Window Azure AD Connector : Group Membership.

Group membership of on-premise not sycing to Office 365.

Sometime the membership to the group on-premise will not match to the number of membership to the group in O365. There could be numerous reason the number will not match, are all the member to the group on-premise present in Azure AD ? 

If all the member to the group are present in Azure AD and still not member to the group in O365. check the membership of the group in  Azure AD and in EXO.

Determine the group member count in Azure AD

1.  Connect to MSOL (connect-msolservice)

2.  Run get-msolgroup -searchstring "GroupName" | foreach {(Get-MsolGroupMember -GroupObjectId $_.objectid.guid).count}

Determine the group member count in EXO

1. Connect to Exchange online shell
https://technet.microsoft.com/en-us/library/jj984289

2. Run (Get-DistributionGroupMember "GroupName").count

  If the count is different, there is no option left with us to fix it,Raise a case with Microsoft and they will sync the group membership at backend. 

Happy New Year to All .

FIM 2010 R2 to MIM 2016 InPlace Upgrade [ excluded service and portal ]

As most of our FIM infrastructure is in Server 2008 R2, It always a business decision whether we are doing in place upgrade or migrate it over to totally new Server 2012.

FIM 2010 R2 to MIM 2016 InPlace Upgrade [ excluded service and portal ]

1. Snapshot of VM
2. Back up of your database
3. .Net framework of 4 or higher is supported by MIM, if it is not there make sure it is upgraded to 4 or higher version.
4. Change the compatibility level of SQL to 100 using SQL Management Studio.
5. Backup the encryption key

 It is very important to back up the encryption key if you plan to use the existing database.  The reason for this is that the server configuration, extension DLLs and other vital information is stored in the database.  It will make life much easier in your migration upgrade.

6. Backup the extensions folder

 This is not absolutely necessary unless you plan to start with a clean database.  The extension DLLs are actually stored in the backend database as well as the extensions folder.  If you backed up the encryption key before moving or restoring the existing database from FIM, then these DLLs will be re-populated into the extensions folder.

 If for some reason you do not see the DLLs, then utilize your backup of the previous extensions folder to repopulate your Extensions.

7. Backup the source code.

Nowhere it is mentioned to uninstall the FIM , if you are doing a inplace upgrade you have to uninstall the FIM from Control Panel\All Control Panel Items\Programs and Features.

Once the FIM software uninstalled restart the server.

Navigate to the location of the Installation files for MIM 2016 Synchronization Service and begin the installation.

While installing point your SQL server instance to FIM Synchronization database of FIM and steps are same like FIM installation however the installer will discover the FIMSynchronization database and asked for the encryption key.After entering the Key it will start rebuilding your index and FIM will upgrade to MIM.

Please do test all your logic and upgradation in Test before moving to production.

All the Best..!!

FIM/ MIM Integration | ServiceNow MA

This article can be refer as reference only, how can you build your first Management Agent connect to Service Now.  The samples code show how to call the Service Now REST API from ECMA 2.0

The table for users is sys_user in Service Now or get the details of table from service now developer.

https://MyInstance.service-now.com/api/now/table/sys_user

Service Now API exchange the information in form of JSON (Java Script Object Notation)

To parse JSON object in C#, use the Newtonsoft JSON library  http://www.newtonsoft.com/json

