Find MIM Active Workflow Definitions
Need to find the workflow definitions that are actually configured to be active? It’s a good way to find configuration bloat that could be cleaned up.
Recent Posts
Calling the MFA SDK with PowerShell Invoke-Command
Had a fun question to answer the other day, “How many users have OAuth tokens?”.
Event Log Entry Count By Severity
Visualizing the count of Event Log events on a computer can be helpful in some cases: starting to investigate an issue - does the issue coincide with an i...
Query the MIM Service Database for Group Membership
Got a MIM Service database backup? You should. Got it configured in Azure with a retention policy? Got it encrypted?
Add IP Addresses to a Firewall Rule
Some of our services are locked down with a list of approved IP addresses. It can be a pain to manage sometimes using the firewall UX so this snippet comes ...
Get AAD Deleted Users Using Graph
Need to gather detail on deleted AAD user objects, and Graph once again comes to the rescue.
Get Group Member Count Using Graph and PowerShell
Group count can be a useful piece of data, I use it sometimes to check the consistency of a group between on-premises and Azure Active Directory.
Add a MIM Service Administrator
Short sample to show how to use PowerShell to add a member to the MIM Service Administrators Set.
Get MIM Sync Attribute Flow
MIM Synchronization configurations can get quite large sometimes, making it very difficult to visually navigate configuration such as attribute flow rules. ...
February Retro
Looking back over a sprint to add up all the completed work is such a mental reward. Too often I blow right through into the next sprint without stopping. I...
Read Excel Spreadsheets with PowerShell
My team owns a system that accepts input as an Excel spreadsheet, and sometimes we need to automate tasks given that input. The Open XML SDK seemed like the...
Cancel a MIM Request
Sometimes you just want to cancel a bunch of MIM Requests. You can do it in the MIM Portal using the handy ‘Cancel’ button when viewing Requests.
Log Analytics Query Latency
Getting log data from systems into Log Analytics has transformed how I operate systems. A good example is the MIM Synchronization Run History data, it conta...
Multiple Series with Kusto
Kusto has to be my favorite thing to learn these days, it’s as rewarding as learning PowerShell because it’s an abstraction over so many things. In PowerShel...
MIM Service Dyamic Logging
Dynamic Logging Over the weekend a rather large MIM Service computer experienced an outage. The FIMService service was taking 100% of the CPU, and was not r...
Finding Email Templates in the MIM Service
Finding Email Templates As a service engineer supporting a large MIM deployment I still get to do fun maintenance tasks even though there is not much feature...
Converting Log Analytics Query Responses to PowerShell PSCustomObjects
Log Analytics Query API Getting to be a fan of the Log Analytics Query API because it enables queries over just HTTP without other dependencies. The respons...
Weekly Retro - May 1
So Retro My favorite ceremony in scrum is the sprint retrospective because it provides the opportunity to inspect and adapt. This is my weekly post about th...
View SPF Details from DNS Using PowerShell
SPF records are something I am working with this week and needed to look at some so I figured PowerShell would be a fun way to do it. Here’s the short snipp...
Weekly Retro - April 24
So Retro My favorite ceremony in scrum is the sprint retrospective because it provides the opportunity to inspect and adapt. This is my weekly post about th...
Measure the Duration of a MIM Workflow
Investigating systems seems to be a game of asking questions then trying to get data to answer those questions.
Use PowerShell to Switch API preference for Log Alerts
This post has script snippets to follow the steps in Switch API preference for Log Alerts.
Switch API preference for Log Alerts
We use Azure Alert Rules quite a bit and have an old Log Analytics Workspace. I read the article for how to Switch API preference for Log Alerts and was exc...
Weekly Retro - April 3
So Retro My favorite ceremony in scrum is the sprint retrospective because it provides the opportunity to inspect and adapt. This is my weekly post about th...
Using PowerShell DSC to Set SharePoint ViewState
Been working on using DSC to install MIM and been wanting to use as much of the SharePointDsc PowerShell DSC resource module as possible.
Weekly Retro - March 27
So Retro My favorite ceremony in scrum is the sprint retrospective because it provides the opportunity to inspect and adapt. I’m going to start posting week...
How to Disable Azure Disk Encryption
There are a couple scanarios where I need to take an Azure Disk from a VM in one subscription and copy it to another subscription. When the disk is encrypte...
Using Lithnet RMA to Create a MIM Person
Most of the time MIM gets Person objects created by the Synchronization Service, but sometimes it is useful to create them directly in the MIM Service, for e...
Sign in to Windows VMs in Azure using Azure AD authentication
Joining servers to domains is something I’ve just done for decades. It’s obvious everything is moving to the cloud but I’m tickled by this:
Constructing the DN for the Azure AD Connector
Searching a for a Connector Space Object in an Active Directory connector is pretty simple because you can search by: Distinguished Name Relative Distin...
Disconnecting an AAD Connect Object
The synchronization engine uses joins to enable rules on connected objects. AAD Connect removed the ability to disconnect joined objects, and it has been as...
Schannel Event ID 36887 - fatal alert was received: 46
Did battle with this event log error recently. It turned out to be an IIS binding configuration where Server Name Indication (SNI) was turned off. Since SN...
Using LithnetRMA to Update MIM Group Membership
Today I needed to reproduce a Microsoft Identity Manager (MIM) workflow issue when users were added to groups. My tolerance for doing it in the MIM Portal w...
Who Can Reset My Active Directory Password?
Needed to figure out who was able to reset a specific Active Directory user password and turned to ldp.exe but wanted to try using PowerShell to reduce the c...
Adding Structured Data to Event Log Items
Ever want to store data while automating stuff? Often I need to store something but like to avoid writing files or introducing storage systems if I can avoid...
AAD Connect - ADSync Module Support for Remote PowerShell
Lately I’ve been having a blast replacing WMI calls with commands from the AAD Connect ADSync PowerShell module. I hit an issue using the ADSync module with...
Azure AD Connect Global Settings
Sync deployments always have some configuration settings hanging around, and usually end up in XML files somewhere on the computer running the synchronizatio...
Using a Names API to Create Test AD Users
Found this cool little API that provides names, made for a nice and quick little script to throw a bunch of test users into a test Active Directory domain.
Azure AD Connect sync: Get-ADSyncConnectorStatistics
WMI gets deprecated in AAD Connect so I am working on updating some AAD Connect scripts to instead use the ADSync PowerShell module. The existing scripts pr...
AAD Connect - Big Money No WMI!
For years we’ve enjoyed access to sync functionality via WMI (pronounced ‘Whammy’), all the way back to MIIS. The Windows Management Infrastructure provider ...
MIMDSC - Desired State Configuration Module for Microsoft Identity Manager
Over the years I’ve automated deployments for MIM using a variety of methods but fell in love with Desired State Configuration enough to apply it to MIM. DSC...
Good To Be Back!
Ah it’s good to be back. In the past few years I’ve taken a some career adventures (going from consulting back to Microsoft, working as a developer in secur...
Get-ADGroupMember Forgot My Contacts
Working on a script to copy groups and members from one forest to another, and was so happy with the Get-ADGroupMember cmdlet but ran into an issue that mean...
Get-ADGroupMember Forgot My Contacts
One of the first challenges I ran into with PowerShell Desired State Configuration (DSC) custom resources was the security context in which the custom resour...