters can be entered into the XOML.  Definitely the subject of a future post…

Posted in FIM, Portal, Service | Tagged , , , , , , , , , | Leave a comment

Windows Server 8 Documentation

Posted on March 6, 2012 by

The first wave of Windows Server 8 documentation is available online:

There’s quite a bit of it.  Couple of notable points:

  • AD FS 2.1 is a server role.  Features and functionality are the same as AD FS 2.0 but it’s managed via Server Manager.
  • AD DS has loads of stuff worth reading about.  But I’m most excited about the claims based access control (CBAC) dynamic access control stuff.

Anyway.  Happy reading!  Smile

Posted in Active Directory, Active Directory Domain Services, AD FS, Windows Server | Tagged , , , | Leave a comment

Lotus Domino 8.x Connector RTM/RTW

Posted on March 1, 2012 by

On Wednesday February 29th 2012 Microsoft released the Forefront Identity Manager Connector for Lotus Domino 8.x.  This is the first connector (we used to call them Management Agents) released that was built on the new ECMA2 framework made available as part of FIM 2010 Update 2.  The release contains many frequent customer requests such as support for additional object types and the use of AdminP for operations.  Full details can be found here.  The download package can be found here.

Posted in FIM, FIM 2010 | Tagged , , , , , , , | Leave a comment

Obtaining a random result set in PowerShell

Posted on February 28, 2012 by

Given a set of data how does one return an arbitrary subset?  Well in T-SQL we’d do this:

SELECT TOP 5 displayName
FROM person
ORDER BY NEWID() ASC

So how can we do this in PowerShell?  Well in pretty much the same way actually.  Pipe to Sort-Object and then to Select-Object.  Here’s a couple of examples:

@("a", "b", "c", "d", "e", "f") | Sort-Object {
	[Guid]::NewGuid() } | Select-Object -First 3

The above randomly sorts the String array and returns the first three results after sorting.

Get-ADUser `
    -SearchBase 'OU=People,DC=corp,DC=contoso,DC=com' `
    -Filter * | Sort-Object { [Guid]::NewGuid() } |
        Select-Object -First 10 sAMAccountName;

The above pulls any object underneath the PEOPLE OU, pipes into Sort-Object which orders by GUID and then pipes to Select-Object to only return the TOP 10 results.

Another option is to use the Get-Random cmdlet.  I only discovered this while writing this post but it seems a better PowerShell way of doing things.  Here’s a random example.

@(1, 2, 3, 4, 5, 6, 7, 8, 9) | Get-Random -Count 3

And here’s another.

Get-Service | ? { $_.Status -ne 'Running' } | Get-Random -Count 3

The problem with this approach is that the T-SQL example is somewhat optimised to not pull back the entire result set first whereas the above PS examples do indeed pull all objects first.

However it’s still handy.

And now I can find it easily next time I forget.  Smile

Posted in Off-topic, PowerShell, Scripting | Tagged , , , | Leave a comment

Forefront Identity Manager 2010 Update Rollup 2 (build 4.0.3606.2) is available

Posted on February 27, 2012 by

On the 28th February 2012 Microsoft will make Update Rollup 2 (build 4.0.3606.2) of Forefront Identity Manager (FIM) 2010 available for download.  The official documentation for this build can be found on the Microsoft support website under KB article kb2635086.

It should be noted that this build will be available on Windows Update and the packages will be marked as IMPORTANT.  Should you be configured to automatically install these updates you might notice that they will fail.  This is because the FIM Service needs to be stopped in order to apply the update.  You can stop the service and then apply the update or download the update and apply it outside of Windows update.

Update 2 requires FIM 2010 RTM or higher, i.e. you can apply this update to a new RTM build without first applying additional builds.

Points of note.

  • Update 2 contains the new ECMA framework –ECMA2 a.k.a. EZMA.  MAs are now called Connectors too.
  • The Synchronization Service now supports rules extensions compiled in .NET 4.
  • Update 2 reverts to the previous handling of SQL special characters such as an underscore and a percent sign broken by 4.0.3594.2.
Posted in FIM, FIM 2010, News | Tagged , , , , , , , , | 1 Comment

How to use Sort Keys in LDP

Posted on January 19, 2012 by

I knocked up an example PowerShell one liner for a colleague to get the oldest item in the Deleted Objects container because of a need to identify the default tombstone lifetime (i.e. when there’s no value on the nTDSService object’s tombstoneLifetime attribute) but the environment in question didn’t have Active Directory Web Services (ADWS) thus the PowerShell one liner (I’ve listed it at the end of this post for those who care) wouldn’t work.  In these cases (when ADFIND isn’t available) I fall back to LDP –you can probably tell from this blog that I use LDP a lot.  It took me a good ten minutes to work out how to use the LDAP_SERVER_SORT_OID control (1.2.840.113556.1.4.473) so I thought I’d post how to sort results here.