The Code, please make your own adjustment according to your need, 

	using System;
	using System.IO;
	using System.Xml;
	using System.Text;
	using System.Collections.Specialized;
	using Microsoft.MetadirectoryServices;
	using System.Collections.ObjectModel;
	using System.Collections.Generic;
	using Newtonsoft.Json;
	using Newtonsoft.Json.Linq;
	using System.Net;
	namespace FimSync_Ezma
	{
	public class EzmaExtension :
	//IMAExtensible2CallExport,
	IMAExtensible2CallImport,
	//IMAExtensible2FileImport,
	//IMAExtensible2FileExport,
	//IMAExtensible2GetHierarchy,
	IMAExtensible2GetSchema,
	IMAExtensible2GetCapabilities,
	IMAExtensible2GetParameters
	//IMAExtensible2GetPartitions
	{
	private int m_importDefaultPageSize = 1200;
	private int m_importMaxPageSize = 1500;
	public string Password;
	public string Username;
	public string path;
	//
	// Constructor
	//
	public EzmaExtension()
	{
	//
	// TODO: Add constructor logic here
	//
	}
	public MACapabilities Capabilities
	{
	get
	{
	MACapabilities myCapabilities = new MACapabilities();
	myCapabilities.ConcurrentOperation = true;
	myCapabilities.ObjectRename = false;
	myCapabilities.DeleteAddAsReplace = true;
	myCapabilities.DeltaImport = true;
	myCapabilities.DistinguishedNameStyle = MADistinguishedNameStyle.None;
	myCapabilities.ExportType = MAExportType.AttributeUpdate;
	myCapabilities.NoReferenceValuesInFirstExport = false;
	myCapabilities.Normalizations = MANormalizations.None;
	return myCapabilities;
	}
	}
	public int ImportDefaultPageSize
	{
	get
	{
	return m_importDefaultPageSize;
	}
	}
	public int ImportMaxPageSize
	{
	get
	{
	return m_importMaxPageSize;
	}
	}
	public CloseImportConnectionResults CloseImportConnection(CloseImportConnectionRunStep importRunStep)
	{
	return new CloseImportConnectionResults();
	}
	public IList<ConfigParameterDefinition> GetConfigParameters(KeyedCollection<string, ConfigParameter> configParameters, ConfigParameterPage page)
	{
	List<ConfigParameterDefinition> configParametersDefinitions = new List<ConfigParameterDefinition>();
	switch (page)
	{
	case ConfigParameterPage.Connectivity:
	configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("path", ""));
	configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Username", ""));
	configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Password", ""));
	break;
	//case ConfigParameterPage.Global:
	// break;
	//case ConfigParameterPage.Partition:
	// break;
	//case ConfigParameterPage.RunStep:
	// break;
	}
	return configParametersDefinitions;
	}
	public GetImportEntriesResults GetImportEntries(GetImportEntriesRunStep importRunStep)
	{
	List<CSEntryChange> csentries = new List<CSEntryChange>();
	GetImportEntriesResults importReturnInfo;
	WebClient c = new WebClient();
	c.UseDefaultCredentials = true;
	c.Credentials = new NetworkCredential(this.Username, this.Password);
	var data = c.DownloadString(this.path);
	var jObject = Newtonsoft.Json.Linq.JObject.Parse(data);
	var listResult = jObject["result"];
	string name1 = "", email1 = "";
	foreach (var result in listResult)
	{
	name1 = result["name"].ToString();
	email1 = result["email"].ToString();
	CSEntryChange csentry1 = CSEntryChange.Create();
	csentry1.ObjectModificationType = ObjectModificationType.Add;
	csentry1.ObjectType = "Person";
	csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("name", name1));
	csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("email", email1));
	csentries.Add(csentry1);
	}
	importReturnInfo = new GetImportEntriesResults();
	importReturnInfo.MoreToImport = false;
	importReturnInfo.CSEntries = csentries;
	return importReturnInfo;
	}
	public Schema GetSchema(KeyedCollection<string, ConfigParameter> configParameters)
	{
	Microsoft.MetadirectoryServices.SchemaType personType = Microsoft.MetadirectoryServices.SchemaType.Create("Person", false);
	//myname = configParameters["myname"].Value;
	string myattribute = "name";
	string myattributes = "email";
	if (myattribute == "name")
	{
	personType.Attributes.Add(SchemaAttribute.CreateAnchorAttribute(myattribute, AttributeType.String));
	}
	if (myattributes == "email")
	{
	personType.Attributes.Add(SchemaAttribute.CreateAnchorAttribute(myattributes, AttributeType.String));
	}
	Schema schema = Schema.Create();
	schema.Types.Add(personType);
	return schema;
	}
	public OpenImportConnectionResults OpenImportConnection(KeyedCollection<string, ConfigParameter> configParameters, Schema types, OpenImportConnectionRunStep importRunStep)
	{
	this.path = configParameters["path"].Value;
	this.Username = configParameters["Username"].Value;
	this.Password = configParameters["Password"].Value;
	return new OpenImportConnectionResults();
	}
	public ParameterValidationResult ValidateConfigParameters(KeyedCollection<string, ConfigParameter> configParameters, ConfigParameterPage page)
	{
	ParameterValidationResult myResults = new ParameterValidationResult();
	return myResults;
	}
	};
	}

view raw ServiceNow.cs hosted with ❤ by GitHub

The password is not encrypted.

Configure Run Profile "Full Import" and run it.
In connector it will import all the users from service now table.

Thanks.. Best of LUCK.

.

FIM 2010 : ECMA 2.0 Connector XML

Pushed ECMA XML Connector to Tech Net Article. Below is the Link

FIM 2010 : ECMA 2.0 Connector XML

Asp.Net Web Service Application in Visual Studio 2015

It took some time to figure me out how to use the webservice in Visual Studio 2015, So blogging it here...

via GIPHY

ASP.NET Web Service Application project template is not available for .Net framework 4.0, however, available for .Net Framework 3.5.

If you want to use ASMX, choose ASP.NET Empty Web application and then you can add ASMX files to the project.

