Today, October 8th, saw Microsoft release a new hotfix rollup package (build 4.1.3469.0) for Forefront Identity Manager 2010 R2. The official documentation for this build can be found on the Microsoft support website under knowledgebase (KB) article 2877254. Download link is here. This build supersedes 4.1.3461.0.
The hotfix contains one (1) FIM Service update and ten (10)FIM Synchronization Service updates, including a couple of fixes specific to the Azure Active Directory (AAD) connector.
Full details, duplicated from the KB, are:
In some rare scenarios in which the Exchange server FIM Service tries to poll approval response email messages, an “ErrorInternalServerTransientError” error is returned. In these scenarios, the FIM Service throws an exception.
After you apply this update, you can configure a retry by setting the following values in the configuration file:
FIM Synchronization Service
An Active Directory Management Agent runs an export run profile that is configured to also log an audit file. When there are child objects such as Active Sync devices on the user, the export fails.
When an ECMA2 Connector runs an export run profile that is configured to also log an audit file, no objects are exported.
FIM synchronization cannot deprovision computer objects in Active Directory when there are other child objects, such as printers and file share objects, present on the computer object.
In ECMA2, when the NoAddAndDeleteConfirmation capability is set and an exception is thrown during object export, the exception is processed incorrectly. Additionally, failed objects are marked incorrectly as successful.
When an additional object type is added to an already configured ECMA2 Connector, an “Object Reference Not Set” exception is thrown.
When you try to stop a running ECMA2 Connector from the user interface (UI), the Sync Engine may crash.
A Delete-Add that is sent as a Replace in ECMA2 requires the anchor to be returned from the Connector. This causes issues with the Windows Azure Active Directory Connector when the object is deleted and reprovisioned.
When you use an attribute Replace during export to remove the last value from a multivalued attribute, an attribute Replace without values is sent to the Connector. This causes a “The server encountered an unexpected error in the synchronization engine” error to be thrown when the Windows Azure Active Directory Connector is used. After you apply this update, the new behavior is to send this as an attribute Delete to the Connector.
When the Set-MIISADMAConfiguration cmdlet is used in a multidomain environment, a corrupted configuration may occur.
In build 4.1.3461.0, a regression occurs that causes import-only attribute flows not to be honoured by the UI.