For the purpose of this example I’ll describe how to list the tombstoned objects in descending order.

  1. Open LDP(Start | Run | LDP), connect and bind to the directory.
  2. Click Options | Controls(Ctrl + L).
  3. Check in the LDAP_SERVER_SHOW_DELETED_OID control by simply selecting “Return deleted objects” from the “Load Predefined” list and click OK.
  4. Click View | Tree (Ctrl + T) and press enter(leaving the Base DN empty).
  5. Expand the domain NC and right-click on CN=Deleted Objects, <your DN goes here> and click Search.
  6. Set the Scope to One Level.  Change the attributes to objectClass;name;whenChanged and click Options.
  7. Select Extended for the Search Call Type and click Sort Keys.
  8. Enter whenChanged for the Attribute Type, leave Match Rule OID empty, click Reverse Order and then Check In >>
  9. Click OK to close the Search Options dialog and click Run to execute the search.

The number of results is based on the values in Search Options.  By default it’s pretty low so you just need to look at the top most result to see when that object was deleted and then gauge the tombstone lifetime.

It’s pretty simple really.  Server-side sorting is pretty limited as a whole – you can only sort ascending or descending on one attribute and only a subset of attribute types are allowed; and also expensive.  In almost all cases you’ll want to order the data at the client side (like I do in PowerShell below) but from time to time the server-side sorting feature comes in handy.

Anyway, here’s the PowerShell that uses the ActiveDirectory module:

[String]$aDPSModuleName = "ActiveDirectory";
if(@(Get-Module -Name $aDPSModuleName).Count -eq 0)
{
    if(@(Get-Module -ListAvailable | ? { $_.Name -eq $aDPSModuleName }).Count -eq 1)
    {
        Import-Module -Name $aDPSModuleName;
    }
}

[String]$delObjFilter = 'objectClass -like "*"';
[String]$delObjearchBase = "CN=Deleted Objects,DC=corp,DC=contoso,DC=com";
[String[]]$delObjPropertiesToFetch = @( "whenChanged", "lastKnownParent" );

Get-ADObject `
    -Filter $delObjFilter `
    -IncludedelObj `
    -SearchBase $delObjearchBase `
    -SearchScope OneLevel `
    -Properties $delObjPropertiesToFetch |
        Sort-Object -Property whenChanged |
            Select-Object -Last 3 | Format-Table whenChanged;

When I said one line I slightly exaggerated.  There’s an if statement to load the module if it isn’t already and is available and I make use of some attributes to make the command easier to read.  Smile

Posted in Scripting, PowerShell, Active Directory, Active Directory Domain Services | Tagged , , , , , , | Leave a comment

An update on the error: A directory service error has occurred. (Exception from HRESULT: 0×80072095)

Posted on January 9, 2012 by

Back in December last I posted Synchronization Service Manager: A directory service error has occurred. (Exception from HRESULT: 0×80072095).  I have updated this post with some additional information, namely the alternate option:

Create the following containers in the configuration container of the AD DS that you are unable to create an ADMA for:

  • CN=Organisation Name, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=corp, DC=contoso, DC=com
  • CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=corp, DC=contoso, DC=com

Both of these containers are of the type (objectClass of): msExchOrganizationContainer.  Set the objectVersion attribute of the child container (CN=Organisation Name in the above example).

I want to point something else out too.  If you create the containers and forget to set the objectVersion (or possibly use an incorrect version –haven’t tested that one) you will get the following error:

clip_image002

Repeated in textual format:

Object reference not set to an instance of an object.

Setting a valid objectVersion should fix this issue.  In my basic testing I set the objectVersion attribute to 13214 –the value that another Exchange 2010 organisation had.  After doing this I was able to create an ADMA again.

Note

Only the CN=<organisation name> object requires an objectVersion attribute.

Posted in ADMA, FIM, FIM 2010, Troubleshooting | Tagged , , , , , , , , | Leave a comment