Enterprise Identity Management with Microsoft Forefront

Implement a complete Identity Management solution using Microsoft Forefront Identity Manager 2010 R2 SP1
3.6 (10 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
86 students enrolled
82% off
Take This Course
  • Lectures 36
  • Length 2.5 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 12/2014 English

Course Description

In this video tutorial, we will follow a fictive company called “The Company”, as it implements a complete Identity Management solution, helping you to understand the implementation of an IdM solution based on FIM 2010 R2. We will go the whole nine yards, from installing FIM 2010 R2 to implementing synchronization, workflows, and self-service features.

Using FIM 2010 R2, The Company will help guide your efforts to modernize your Identity Management solution by showing you how to implement both automation and self-service functionality.

Using the HR system as a master system for users, The Company will be able to automate account management in their Active Directory. Adding self-service will help people help themselves by enabling them to be productive again, for example, if users forget their password or want to join groups without the need to call the helpdesk.

This video course will open your mind to the possibilities of FIM 2010 R2.

About the Author

Kent Nordström wrote his first lines of code in the late 70s so he’s been working with IT for quite some time now. When Microsoft released its Windows 2000 operating system he started a close relationship with them that has continued since. For many years Kent has been working part time as a sub-contractor to Microsoft Consulting Services and has been doing many of the implementations of FIM and its predecessors for multinational companies and large organizations in Sweden. Apart from FIM, Kent is also well known within the community for his knowledge around Forefront TMG, Forefront UAG and PKI.

What are the requirements?

  • This video course tells you the story of a fictional company, imaginatively called The Company, as they implement an efficient Identity Management system utilizing best practices. The course contains practical examples and a step-by-step approach to help you learn how to develop your own solution quickly and efficiently.

What am I going to get from this course?

  • Implement all the features of FIM 2010 R2
  • Set up Smart Card management
  • Configure FIM 2010 R2 to automate account management in Active Directory
  • Configure the self-service password reset feature of FIM 2010 R2
  • Incorporate FIM 2010 R2 Certificate Management to allow managers to issue smartcards
  • Generate comprehensive reports in FIM

Who is the target audience?

  • If you are implementing and managing FIM 2010 R2 in your business, then this video course is for you. You will need to have a basic understanding of Microsoft-based infrastructure using Active Directory. If you are new to Forefront Identity Management, the case-study approach of this video course will help you understand the concepts and implement them quickly and efficiently. Even if you're well-versed with the technology, this is a great guide to strengthen your knowledge.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Installing FIM 2010 R2 on Windows Server 2012

Installing SPF 2013 to be used by FIM requires some special installation steps and configurations.


The main problem with the FIM service accounts is the Kerberos configuration required for the final solution to work.


If we do not use SQL aliases, we will have difficulty in moving between test and production and scaling the solution by moving databases if required.


Discussing the different choices given during the synchronization service installation.


Discussing the different choices given during the service and portal installation.

Section 2: Basic Configuration of FIM Synchronization and FIM Service

The FIM Service MA is a special MA that requires some special configuration.


Deciding the parts of AD as well as the objects and attributes managed by FIM are often a challenge when designing a FIM solution.


The Run Profiles available to use for a connected system will decide how fast changes can be propagated through the FIM system.


Managing the FIM Service schema and the FIM synchronization service schema is sometimes challenging.


Initial load, when connecting existing objects, is a special case we need to consider when starting our FIM environment.

Section 3: User Management

Structuring the data from our HR system to fit the needs of FIM will increase the usability of our HR data.


FIM has the ability to provision new users in AD by just selecting a few check boxes.


Using the built-in Bit operation functions in FIM helps us manage attributes such as userAccountControl


If you have Exchange, you can add creation of mailboxes to your FIM solution.


Deleting objects is a difficult choice since traceability might be lost if objects are deleted.

Section 4: Group Management

In AD, the group object has its groupType attribute, which needs to be mapped to corresponding settings in FIM.


FIM can manage organizational unit object but can map these to groups in AD.


By default, group management is disabled in FIM. We also need to make sure that attributes used in dynamic groups are configured in FIM.


Defining who should be allowed to what in FIM becomes an important question as soon as we allow some Self-service.


Deploying the Outlook Add-in and training users how to work with groups might be a challenge with FIM.

Section 5: Configuring FIM for Self-service

Making sure that all the required attributes are in place is one problem; the other is to have the correct MPRs activated.


The problem is to define who should have access to the SSPR feature and how should they authenticate.


The problem is to define who and which attributes to allow users to manage.


The problem is that, the operations helpdesk needs to perform, require some customization of the FIM UI and policies.

Section 6: Customizing FIM

There is no WYSIWYG editor to modify the look and feel of the portal. All changes have to be made to the configuration and XML files.


Building your own WF activity can be challenging. There are similar activities available from 3rd party suppliers or as open source.


FIM lacks functions to convert some data types. Using a few lines of code in a classic rules extension usually solves this problem.


If you need FIM to connect to a system for which no management agent is available, a PowerShell MA might be an easy way to solve the problem.

Section 7: Reporting

Depending on the version of SCSM, the installation requires different updates to FIM.


The initial data jobs required, before we get any data in the reports, might take a long time.


The problem with viewing the reports is to know how to filter the results to get the expected data.


Permission in SQL Reporting is required to be set, and making a custom UI modification in the FIM Portal requires special MPRs.

Section 8: Issuing Smart Cards Using FIM

Prerequisites are much more complex than the actual installation of FIM CM.


There are many steps in the Configuration Wizard, and it is easy to make some minor mistakes that will cause you to start the process again.


The CA need to have the correct SQL and Signing Certificate information.


The FIM CM profile templates are very complex and rely on a number of permissions in AD as well.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Packt Publishing, Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.

Ready to start learning?
Take This Course