Skip Ribbon Commands
Skip to main content

MS 50383B - Upgrading Identity Lifecycle Manager 2007 to Forefront Identity Manager 2010


Duration: 4 Days

Audience: Developers



Delivery Method:

Software Assurance Value:

Microsoft CPE:

Course Information

Course Description

This four-day instructor-led course equips participants already acquainted with Microsoft Identity Lifecycle Manager 2007 (ILM) with the additional knowledge and skills they need to plan for a Microsoft Forefront Identity Manager 2010 (FIM) deployment.

Course Objectives

After completing this course, students will be able to:
  • Understand FIM concepts and components.
  • Understand the scenarios for which FIM is appropriate.
  • Manage users, groups, policy, and credentials through the FIM Portal.
  • Synchronize identity data between the FIM Portal and other systems such as Active Directory.
  • Incorporate other data sources such as HR feeds.
  • Understand the issues involved in loading existing data (initial load and disaster recovery).
  • Understand the technical architecture of FIM.
  • Configure security for different levels of user.
  • Extend the schema to incorporate new objects and attributes.
  • Modify the interface, including look and feel, new or modified forms, and navigation.
  • Understand the features, tools, and issues that will be important when operating, auditing, and troubleshooting FIM in a production environment.
  • Incorporate custom workflows.

Course Audience

This course is intended for Systems Engineers, Developers, or Architects who need to gain a good understanding of how Forefront Identity Manager 2010 can be applied to manage identity information across a number of directories or databases.

