Following on from Brian’s last post about The Experts Conference, I also wanted to share my experience with the conference and talk about a session that Markus Vilcinskas and I delivered.
- The Experts Conference for Directory and Identity
- The Experts Conference for Exchange
What I love most about this conference are the people that I meet and the experiences that they have to share, both on stage and off. Not only is the conference well attended by the Microsoft Product Teams that are building the technology the conference is focused on, but they are also well attended by our partner community, both ISVs and SIs, and as such is a great opportunity to get together with the people that do the same thing you do and share stories and experiences. My friend Craig Martin talked about this a little during his “ILM 2 Migration Strategies” session this year and compared TEC to the place where the bumble-bee girl finds happiness in the Blind Mellon video for their song “No Rain”. In the video, a little girl finds herself estranged from everyone else because she went around wearing a bumble-bee costume, but finally found her bliss in a place where everyone wears bumble-bee costumes. This hit it on the head for me. In my “normal life”, nobody really wants to hear about the trials and tribulations of Enterprise Identity and Access Management. Of course they do ask, but the deer-in-the-headlights stare quickly makes it evident that they were hoping for a more generic answer. However, at TEC, people do care and we all have stories to share with each other. These experiences help us grow both in our professional and our personal lives, as the connections made at these events lead to friendships as well as a larger networking circle.
While the conference is very serious in its purpose of providing highly technical content to its constituents, there is also a lot of fun to be had. This year included a large chicken making its way around the conference, making for fun photo-ops. Also, every year there is a challenge presented by Stuart Kwan called the Wook Lee Challenge (now called the Wook Lee Memorial Challenge as Wook has failed to make the past few events). Each year, Stuart throws out some suggestions for how to incorporate Microsoft’s IDA technology into some humorous and artistic endeavor (poetry, music, art). For some examples, check out these links:
2009 Winner (From YouTube)
Well… enough about that and on to the session that Markus and I delivered. Markus and I have presented together at the last 4 events and I’ve had a lot of fun in the process. Markus is deeply technical, being one of the longest standing members of the ILM Product Team and he has a great sense of humor, which definitely comes through in his presentation style. The session was a 300/400 level session on Declarative Provisioning (formerly called Codeless Provisioning) in Forefront Identity Manager 2010. This session was a deep dive into how Declarative Provisioning works, which includes a bunch of new acronyms (we Micropeeps love our acronyms!). In the session we explained in detail how the following work and interact with each other:
o Management Policy Rules (MPRs)
o Action Workflows (AWs)
o Synchronization Rule Objects (SROs)
o Inbound Sync Rules (ISRs)
o Outbound Sync Rules (OSRs)
o Expected Rules Lists (ERLs)
o Expected Rules Entries (EREs)
o Detected Rules Lists (DRLs)
o Detected Rules Entries (DREs)
In addition to giving a deep dive into how Declarative Provisioning works, we also introduced a problem space called “Object State Detection” (OSD). Object State Detection is a new feature in FIM 2010 that enables you to document and detect specific states of an object in a connected data source and to take action based on them, allowing rules to be processed based on confirmation of the detected state. In our presentation we used as an example the states of “Enabled AD User” and “Disabled AD User” and demonstrated how to configure the system to send email notifications to a user’s manager when their state was manually changed in the connected system (in this case AD). This scenario implements something Markus and I termed an “Operational Outbound Sync Rule”, whose purpose is simply to define the state of the object, via an Existence Test, that you are looking to perform actions on. Operational OSRs do not actually result in the flow of data to the connected data source because they are not linked to an Action Workflow; their only purpose is to define the Existence Test that will be evaluated during Inbound Synchronization in the FIM Synchronization Service. Note: OSRs that are configured with Existence Tests are processed at the end of an Inbound Synchronization process (in the FIM Synchronization Service) for the purpose of generating DREs. This concept can be applied to any type of state that can be detected via an FIM MA. Some other examples of states that you might be interested in managing via OSD:
- Account exists in system X (perhaps a finance application under SOX scrutiny?)
- AD User is Mailbox Enabled
- AD User is OCS Enabled
- RACF User has TSO Access
The session was well received and is available here for you to review. This deck was not the deck used at TEC, but is a revised version that we used to present the content internally, and as such has a little more content.
Thanks for taking the time to visit The IDA Guys blog. If you have any questions, feel free to post them and I’ll do my best to get back to you shortly.