Upgrading Identity Lifecycle Manager 2007 to Forefront Identity Manager 2010

Code: 50383
Course duration: 4 days

50383: Upgrading Identity Lifecycle Manager 2007 to Forefront Identity Manager 2010 (4 Days)

About this Course

This four-day instructor-led course equips participants already acquainted with Microsoft Identity Lifecycle Manager 2007 (ILM) with the additional knowledge and skills they need to plan for a Microsoft Forefront Identity Manager 2010 (FIM) deployment.

Audience Profile

This course is intended for Systems Engineers, Developers, or Architects who need to gain a good understanding of how Forefront Identity Manager 2010 can be applied to manage identity information across a number of directories or databases.

At Course Completion

After completing this course, students will be able to:

  • Understand FIM concepts and components.
  • Understand the scenarios for which FIM is appropriate.
  • Manage users, groups, policy, and credentials through the FIM Portal.
  • Synchronize identity data between the FIM Portal and other systems such as Active Directory.
  • Incorporate other data sources such as HR feeds.
  • Understand the issues involved in loading existing data (initial load and disaster recovery).
  • Understand the technical architecture of FIM.
  • Configure security for different levels of user.
  • Extend the schema to incorporate new objects and attributes.
  • Modify the interface, including look and feel, new or modified forms, and navigation.
  • Understand the features, tools, and issues that will be important when operating, auditing, and troubleshooting FIM in a production environment.
  • Incorporate custom workflows.

Course Outline

Module 1: Introducing Microsoft Forefront Identity Manager 2010

This module provides a tour of many of the built-in features of FIM explored through the user experience. It explores with the FIM interface and high level architecture, and covers the business need that FIM addresses.


  • Lesson 1: Introducing FIM
  • Lesson 2: The User Management and User Experience
  • Lesson 3: Group Management

Lab : The User Management and User ExperienceLab : Simple Group Management

  • Exercise 1: Log on and take a look at the environment
  • Exercise 2: Create a contractor
  • Exercise 3: Edit your new user, and try logging on
  • Exercise 4: Add another user and see different permissions being applied

After completing this module, students will be able to:

  • Understand the additional identity management requirements that FIM addresses (as compared to ILM 2007).
  • Understand the very high level architecture of FIM.
  • Operate FIM as a user, understanding the high level functionality.

Module 2: Key Concepts

This module introduces and explores the key concepts: sets, activities, workflows and policies, how permissions are granted, how workflows are triggered, and different types of workflow.


  • Lesson 1: Policies, Sets, Workflows – Concepts, Design Philosophy
  • Lesson 2: Policies – Permission-granting (Only) MPRs
  • Lesson 3: Workflow MPRs

Lab : Permission-granting MPRs

  • Exercise 1: A look at a permission-granting MPR and some sets
  • Exercise 2: Permission-granting MPRs for self-service
  • Exercise 3: Make some changes to permission-granting MPRs

Lab : Workflow MPRs

  • Exercise 1: Examine some workflows
  • Exercise 2: Examine some other MPRs
  • Exercise 3: Modify a workflow MPR
  • Exercise 4: Work out who can remove whom from groups

After completing this module, students will be able to:

  • Understand how sets, workflows, and management policy rules (MPRs) are used to manage requests.
  • Make simple modifications to permissions and other MPR features.

Module 3: User and Group Management

This module provides detailed coverage of users and groups, including data entry; interesting attributes; different types of groups; group expiration, renewal, and ownership; the relationship with groups in Active Directory and other systems; and limitations.


  • Lesson 1: Users and the Portal
  • Lesson 2: Groups and the Portal

Lab : More About Users

  • Exercise 1: Examine the attributes of a user accoun

Lab : More About Groups

  • Exercise 1: Groups calculated on other groups

After completing this module, students will be able to:

  • Manage users in the FIM Portal, including sources of user objects, entering data, searching, and attributes, etc.
  • Manage groups in the FIM Portal, including the different types of groups and how they relate to Active Directory.
  • Understand the part that MPRs play in managing users and groups.

