1dent1ty cHa0s

Henrik has a nice breakdown of his RegexReplaceActivity demonstrating how you can use it to do virtually any transform – as long as you can plug in the right RegEx expression. It just so happens that there is a new O'Reilly book available for pre-order called the Regular Expressions Cookbook. Are you excited? You should be!

The book is authored by Jan Goyvaerts of EditPad and RegexBuddy fame, both of which are tools I use and can highly recommend. You can find additional help on Regular Expressions with the following links:

• http://www.regexbuddy.com/
• http://www.regular-expressions.info/

Identity Management Crisis Cool feature using the RegexReplaceActivity

If you happen to come across this when exporting to a Windows Server 2008 Active Directory:

…then you may be running into a situation whereby the ADMA has inadvertently selected an RODC to export to. Since this DC is, by definition, Read Only, the DC is returning a referral which it appears is not chased by the current ADMA (2007 FP1). To resolve this you have a few options:

1. Remove the RODC from the site the ILM server is in – obviously this entails having quite a bit of say in the site design for AD which you may not have, but it is a valid request; in most situations ILM should be in a well connected data center close to the information and so you probably shouldn't have RODC's in this particular site. If the ILM server is part of an AD Site object that contains an RODC and you're allowing the ADMA to select the DC automatically then you always run the chance that you'll get this DC as part of one of your Export runs. You should even avoid Reading from it just in case you're relying on seeing attributes that are purposefully filtered from replicating to the RODCs.
2. Configure the ADMA to use a specific set of preferred domain controllers – easily done but you lose any "self-healing" ability in the event a DC is standing in for site coverage in the event of a failure. This is a normal process of AD Site coverage that you should leverage in your ADMA designs so I would say that even though this is the easiest solution, it is by no means the one I would jump to straight away. I tend to reserve this option for when I know I have to talk to a specific DC through a firewall; however, this solution is applicable here.

My cursory inquiries have not revealed any bugs filed for this so I think I'll open the case to get it on the radar. If you've logged the bug already, please let me know.

So, as part of my never-ending quest to find predictive elements for ILM performance, I've been working on a new dashboard-like report to replace an older "Disk Analysis" report you may have seen in the old Community Report Pack. Take a look at this:

This is one attempt to correlate slow transaction performance to disk latency and the IOPS for a given block size. This is a screen shot of an SIS import on one of our DEV servers performing a Full Import of 2.36 million records (33 columns) in about 7.43 hours. I won't know whether or not that is fast or not until we get to test the same load in QA and PROD given they have radically different disk subsystems.

Has anyone else done a load of this size that they would care to share their results for?

If you're testing workflow in ILM "2" RC0 today or are interested in whatever it takes for the creation of workflow in the new Forefront Identity Manager 2010 then you'll want to attend our next webinar on April 23rd.  This will be developer centric so you'll want to already be familiar with .NET development to some extent.

In addition, Joe will be walking through some of our most recent WF activity releases – you can find them here on CodePlex.

So, it’s official now – Microsoft released today the official branding of ILM “2” to Forefront Identity Manager 2010 (FIM).  FIM will embody what we now know of a ILM “2” and the current release for ILM 2007 FP1 will remain as-is. So for the history buffs:

We tried to lobby for Forefront Identity Lifecycle Manager, but FILM was less palatable I guess.

Forefront: Identity Manager

I wanted to take a quick minute to do a shout out to Henrik Nilsson and his Identity Management Crisis blog – Henrik has done some killer Workflow activities for ILM “2”. The branding and care he’s taken into crafting the UI really goes a long way towards presenting a professional looking product. Most impressive are the RegEx Replace and Unique Name activities, both of which I can see myself using in the future!

Kudo’s to Henrik and Cortego for publishing the code and activities here!

Cortego ILM 2 Workflow Activity Library

Whew…its been stated many times but you really can’t appreciate exactly how much work goes into putting on a conference like TEC from the hosting, sponsor, and speaker perspectives; it is quite exhausting to create a virtual community for a few short days and then tear it down again. Once again, I was happy to be part of such a successful venture.

Pre-con Workshop: Building a Practical Lifecycle Mgt. Application on the ILM “2” Portal

This was my first attempt at building an actual training course – my earlier forays weren’t much more than an elongated PPT presentation but I really have to thank David Lundell for giving me the structure and support I needed to write the content.  Without the framework he crafted it certainly would have been a dismal failure.  As it turns out, I was mostly happy with the way the session went. We had our share of typos and missing steps in the lab guides but they were minor. The only real disappointing point of the session was the final lab – I completely omitted an entire MPR which made our finale fall pretty flat since you really couldn’t see the final result of the Owner Rollup Activity work its magic.  If you were in my session the following day you got to see this actually working, so I apologize; I am still aiming to update the lab guide and send out updated copies to all attendees.

We received a mix of reviews, mostly positive but some constructive feedback which I was happy to receive. I designed the lab guides to appeal to both the novice and the expert by prefacing each section with a “I already know how to do this, just tell me what it is supposed to look like” table or figure. If you needed the step-by-step version, it was provided as well so I was hoping that you could “choose your own adventure” and ease some of the tedium.  However, if you’ve worked with ILM “2” object creation it is the very definition of tedium slugging through the clicks and submits. My final lesson learned here is that I needed some advanced content or exploration instructions at the end of each lab to keep the expert user engaged. Unfortunately, the only way to get around the tedium is to wait until the PowerShell interface is released in RC1.