Wednesday, November 26, 2014

FIM Rollup hotfix 4.1.3613



Very short post, just to let you guys know that there is a new hotfix for FIM 2010 R2 SP1. 

It includes updates for sync, service, portal, BHOLD and CM. The KB article can be found here http://support2.microsoft.com/kb/3011057. The version numbers are FIM 4.1.3613.0 and for BHOLD 5.0.2836.0.

As always, make sure to backup your systems before applying and test before putting into production.

Tuesday, November 4, 2014

Securing your Active Directory data before FIM exports

When implementing FIM 2010 at customers, I like to do my own simple backup of the Active Directory objects that FIM is about to touch or change. Of course, you should have your normal Active Directory backup is place as well, but having my copy of  the attribute values allow me to do restore or "roll back" of selected attributes if so needed.

Also, I have a few customers that use these scripts on a scheduled basis to just keep track of changes in Active Directory or even backup before another implementor is allowed to add or change data in their directory.

I have two scripts - a backup script and a restore script.

Backing up

The backup script basically reads the objects that I want to backup from Active Directory and saves these objects in XML files - one file for each object, typically users and groups. The script takes two parameters, the LDAP filter and the backup directory where you want to save the XML files. So to backup all users with accountname starting with A, use the script like this -

.\backup-object.ps1 -filter '&(objectclass=user)(samaccountname=a*))' -backupdir 'c:\adbackup'

Restoring

If at sometime, you would want to restore any attributes on any of the backed up Active Directory objects, you can use the restore script. The restore script takes two parameters as well, a list of attributes that you want restore and a path to the backup directory containing the XML files that you previously backuped up.

The restore script expects you to feed it the usernames of the users to restore through the pipeline. So to restore the 'givenName' and 'sn' attributes on Bill Gates and Steve Ballmer, use the restore script like this -

"billg", "steveb" | .\restore-object.ps1 -attributes 'givenName', 'sn' -backupdir 'c:\adbackup'

If you want the scripts, you can get them here.