M50382: Implementing Forefront Identity Manager 2010 Version: A Length: 4 Days Published: June 15, 2010 Language(s): English Audience(s): Developers Level: 200 Technology: Microsoft Forefront Identity Manager Type: Course Delivery Method: Instructor-led (classroom) About this Course This four-day instructor-led courseintroduces and explains the features and capabilities of Microsoft Forefront Identity Manager 2010 (FIM), and provides an overview of the solution scenarios that FIM addresses. The course format includes presentation, discussion, demonstration, and many hands-on exercises. It is intended for students who have no previous Forefront Identity Manager 2010 or Microsoft Identity Lifecycle Manager 2007 (ILM) experience. Audience Profile This course is intended for Systems Engineers, Developers, Architects, and Project Leaders who need to gain a good understanding of how Forefront Identity Manager 2010 can be applied to manage identity information across a number of directories or databases. It is also suitable for those who simply want to review the technology in some depth. At Course Completion After completing this course, students will be able to: oUnderstand FIM concepts and components. oIdentify appropriate FIM scenarios. oManage users, groups, and passwords using FIM. oSynchronize identity data across systems, such as Active Directory and HR. oUnderstand the issues involved in loading data (initial load, backup, and disaster recovery). oConfigure security for different levels of user. oManage password self-service reset and synchronization. oAutomate run cycles. oHandle sets, simple workflows, and management policy rules (MPRs). Before attending this course, students must have: oA sound understanding of the purpose and some experience of the workings of Active Directory. oA sound understanding of the purpose and some experience of the workings of Microsoft Exchange Server. oA sound understanding of the purpose and some experience of the workings of Microsoft SQL Server. Course Outline Module 1: Introducing Forefront Identity Manager 2010 This module is a tour of many of the built-in features of FIM focusing on the user experience. The student will explore the FIM interface, the high level architecture of FIM, and the business needs that FIM addresses. In this module, the student will examine FIM in its installed and configured state, whereas the rest of the course will be spent understanding how FIM works, and building the fully configured FIM from a raw installation. The lab explores creating a new user, managing groups and credentials for that user, and the experience of that new user. Lessons oLesson 1: Introducing FIM oLesson 2: Synchronization Concepts oLesson 3: Other FIM Concepts Lab : The FIM Experience oExercise 1: Log on and examine the environment oExercise 2: Add some new users and examine group memberships oExercise 3: Examine how groups are managed oExercise 4: The user experience After completing this module, students will be able to: oUnderstand what an identity management system is for, and how FIM meets these requirements. oOperate FIM as a user, while understanding the high level functionality. Module 2: The Synchronization Service Manager This module introduces the FIM Synchronization Service Manager and explains its features through scenarios that do not use the FIM Portal. It introduces the main tools (such as Metaverse Designer, Operations Tool, and Joiner), and covers the basic configuration of a Management Agent along with run profiles, results verification, and simple Metaverse search. During the lab, students will create a new Management Agent for a simple HR system. Lessons oLesson 1: The Synchronization Service oLesson 2: The Synchronization Service Manager: The Management Agents Tool oLesson 3: Synchronization Service Manager: Other Tools Lab : Importing and Synchronizing Data oExercise 1: Connect to an HR data source and import identity data oExercise 2: Examine the metaverse oExercise 3: Importing changes After completing this module, students will be able to: oUnderstand the purpose, architecture, and functionality of the Synchronization Service. oUnderstand the purpose of the Synchronization Service Manager. oCreate a simple SQL Server management agent, import identity data, and manage it. Module 3: More About Synchronization This module looks at various types of Management Agent (MA), including LDAP and file-based sources. It covers concepts such as schema discovery, filters, join and projection rules, connectors and disconnectors, joining, provisioning, deprovisioning, and different kinds of attribute flow. In the lab, students create two more Management Agents, and establish a simple data-driven scenario for managing a directory (AD LDS). Lessons oLesson 1: Inbound Synchronization oLesson 2: Outbound Synchronization Lab : Joining Data from Another MA oExercise 1: Creating and configuring the MA oExercise 2: Importing, synchronizing, and joining data oExercise 3: Breadcrumbing and testing Lab : Provisioning AD LDS oExercise 1: Creating an AD LDS MA oExercise 2: Provisioning AD LDS After completing this module, students will be able to: oUnderstand the Synchronization Service at a more detailed level. oConfigure inbound and outbound synchronization for different types of MA. oApply "classic" rules to simple identity synchronization requirements. Module 4: The FIM Service and Portal This module introduces the FIM