Create a new project targeting the .NET Framework 3.5

Add New Item to the Project.

Now you can start writing your webservice

Thats all for today..!!

FIM SQL Group Membership

Do you love SQL and not in favour to invoke powershell Script to get the list of  membership of the group in AD ? and want to find the membership of the group in SQL.

And there are SQL query to find the group mebership of FIM Group.


Just run the below SQL query, the name of the group is grouptest.

select displayName,employeeID from mms_metaverse where object_id in ( select reference_id from mms_mv_link where attribute_name ='member' and object_id in (select object_id from mms_metaverse where displayname in ('grouptest')))

Thanks

Powershell infinity loop

When you work with application Support or devlopment, There some times there is a need  to capture the logs occurance of certain activity , however you do not know when it will occurr and you want alert mails and customized report to generate when it occur.

You can Scheduled your script to run in task schedular every minute or second, What you will do when you do not have the right to update the task schedular or view it?

Scripter more commonly use the for(;;) construct to signify an infinite loop in Powershell.

In Below Screenshot, the script sleep for every 3 min and invoke the logic of the script.

Thank You.

ECMA : Get-Schema

Writing my first ECMA connectors with Webservice [ Get-Schema ] ... The road was not easy for a admin to write code or to build connectors for the webservice, During this process I picked C# book and learn the content of Interface and Webservice. For beginer it is recomded to learn the below topic before witing the code.

1. Interface
2. How to call a webservice C#.

Get Schema , While building the connector we have to write the schema.Schema may be define as the field or property of the connector.

The below is the schema code, I hope it help some one in writing the schema of the connectors who want to learn how to build the connector in FIM or MIM.

Here I have two property or filed "FirstNAme" and "SecondName".

The field or Attribute in the connector

Thats all... for today,.. Happy Coding.

Do you love Automation

Do you love Automation? If yes then almost all your need can be fix with PowerShell in FIM & especially in Microsoft World.

The world is changing and from a long time, Microsoft is pushing automation to the core.. Developers are learning How to build infrastructure, it’s a High time for the IT Support professional to embrace cloud and Automation.

I am back and stop looking for JOB, I was in believe when i switch to new profile or company i will get a job what I am looking for, so far it has not happen with me.

Let’s learn my own and stop looking for Job.

How FIM admin can utilize the power of PowerShell.

FIM or MIM come with PSSnapinin FIMAutomation. However snappin is an old way of doing things, if we want to have all the cmdlet of FIM we have to registered the PSSnapinin in PowerShell.

// How to registered the Snappin in Powershell.

Powershell Army is back.

Single-Sign on Facebook [Azure]

Azure Active Directory is not only a directory service in cloud, it is a tool which Identity Management professional will like in coming days. It providing the additional feature below.

Single Sign on.
Multifactor Authentication.
Self-Service password Reset.

For those who hate ADFS, you can enable single sign on without ADFS , just you have to sync the user from on premise AD to Azure AD with the help of Azure AD connect. [Note Azure AD connect is a lighter version of FIM or MIM].

[[ How to enable single sign-on to my facebook accounts. ]]

I am assuming we are pretty much familiar with Azure Portal now..!!

    1.      In Default Directory click Add an application.

2. Select facebook from the search option and in display name filed give appropriate name.

3.       We can see the option facebook application is added and assign the account facebook application.

4. Here the account RajaVillageSync has been assigned the facebook account.

5. Here I have given my facebook account information.

6. Log out and connect to https://myapps.microsoft.com/ and it will show the list of application for which the single-sign is enabled, Click the facebook icon and it will re-direct the user to facebook.

MIM 2016 in Cloud.

I was thinking of installing the MIM 2016,but the hardware requirement forced me to delay it from quite long time, Realize the power of cloud within one hours i was able to install MIM 2016 in Azure.

Learning Azure#1 Host your site [Azure].

Need to ramp up soon in Cloud, before it become an Emergency.. #Learning 1.

Excited Microsoft Road show is round the corner and started embracing the cloud.

Note: This are just my thought process and not be the best practice in IT, As someone say

Keep yourself updated.

Start writing what you learned.

Host your site [Azure].

1. Create VM on Azure cloud.

2. Go to Server Mnager Dashboard 

3. Add roles and feature [ Web Server ]

4. Create a End Point [Http  Port 80 ]

5. If you know how to write Html, Browse the C:\inetpub\wwwroot the default location in my Window Server 2012 R2 and modify 'iisstart'

6. The FUN... In Internet, browse the DNS name of your machine and you will see this pages.

The page is not available now, as I had deleted my VM  now [ COST FACTOR ].

Keep learning Cloud.