Module 4: Synchronizing Objects That Originate in the FIM Portal

This module begins with a reminder of how synchronization works in ILM 2007. Then it covers how FIM can be used to provision, manage, and deprovision AD and other sources; how FIM attributes authority and precedence; how to create codeless outbound inbound rules; and the coexistence of classic and codeless rules.


  • Lesson 1: Declarative Synchronization Rules Overview
  • Lesson 2: Outbound Declarative Sync Rules
  • Lesson 3: Inbound Synchronization
  • Lesson 4: Managing Active Directory without Code

Lab : Outbound Synchronization

  • Exercise 1: Investigate AD provisioning
  • Exercise 2: Investigate the AD outbound synchronization rule
  • Exercise 3: Add another outbound flow to AD

Lab : Inbound Synchronization

  • Exercise 1: Investigate and modify inbound synchronization

Lab : Managing Active Directory Without Code

  • Exercise 1: Make the DNs depend on department
  • Exercise 2: Enabling/disabling/deprovisioning an AD account according to user status
  • Exercise 3 (Optional interactive): Use an additional rule for disabling accounts

Lab : Adding and Provisioning a New Source

  • Exercise 1: Creating a New Source and Provisioning it with Accounts

After completing this module, students will be able to:

  • Understand the benefits and limitations of synchronization rules (versus “classic” rules).
  • Implement inbound and outbound synchronization rules.
  • Configure synchronization rules to manage Active Directory.

Module 5: Synchronizing Objects Originating in Other Systems

In this module synchronization is further explored, including the various scenarios in which FIM can be used; sources that are authoritative for objects, such as HR Feeds; the inclusion of sources that are not authoritative for objects, such as telephone systems; data discovery issues such as joining and data cleansing; and disaster recovery issues.


  • Lesson 1: Scenarios
  • Lesson 2: Incorporating Objects from Another Source
  • Lesson 3: Non-authoritative Sources and Initial Loads

Lab : Incorporate HR Data

  • Exercise 1: Importing the employees and creating user accounts for them in the FIM portal
  • Exercise 2: Create and import an inbound sync rule for the HR Data
  • Exercise 3: Configure the outbound flow and synchronize
  • Exercise 4: Final configuration of precedence, etc.

Lab : Cleanse and Join Existing Data

  • Exercise 1: Telephone data

After completing this module, students will be able to:

  • Understand the scenarios that involve inclusion in or migration to the FIM Portal.
  • Configure FIM for load and migration of existing data.
  • Respond appropriately to joining and data cleansing challenges.

Module 6: Managing Credentials with FIM

This module deals with password issues: password reset and the relationship with ILM 2007 password management and synchronization.


  • Lesson 1: FIM Password Management
  • Lesson 2: Password Self-service Reset
  • Lesson 3: Synchronizing Passwords – PCNS
  • Lesson 4: FIM Certificate Management

Lab : Password Self-service

  • Exercise 1: Verify and modify the environment
  • Exercise 2: Modify the configuration for password registration and reset
  • Exercise 3: Testing password registration and reset
  • Exercise 4: Configuring password reset lockout

Lab : Configuring PCNS

  • Exercise 1: Configuring PCNS

After completing this module, students will be able to:

  • Configure self-service password reset (and lockout) for chosen portal users.
  • Configure password synchronization across systems.
  • Identity where Certificate Management might be appropriate.

Module 7: Architecture, Installation, and Deployment

This module covers simple installation, in addition to likely production topologies, how to scale it, and other considerations (such as upgrade and migration).


  • Lesson 1: Architecture
  • Lesson 2: Synchronization Service: Changes Since ILM 2007
  • Lesson 3: FIM Installation
  • Lesson 4: Deployment Topologies

After completing this module, students will be able to:

  • Understand the architecture of FIM and the new features that have been added to the synchronization engine.
  • Understand how FIM is installed, and the various possible topologies.

