Course 50383B:

Upgrading Identity Lifecycle Manager 2007 to Forefront Identity Manager 2010

Length:4 Days
Published:February 17, 2012
Language(s):English
Audience(s):Developers
Level:300
Technology:Microsoft Forefront Identity Manager
Type:Course
Delivery Method:Instructor-led (classroom)
About this Course
This four-day instructor-led course equips participants already acquainted with Microsoft Identity Lifecycle Manager 2007 (ILM) with the additional knowledge and skills they need to plan for a Microsoft Forefront Identity Manager 2010 (FIM) deployment.
Audience Profile
This course is intended for Systems Engineers, Developers, or Architects who need to gain a good understanding of how Forefront Identity Manager 2010 can be applied to manage identity information across a number of directories or databases.
At Course Completion
After completing this course, students will be able to:
  • Understand FIM concepts and components.
  • Understand the scenarios for which FIM is appropriate.
  • Manage users, groups, policy, and credentials through the FIM Portal.
  • Synchronize identity data between the FIM Portal and other systems such as Active Directory.
  • Incorporate other data sources such as HR feeds.
  • Understand the issues involved in loading existing data (initial load and disaster recovery).
  • Understand the technical architecture of FIM.
  • Configure security for different levels of user.
  • Extend the schema to incorporate new objects and attributes.
  • Modify the interface, including look and feel, new or modified forms, and navigation.
  • Understand the features, tools, and issues that will be important when operating, auditing, and troubleshooting FIM in a production environment.
  • Incorporate custom workflows.
Course OutlineModule 1: Introducing Microsoft Forefront Identity Manager 2010
This module provides a tour of many of the built-in features of FIM explored through the user experience. It explores with the FIM interface and high level architecture, and covers the business need that FIM addresses.
Lessons
  • Lesson 1: Introducing FIM
  • Lesson 2: The User Management and User Experience
  • Lesson 3: Group Management
Lab : The User Management and User Experience
  • Exercise 1: Log on and take a look at the environment
  • Exercise 2: Create a contractor
  • Exercise 3: Edit your new user, and try logging on
  • Exercise 4: Add another user and see different permissions being applied
Lab : Simple Group Management
  • Exercise 1: Add yourself to a group
  • Exercise 2: Creating a distribution group
  • Exercise 3: Creating a criteria-based group
After completing this module, students will be able to:
  • Understand the additional identity management requirements that FIM addresses (as compared to ILM 2007).
  • Understand the very high level architecture of FIM.
  • Operate FIM as a user, understanding the high level functionality.
Module 2: Key Concepts
This module introduces and explores the key concepts: sets, activities, workflows and policies, how permissions are granted, how workflows are triggered, and different types of workflow.
Lessons
  • Lesson 1: Policies, Sets, Workflows – Concepts, Design Philosophy
  • Lesson 2: Policies – Permission-granting (Only) MPRs
  • Lesson 3: Workflow MPRs
Lab : Permission-granting MPRs
  • Exercise 1: A look at a permission-granting MPR and some sets
  • Exercise 2: Permission-granting MPRs for self-service
  • Exercise 3: Make some changes to permission-granting MPRs
Lab : Workflow MPRs
  • Exercise 1: Examine some workflows
  • Exercise 2: Examine some other MPRs
  • Exercise 3: Modify a workflow MPR
After completing this module, students will be able to:
  • Understand how sets, workflows, and management policy rules (MPRs) are used to manage requests.
  • Make simple modifications to permissions and other MPR features.
Module 3: User and Group Management
This module provides detailed coverage of users and groups, including data entry; interesting attributes; different types of groups; group expiration, renewal, and ownership; the relationship with groups in Active Directory and other systems; and limitations.
Lessons
  • Lesson 1: Users and the Portal
  • Lesson 2: Groups and the Portal
Lab : More About Users
  • Exercise 1: Examine the attributes of a user account
Lab : More About Groups
  • Exercise 1: Groups calculated on other groups