Synchronization Service Manager and explains its features through scenarios that do not use the FIM Portal. It introduce the main tools (such as Metaverse Designer, Operations Tool, and Joiner), and covers the basic configuration of a Management Agent along with run profiles, verifying results, and simple Metaverse search. During the lab, students create a new Management Agent for a simple HR system. Lessons oLesson 1: Introducing the Portal oLesson 2: Integrating the FIM Service and FIM Synchronization Service Lab : Managing Users in the FIM Portal oExercise 1: Examining simple sets and MPRs oExercise 2: Create and modify a user Lab : Creating the FIM MA and Synchronizing oExercise 1: Create the FIM MA oExercise 2: Synchronizing data After completing this module, students will be able to: oUnderstand the key FIM service concepts such as sets, workflows, and management policy rules. oNavigate the FIM Service Portal, and use the portal`s permission-granting system. oEdit identity data in the FIM Portal. oIntegrate the FIM Service and the FIM Synchronization Service. Module 5: Managing Synchronization from the Portal This module explores creation of an Active Directory MA, and configuration via the portal to manage mailbox-enabled users in AD. Aspects of this process include synchronization rules, workflows, and management policy rules, including complex attribute flows. In the labs, students configure FIM so that users are automatically created (provisioned) into AD, renamed, and removed (deprovisioned) as necessary. Lessons oLesson 1: Synchronization Rules oLesson 2: Outbound Synchronization Rules oLesson 3: Managing Users in Active Directory oLesson 4: More About Synchronization Rules Lab : Inbound Synchronization Rules oExercise 1: Using a synchronization rule to manage the HR data MA Lab : Synchronizing Active Directory Users oExercise 1: Provision users in Active Directory oExercise 2: Configure automatic OU provisioning and population based on DN After completing this module, students will be able to: oUnderstand inbound and outbound synchronization rules and how these relate to "classic" rules. oCreate and configure synchronization rules to manage identity data, including Active Directory (AD) Users. oControl AD users including enable/disable and DN renames. Module 6: Managing Credentials with FIM This module primarily explores passwords. First, it addresses the essentials of Certificate Management, and then explores in detail the self-service password reset and password synchronization functions. The two labs cover all aspects of password management in FIM (with the exception of writing custom password management workflows and extensions). Lessons oLesson 1: FIM Password Management oLesson 2: Password Self-service Reset oLesson 3: Synchronizing Passwords - PCNS oLesson 4: FIM Certificate Management Lab : Password Self-service oExercise 1: Verify and modify the environment oExercise 2: Modify the configuration for password registration and reset oExercise 3: Testing password registration and reset oExercise 4: Configuring password reset lockout Lab : Configuring PCNS oExercise 1: Configuring PCNS After completing this module, students will be able to: oConfigure self-service password reset (and lockout) for chosen FIM Portal users. oConfigure password synchronization across systems. oIdentify where the use of Certificate Management might be appropriate. Module 7: Group Management This module covers the management of distribution and security groups, including the relationship between groups in Active Directory and other systems. Synchronization rules, workflows, and MPRs are explored further, along with the configuration of workflow approvals. Lessons oLesson 1: Groups and the Portal oLesson 2: Managing Groups in Active Directory Lab : Managing Groups oExercise 1: Distribution groups oExercise 2: Provisioning distribution groups in Active Directory oExercise 3: Security groups oExercise 4: Provisioning security groups in Active Directory After completing this module, students will be able to: oManage various types of groups in the FIM Portal, including self-service and member approval workflows. oConfigure FIM so that portal groups manage the corresponding AD groups. Module 8: Other Considerations This module examines management policy rules (MPRs)-perhaps the most important feature of FIM. It explores the different types of management policy rules, their different uses, how they are processed, and how to troubleshoot them. Then it examines some operational considerations, such as the management of run cycles using scripts, and also covers backup, restore, and disaster recovery. Lessons oLesson 1: Managing MPRs oLesson 2: Operations Lab : Portal Security oExercise 1: Configuring portal permissions Lab : Examining Requests oExercise 1: Examine the requests concerning group membership changes Lab : Backup, Restore, and Disaster Recovery oExercise 1: Perform a data reload oExercise 2: Backup oExercise 3: Restore Lab : MA Run Scripts oExercise 1: Running MA run profiles with scripts Lab : Finishing Touches oExercise 1: Finishing touches After completing this module, students will be able to: oUnderstand the various types of MPR, why they are used, and where they are used. oUnderstand the nature of requests, and how requests can be managed and tracked. oConfigure a system for a regular cycle of Management Agent runs. oDeal with simple backup and recovery scenarios.