Module 8: Portal Configuration and Schema Model

This module covers interface configuration, including look and feel and navigation. The portal schema model is also considered: objects, attributes, bindings and validations; use of XPath and search scopes; usage keywords; localization, etc.; how to extend the schema; and the relationship with the metaverse schema.


  • Lesson 1: Portal Configuration Basics
  • Lesson 2: Visualizing Resources
  • Lesson 3: Resource Types, Attributes, and Bindings
  • Lesson 4: Typical Steps for Extending Schema

Lab : Portal Customization

  • Exercise 1: Portal branding

Lab : Extending the Schema

  • Exercise 1: Add a new customer resource type
  • Exercise 2: New sets
  • Exercise 3: Create a search scope for customers
  • Exercise 4: Create RCDCs and navigation bar links
  • Exercise 5: Import the new resources to the metaverse
  • Exercise 6: Provision customers into AD as contacts
  • Exercise 7 (Optional interactive): Additional features

After completing this module, students will be able to:

  • Configure the portal, including home page, navigation bar, and search scopes.
  • Configure the visualization of resources such as users and groups.
  • Extend the schema to include new attributes, and new resource types.

Module 9: Operation, Monitoring, and Troubleshooting

This module looks at all the sources of information in FIM, including: ILM 2007 features (MV and CS search, event log, operations tool, etc.); managing requests and approvals; and auditing and reporting. Then it covers operational issues such as managing run cycles, backup procedures, monitoring activity, etc.


  • Lesson 1: Operations
  • Lesson 2: Managing MPRs and Requests
  • Lesson 3: Other Sources of Information

Lab : Examining the Cmdlets

  • Exercise 1: Export data
  • Exercise 2: Compare data states

Lab : Examining Requests

  • Exercise 1: Examine the requests concerning group membership changes
  • Exercise 2: Construct and use a search scope to examine requests falling in a time period

After completing this module, students will be able to:

  • Use the additional features of FIM (versus ILM 2007) for operation, monitoring, and troubleshooting.
  • Manage and troubleshoot requests.
  • Use Windows PowerShell cmdlets for exporting and importing FIM Portal configuration.

Module 10: More Complex Workflows and MPRs

This module covers more complex workflows using functions and parameters, temporal (time-based) events, expiration, notification, and delayed actions. It examines Windows Workflow Foundation workflows and how to import them.


  • Lesson 1: Time-based MPRs
  • Lesson 2: Workflow Functions and Parameters
  • Lesson 3: Custom Workflow Activities

Lab : Time-based MPRs

  • Exercise 1: Time-based features

Lab : Using Functions and Parameters

  • Exercise 1: Random password generation and notification
  • Exercise 2: Generate attribute values

Lab : Developing a Custom Workflow Activity

  • Exercise 1: Calling a simple WF activity from FIM
  • Exercise 2: Add pre-built activities to your custom activity
  • Exercise 3: Install a fully integrated custom activity

After completing this module, students will be able to:

  • Create and manage time-based groups, sets, and MPRs.
  • Create and use workflow parameters.
  • Import workflow activities.
  • Create a simple workflow activity.

Before attending this course, students must have:

  • Good working knowledge of ILM 2007 or Microsoft Identity Integration Server 2003 (MIIS) (equivalent to having attended Microsoft Learning Course 2731A: Deploying and Managing Microsoft Identity Integration Server 2003, and then being involved in an implementation).
  • A sound understanding of the purpose and workings of Active Directory.
  • A sound understanding of the purpose and workings of Microsoft Exchange Server.
  • A sound understanding of the purpose and workings of Microsoft SQL Server.

Guaranteed to Run

2018-03-20 09:00 to 2018-03-23 17:00
Palm Beach County Florida (Instructor-Led)
2018-03-19 09:00 to 2018-03-23 17:00
Secaucus, New Jersey (Virtual Instructor-Led)
2018-03-01 09:00 to 2018-03-02 17:00
Palm Beach County Florida (Instructor-Led)

Course Reviews

No reviews found for this course.

Be the first to write a review