We are releasing version 1.7 of the Workflow Activity Walkthrough under the same link as before. The update includes some clarifications to which Microsoft.IdentityManagement.arp document you should be editing and a fix to the
Please continue to provide feedback in the ILM 2 Connect forum, or if you'd like to contact us directly, our email addresses are now listed within the document.
Ensynch is announcing the release of the first in a series of whitepapers featuring new technologies expected in ILM 2. This particular whitepaper details the process of building and adding a custom WF activity to the ILM 2 Beta 3 portal and was written by Ensynch's Paul Divan, Solutions Architect for the Application Lifecycle Management practice.
In addition to the walkthrough itself, are the project files you will need to complete the walkthrough as well as a sample diagnostic WF activity that will allow you to debug a WF Request object and dump the WorkflowData dictionary to see what is happening within your sequential flow at each step.
The files can be found on the Ensynch IDA Practice page here:
Ensynch Identity & Access Management (IDA) home page
Direct links to the files can be found here:
Stay tuned for future releases and updates once RC0 hits.
One of the more frustrating things about testing things that involve a cache is that you're either waiting for the cache to timeout to see your changes take effect or you're constantly forcing the cache to reinitialize so you can see the changes right away. It's this impatience that drives us to find better ways to do better - we want instant gratification after all! With ILM 2 we have just such a situation where you will find yourself running IISRESET to see your changes enacted. Here is why - the portal refreshes its configuration every 10 minutes (600 seconds) by default. Can you change this you might ask, why certainly! Here is how you go about it:
There are three cache values you can tweak here:
| Attribute | Default | Description |
| Cache Time | 600 | This value controls how often the portal configuration is refreshed |
| Count Cache Time | 60 | This value controls how often the count elements (My Approvals (2)) are refreshed |
| User Cache Time | 600 | This value controls how long the UI user data will stay on the cache before it expires |
Setting Cache Time to say, 15 or 30 seconds would speed up how often the configuration object refreshes and absolve you from having to do a full IISRESET every time you make a configuration change! I'm honestly not certain what the User Cache Time setting does as it is a bit ambiguous.
Now, since Beta 3 doesn't involve AJAX or Silverlight, you will have to manually refresh the page, but you will not need to do the reset. I sincerely hope that the Product Group takes our advice (and the advice of others) and implements AJAX at least on these pages to remove the unattractive page refreshes necessary. I would also like to point out that it is far too early to tell what long term performance impacts changing these setting might have, so I would restrict making this change to your DEV and QA environment only; leave Production at the default to play it safe.
So, I've been diving into the Portal Configuration walk through and trying different things and I thought I'd stop and publish a few notes.
There are several areas of the portal than you can add or remove links to and tweak slightly which are outlined in the following illustration:
The sections are as follows:
I think to break outside of this mold you really have to resort to editing the SharePoint Master Page (ilm3.master currently) for the site but there is currently a bug affecting editing and display of the page in SharePoint Designer; otherwise you are stuck adding links and some of the graphics.
After working with Codeless Provisioning for any length of time you quickly get tired of going through the Administration link to get to the Synchronization Rules, so here is a quick rundown on how to add it to your Navigation Bar:
Once you begin to extend the schema and add your own object types you'll likely want to be able to access them via the Administrative Settings sidebar. Here is a quick rundown on how to add them to the Home Page Region 2:
You can use the All Resources page to copy the URL needed by selecting your custom object type and then copying the URL but don't forget to strip off the http://
As I said, the real interesting bits are tucked away inside the Search Scopes and as soon as I can work out one or two more issues I'll post what I've discovered.
[EDIT: 9/17/08] Corrected information regarding Region 2, adding content regarding Region 3 & 4 and updated graphic.
[EDIT:11/11/08] Updated CustomizedObjects URL to be compatible with RC0
Today Microsoft entered the realm of social bookmarking by extending TechNet, MSDN, and Expression sites to have more social interaction by allowing you to search across bookmarks that you and others have added. This actually makes the search process much more rewarding since I can filter my search by tags and I can scope tags by specific time frames allowing me to find fresher content.
Check out the following "How To" videos on social bookmarking within TechNet and MSDN:
Video: MSDN & TechNet Social Bookmarking: How To, Part 1
Video: MSDN & TechNet Social Bookmarking: How To, Part 2
If you have questions, you can check out the Social Bookmarks Discussion Forums to post questions. Enjoy!
Microsoft is running a huge promotion through the partner channel right now concerning up to 50% savings if you purchase ILM 2007 User CAL's with Software Assurance! The SA rights have been upgraded to include future use of the "added features" in the ILM "2" product. So, if you're betting that the pricing will increase when ILM "2" launches next year then this is a deal you really can't afford to pass up. Even if the pricing stays the same you still make out due to the added discounts and I don't think anyone expects that Microsoft would actually reduce the pricing while adding new functionality!
Now, as for the number of licenses you'll need here it's not entirely clear but there are three ways to approach this from a purely hypothetical perspective:
So, don't wait until it's too late or you will be behind by another budget cycle so get moving!
This promotion ends on March 31st, 2009 which is also a good indicator for when ILM "2" may be targeted to ship. If you'd like more information on purchasing the CALs at the discounted rate, contact me directly through the "Email the Author" link below. For more information on how ILM 2007 is currently licensed check out the Microsoft Identity Lifecycle Manager 2007 How to Buy page.
If you attended my DEC 2008 session on "Designing an Identity Management Portal" you would have seen some slides like so referring to the evolution of IDA skill sets:
We talked briefly about how the ILM "2" product added a few more bubbles to the list of things we needed to learn. Mark's post goes into real depth on the following bubble:
Specifically, Mark talks about resources for understanding and learning the WF & WCF dimensions of this increasingly more complex evolving equation. Enjoy, it's a great read, and don't stop there, Mark's other posts are equally informative!
In the ILM 2 Portal there are a number of Core or required attribute bindings that should not remove from the default Person (User) or Group object types. Here is a simple filter you can use to find all Required attribute bindings:
Remember to select Bindings when in Schema Management as the Required bit is relative to the binding itself, not the actual attribute. To find core attributes for just the object type you are looking for you'll need another clause in your filter definition for Groups:
...and for Person (User):
Yes, depending on where you are looking, the Person object type will show up as User.
So, we got hit by this one today with the following configuration:
The following symptoms were evident:
David Lundell found the referenced article and we applied the recommended registry fix to add the host headers to the BackConnectHostNames entry. What was really a pain was that we'd make the fix, run an IISReset like the KB Article suggests and it would remain broken for another 30 or so minutes and then mysteriously start working. Consequently, trying to validate that the registry entry fixed the problem by backing out the change resulted in the same mysterious circumstances - at first it would continue to work (even after the IISReset) and then sometime afterwards fail. The referenced blog article wisely recommends a full reboot and after following that advice we can confirm that the fix does in fact resolve the issue.
Musings on Reporting Services and Notification Services : Reporting Services HTTP 401 (Unauthorized)