Course Outline

Module 1: Introducing Microsoft Forefront Identity Manager 2010
This module provides a tour of many of the built-in features of FIM explored through the user experience. It explores with the FIM interface and high level architecture, and covers the business need that FIM addresses.
  • Lesson 1: Introducing FIM
  • Lesson 2: The User Management and User Experience
  • Lesson 3: Group Management
Lab : The User Management and User Experience
  • Exercise 1: Log on and take a look at the environment
  • Exercise 2: Create a contractor
  • Exercise 3: Edit your new user, and try logging on
  • Exercise 4: Add another user and see different permissions being applied
Lab : Simple Group Management
  • Exercise 1: Add yourself to a group
  • Exercise 2: Creating a distribution group
  • Exercise 3: Creating a criteria-based group
After completing this module, students will be able to:
  • Understand the additional identity management requirements that FIM addresses (as compared to ILM 2007).
  • Understand the very high level architecture of FIM.
  • Operate FIM as a user, understanding the high level functionality.
Module 2: Key Concepts
This module introduces and explores the key concepts: sets, activities, workflows and policies, how permissions are granted, how workflows are triggered, and different types of workflow.
  • Lesson 1: Policies, Sets, Workflows – Concepts, Design Philosophy
  • Lesson 2: Policies – Permission-granting (Only) MPRs
  • Lesson 3: Workflow MPRs
Lab : Permission-granting MPRs
  • Exercise 1: A look at a permission-granting MPR and some sets
  • Exercise 2: Permission-granting MPRs for self-service
  • Exercise 3: Make some changes to permission-granting MPRs
Lab : Workflow MPRs
  • Exercise 1: Examine some workflows
  • Exercise 2: Examine some other MPRs
  • Exercise 3: Modify a workflow MPR
After completing this module, students will be able to:
  • Understand how sets, workflows, and management policy rules (MPRs) are used to manage requests.
  • Make simple modifications to permissions and other MPR features.
Module 3: User and Group Management
This module provides detailed coverage of users and groups, including data entry; interesting attributes; different types of groups; group expiration, renewal, and ownership; the relationship with groups in Active Directory and other systems; and limitations.
  • Lesson 1: Users and the Portal
  • Lesson 2: Groups and the Portal
Lab : More About Users
  • Exercise 1: Examine the attributes of a user account
Lab : More About Groups
  • Exercise 1: Groups calculated on other groups
After completing this module, students will be able to:
  • Manage users in the FIM Portal, including sources of user objects, entering data, searching, and attributes, etc.
  • Manage groups in the FIM Portal, including the different types of groups and how they relate to Active Directory.
  • Understand the part that MPRs play in managing users and groups.
Module 4: Synchronizing Objects That Originate in the FIM Portal
This module begins with a reminder of how synchronization works in ILM 2007. Then it covers how FIM can be used to provision, manage, and deprovision AD and other sources; how FIM attributes authority and precedence; how to create codeless outbound inbound rules; and the coexistence of classic and codeless rules.
  • Lesson 1: Declarative Synchronization Rules Overview
  • Lesson 2: Outbound Declarative Sync Rules
  • Lesson 3: Inbound Synchronization
  • Lesson 4: Managing Active Directory without Code
Lab : Outbound Synchronization
  • Exercise 1: Investigate AD provisioning
  • Exercise 2: Investigate the AD outbound synchronization rule
  • Exercise 3: Add another outbound flow to AD
Lab : Inbound Synchronization
  • Exercise 1: Investigate and modify inbound synchronization
Lab : Managing Active Directory Without Code
  • Exercise 1: Make the DNs depend on department
  • Exercise 2: Enabling/disabling/deprovisioning an AD account according to user status
  • Exercise 3 (Optional interactive): Use an additional rule for disabling accounts
Lab : Adding and Provisioning a New Source
  • Exercise 1: Creating a New Source and Provisioning it with Accounts
After completing this module, students will be able to:
  • Understand the benefits and limitations of synchronization rules (versus “classic” rules).
  • Implement inbound and outbound synchronization rules.
  • Configure synchronization rules to manage Active Directory.
Module 5: Synchronizing Objects Originating in Other Systems
In this module synchronization is further explored, including the various scenarios in which FIM can be used; sources that are authoritative for objects, such as HR Feeds; the inclusion of sources that are not authoritative for objects, such as telephone systems; data discovery issues such as joining and data cleansing; and disaster recovery issues.
  • Lesson 1: Scenarios
  • Lesson 2: Incorporating Objects from Another Source
  • Lesson 3: Non-authoritative Sources and Initial Loads
Lab : Incorporate HR Data
  • Exercise 1: Importing the employees and creating user accounts for them in the FIM portal
  • Exercise 2: Create and import an inbound sync rule for the HR Data
  • Exercise 3: Configure the outbound flow and synchronize
  • Exercise 4: Final configuration of precedence, etc.
Lab : Cleanse and Join Existing Data
  • Exercise 1: Telephone data
After completing this module, students will be able to:
  • Understand the scenarios that involve inclusion in or migration to the FIM Portal.
  • Configure FIM for load and migration of existing data.