After completing this module, students will be able to:
  • Manage users in the FIM Portal, including sources of user objects, entering data, searching, and attributes, etc.
  • Manage groups in the FIM Portal, including the different types of groups and how they relate to Active Directory.
  • Understand the part that MPRs play in managing users and groups.
Module 4: Synchronizing Objects That Originate in the FIM Portal
This module begins with a reminder of how synchronization works in ILM 2007. Then it covers how FIM can be used to provision, manage, and deprovision AD and other sources; how FIM attributes authority and precedence; how to create codeless outbound inbound rules; and the coexistence of classic and codeless rules.
Lessons
  • Lesson 1: Declarative Synchronization Rules Overview
  • Lesson 2: Outbound Declarative Sync Rules
  • Lesson 3: Inbound Synchronization
  • Lesson 4: Managing Active Directory without Code
Lab : Outbound Synchronization
  • Exercise 1: Investigate AD provisioning
  • Exercise 2: Investigate the AD outbound synchronization rule
  • Exercise 3: Add another outbound flow to AD
Lab : Inbound Synchronization
  • Exercise 1: Investigate and modify inbound synchronization
Lab : Managing Active Directory Without Code
  • Exercise 1: Make the DNs depend on department
  • Exercise 2: Enabling/disabling/deprovisioning an AD account according to user status
  • Exercise 3 (Optional interactive): Use an additional rule for disabling accounts
Lab : Adding and Provisioning a New Source
  • Exercise 1: Creating a New Source and Provisioning it with Accounts
After completing this module, students will be able to:
  • Understand the benefits and limitations of synchronization rules (versus “classic” rules).
  • Implement inbound and outbound synchronization rules.
  • Configure synchronization rules to manage Active Directory.
Module 5: Synchronizing Objects Originating in Other Systems
In this module synchronization is further explored, including the various scenarios in which FIM can be used; sources that are authoritative for objects, such as HR Feeds; the inclusion of sources that are not authoritative for objects, such as telephone systems; data discovery issues such as joining and data cleansing; and disaster recovery issues.
Lessons
  • Lesson 1: Scenarios
  • Lesson 2: Incorporating Objects from Another Source
  • Lesson 3: Non-authoritative Sources and Initial Loads
Lab : Incorporate HR Data
  • Exercise 1: Importing the employees and creating user accounts for them in the FIM portal
  • Exercise 2: Create and import an inbound sync rule for the HR Data
  • Exercise 3: Configure the outbound flow and synchronize
  • Exercise 4: Final configuration of precedence, etc.
Lab : Cleanse and Join Existing Data
  • Exercise 1: Telephone data
After completing this module, students will be able to:
  • Understand the scenarios that involve inclusion in or migration to the FIM Portal.
  • Configure FIM for load and migration of existing data.
  • Respond appropriately to joining and data cleansing challenges.
Module 6: Managing Credentials with FIM
This module deals with password issues: password reset and the relationship with ILM 2007 password management and synchronization.
Lessons
  • Lesson 1: FIM Password Management
  • Lesson 2: Password Self-service Reset
  • Lesson 3: Synchronizing Passwords – PCNS
  • Lesson 4: FIM Certificate Management
Lab : Password Self-service
  • Exercise 1: Verify and modify the environment
  • Exercise 2: Modify the configuration for password registration and reset
  • Exercise 3: Testing password registration and reset
  • Exercise 4: Configuring password reset lockout
Lab : Configuring PCNS
  • Exercise 1: Configuring PCNS
After completing this module, students will be able to:
  • Configure self-service password reset (and lockout) for chosen portal users.
  • Configure password synchronization across systems.
  • Identity where Certificate Management might be appropriate.
Module 7: Architecture, Installation, and Deployment
This module covers simple installation, in addition to likely production topologies, how to scale it, and other considerations (such as upgrade and migration).
Lessons
  • Lesson 1: Architecture
  • Lesson 2: Synchronization Service: Changes Since ILM 2007
  • Lesson 3: FIM Installation
  • Lesson 4: Deployment Topologies
After completing this module, students will be able to:
  • Understand the architecture of FIM and the new features that have been added to the synchronization engine.
  • Understand how FIM is installed, and the various possible topologies.
Module 8: Portal Configuration and Schema Model
This module covers interface configuration, including look and feel and navigation. The portal schema model is also considered: objects, attributes, bindings and validations; use of XPath and search scopes; usage keywords; localization, etc.; how to extend the schema; and the relationship with the metaverse schema.
Lessons
  • Lesson 1: Portal Configuration Basics
  • Lesson 2: Visualizing Resources
  • Lesson 3: Resource Types, Attributes, and Bindings
  • Lesson 4: Typical Steps for Extending Schema
Lab : Portal Customization
  • Exercise 1: Portal branding
Lab : Extending the Schema
  • Exercise 1: Add a new customer resource type
  • Exercise 2: New sets
  • Exercise 3: Create a search scope for customers
  • Exercise 4: Create RCDCs and navigation bar links
  • Exercise 5: Import the new resources to the metaverse
  • Exercise 6: Provision customers into AD as contacts
  • Exercise 7 (Optional interactive): Additional features
After completing this module, students will be able to:
  • Configure the portal, including home page, navigation bar, and search scopes.
  • Configure the visualization of resources such as users and groups.
  • Extend the schema to include new attributes, and new resource types.
Module 9: Operation, Monitoring, and Troubleshooting
This module looks at all the sources of information in FIM, including: ILM 2007 features (MV and CS search, event log, operations tool, etc.); managing requests and approvals; and auditing and reporting. Then it covers operational issues such as managing run cycles, backup procedures, monitoring activity, etc.
Lessons
  • Lesson 1: Operations
  • Lesson 2: Managing MPRs and Requests
  • Lesson 3: Other Sources of Information
Lab : Examining the Cmdlets
  • Exercise 1: Export data
  • Exercise 2: Compare data states
Lab : Examining Requests
  • Exercise 1: Examine the requests concerning group membership changes
  • Exercise 2: Construct and use a search scope to examine requests falling in a time period
After completing this module, students will be able to:
  • Use the additional features of FIM (versus ILM 2007) for operation, monitoring, and troubleshooting.
  • Manage and troubleshoot requests.
  • Use Windows PowerShell cmdlets for exporting and importing FIM Portal configuration.
Module 10: More Complex Workflows and MPRs
This module covers more complex workflows using functions and parameters, temporal (time-based) events, expiration, notification, and delayed actions. It examines Windows Workflow Foundation workflows and how to import them.
Lessons
  • Lesson 1: Time-based MPRs
  • Lesson 2: Workflow Functions and Parameters
  • Lesson 3: Custom Workflow Activities
Lab : Time-based MPRs
  • Exercise 1: Time-based features
Lab : Using Functions and Parameters
  • Exercise 1: Random password generation and notification
  • Exercise 2: Generate attribute values
Lab : Developing a Custom Workflow Activity
  • Exercise 1: Calling a simple WF activity from FIM
  • Exercise 2: Add pre-built activities to your custom activity
  • Exercise 3: Install a fully integrated custom activity
After completing this module, students will be able to:
  • Create and manage time-based groups, sets, and MPRs.
  • Create and use workflow parameters.
  • Import workflow activities.
  • Create a simple workflow activity.
Before attending this course, students must have:
  • Good working knowledge of ILM 2007 or Microsoft Identity Integration Server 2003 (MIIS) (equivalent to having attended Microsoft Learning Course 2731A: Deploying and Managing Microsoft Identity Integration Server 2003, and then being involved in an implementation).
  • A sound understanding of the purpose and workings of Active Directory.
  • A sound understanding of the purpose and workings of Microsoft Exchange Server.
  • A sound understanding of the purpose and workings of Microsoft SQL Server.
Looking for training resources, events and advice from peers? Join the Microsoft Training and Certification Community. Preparing for an exam now? Find your Microsoft Certification Study Group. Talk to us on these social networks:

Find Training Near You

Location:

Eg: Seattle, WA or Paris, France