FIM 2010 R2 – Web-Based Password Reset, Part 2

Web-Based Password Reset is not just about writing a web client in ASP.NET. I mentioned that a few times when talking to different people. Everyone can do that by writing their own WCF client. If reverse engineering the FIM WebService protocol is too hard, there is the open source client supported by the community. In…


FIM 2010 R2 – Web-Based Password Reset, Part 1

I am very excited to let everyone knows that FIM 2010 R2 Beta has released featuring Web-Based Password Reset. How to download FIM 2010 R2 Beta Go here. Answer the survey questions and Submit. This auto-approves you for the Beta connection. Click the Downloads link in the left column. Click the FIM 2010 R2 Beta…


RunAs in FIM 2010

Often times, I come across the question How can I write some code to do something as another user in FIM 2010? Generally I see two different answers: Impersonate the other user Set the ActorId to the user So which one is correct? In fact, both can be correct, depending on what you are trying…


FIM 2010 Self-Service Password Reset Now Supports All Domain Password Policies

I am excited to announce that FIM 2010 Self-Service Password Reset now supports all domain password policies.  It was a joint effort between the Windows Active Directory and FIM development teams to provide this new functionality. Details of this change can be found in


Troubleshooting FIMService / FIMPortal / Password Reset Client

FIM is a complex product. Once a while, I find myself just clueless why something does not work. I have the advantage of having access to the source code and be able to debug. Attaching a debugger isn’t a 5-second task and very often the answer is actually in the log. In this blog post,…


How Does Lockout Gate Work

I am back! I haven’t forgotten you all. I was just busying with RTM Update 1 which is now live on Microsoft Update. In Forefront Identity Manager – Credential Management, Part 2, i talked about what Lockout Gate is capable of doing and in the Password Reset Deployment Guide, it mentions if you put the…


Self-Service Password Reset to Non-Active Directory System

Background: I often come across two types of questions in both internal and external channels How can I leverage SSPR and reset a password for a non-AD account (e.g. MSSQL, HR or .NET Passport)? How can I implement password filters but do so in FIM instead of AD? For #1, PCNS together with FIM Synchronization…


Custom Credential Provider for Password Reset

The credential provider for Password Reset is fairly simply and straight forward. Since I have joined the team, there is very little code change in that area. Recently, we decided to fix some minor known bug in the credential provider (CP) and I realized I don’t know too much about how CP works. So I …


Forefront Identity Manager – Credential Management, Part 4

This post talks about how client interacts with the server during the course of Self-Service Password Reset Registration and Reset. Majority of the information can be found from either client-side or server-side log. The implementation is subjected to change. If you were to develop a custom SSPR client based on the information below, please make…