  • Respond appropriately to joining and data cleansing challenges.
Module 6: Managing Credentials with FIM
This module deals with password issues: password reset and the relationship with ILM 2007 password management and synchronization.
  • Lesson 1: FIM Password Management
  • Lesson 2: Password Self-service Reset
  • Lesson 3: Synchronizing Passwords – PCNS
  • Lesson 4: FIM Certificate Management
Lab : Password Self-service
  • Exercise 1: Verify and modify the environment
  • Exercise 2: Modify the configuration for password registration and reset
  • Exercise 3: Testing password registration and reset
  • Exercise 4: Configuring password reset lockout
Lab : Configuring PCNS
  • Exercise 1: Configuring PCNS
After completing this module, students will be able to:
  • Configure self-service password reset (and lockout) for chosen portal users.
  • Configure password synchronization across systems.
  • Identity where Certificate Management might be appropriate.
Module 7: Architecture, Installation, and Deployment
This module covers simple installation, in addition to likely production topologies, how to scale it, and other considerations (such as upgrade and migration).
  • Lesson 1: Architecture
  • Lesson 2: Synchronization Service: Changes Since ILM 2007
  • Lesson 3: FIM Installation
  • Lesson 4: Deployment Topologies
After completing this module, students will be able to:
  • Understand the architecture of FIM and the new features that have been added to the synchronization engine.
  • Understand how FIM is installed, and the various possible topologies.
Module 8: Portal Configuration and Schema Model
This module covers interface configuration, including look and feel and navigation. The portal schema model is also considered: objects, attributes, bindings and validations; use of XPath and search scopes; usage keywords; localization, etc.; how to extend the schema; and the relationship with the metaverse schema.
  • Lesson 1: Portal Configuration Basics
  • Lesson 2: Visualizing Resources
  • Lesson 3: Resource Types, Attributes, and Bindings
  • Lesson 4: Typical Steps for Extending Schema
Lab : Portal Customization
  • Exercise 1: Portal branding
Lab : Extending the Schema
  • Exercise 1: Add a new customer resource type
  • Exercise 2: New sets
  • Exercise 3: Create a search scope for customers
  • Exercise 4: Create RCDCs and navigation bar links
  • Exercise 5: Import the new resources to the metaverse
  • Exercise 6: Provision customers into AD as contacts
  • Exercise 7 (Optional interactive): Additional features
After completing this module, students will be able to:
  • Configure the portal, including home page, navigation bar, and search scopes.
  • Configure the visualization of resources such as users and groups.
  • Extend the schema to include new attributes, and new resource types.
Module 9: Operation, Monitoring, and Troubleshooting
This module looks at all the sources of information in FIM, including: ILM 2007 features (MV and CS search, event log, operations tool, etc.); managing requests and approvals; and auditing and reporting. Then it covers operational issues such as managing run cycles, backup procedures, monitoring activity, etc.
  • Lesson 1: Operations
  • Lesson 2: Managing MPRs and Requests
  • Lesson 3: Other Sources of Information
Lab : Examining the Cmdlets
  • Exercise 1: Export data
  • Exercise 2: Compare data states
Lab : Examining Requests
  • Exercise 1: Examine the requests concerning group membership changes
  • Exercise 2: Construct and use a search scope to examine requests falling in a time period
After completing this module, students will be able to:
  • Use the additional features of FIM (versus ILM 2007) for operation, monitoring, and troubleshooting.
  • Manage and troubleshoot requests.
  • Use Windows PowerShell cmdlets for exporting and importing FIM Portal configuration.
Module 10: More Complex Workflows and MPRs
This module covers more complex workflows using functions and parameters, temporal (time-based) events, expiration, notification, and delayed actions. It examines Windows Workflow Foundation workflows and how to import them.
  • Lesson 1: Time-based MPRs
  • Lesson 2: Workflow Functions and Parameters
  • Lesson 3: Custom Workflow Activities
Lab : Time-based MPRs
  • Exercise 1: Time-based features
Lab : Using Functions and Parameters
  • Exercise 1: Random password generation and notification
  • Exercise 2: Generate attribute values
Lab : Developing a Custom Workflow Activity
  • Exercise 1: Calling a simple WF activity from FIM
  • Exercise 2: Add pre-built activities to your custom activity
  • Exercise 3: Install a fully integrated custom activity
After completing this module, students will be able to:
  • Create and manage time-based groups, sets, and MPRs.
  • Create and use workflow parameters.
  • Import workflow activities.
  • Create a simple workflow activity.

Course Prerequisites

Before attending this course, students must have:
  • Good working knowledge of ILM 2007 or Microsoft Identity Integration Server 2003 (MIIS) (equivalent to having attended Microsoft Learning Course 2731A: Deploying and Managing Microsoft Identity Integration Server 2003, and then being involved in an implementation).
  • A sound understanding of the purpose and workings of Active Directory.
  • A sound understanding of the purpose and workings of Microsoft Exchange Server.
  • A sound understanding of the purpose and workings of Microsoft SQL Server.
Course Schedule
This course is not scheduled yet.