Friday, October 8, 2010

Passed exam 70-432 (Microsoft SQL Server 2008, Implementation and Maintenance)

I passed Microsoft exam 70-432 this week (Microsoft SQL Server 2008, Implementation and Maintenance). With only 40 questions it was a pretty short exam.
If you're going to be taking this exam prepare for a big focus on database security. In my exam there weren't many questions about high availablity solutions like clustering, database-mirroring or logshipping. (Sections that I'm personally more interesting in). Many questions were security related or involed backup and recovery.
And last but not least the exam contained some tricky questions about managing and maintaining SQL Server 2008 using T-SQL statements, so be sure to have some experience on that before taking the exam.


Wednesday, October 6, 2010

First book on FIM 2010

Recently the first book about Forefront Identity Manager 2010 (that’s not primarily about certificate management) has been released. One of the authors of the book is Microsoft MVP David Lundell. The book is the first in a series of volumes and is titled “FIM Best Practices Volume 1”.
I can advise anyone who wants to get to know the basics of FIM to read the book. It’s a very easy to read, pocket-size book. Although the book is an introduction, it’s also very valuable for people that already have FIM experience from the field.
You can read about the latest release of the book here: http://blog.ilmbestpractices.com/2010/09/errata-and-updates-to-fim-best.html
The book can be ordered through lulu.com

Tuesday, October 5, 2010

Forefront Identity Manager 2010 and provisioning userfolders

As you might know Forefront Identity Manager 2010 (FIM) can be used to provision objects to lots different platforms. For synchronization to those different platforms FIM uses management agents. FIM 2010 comes with some management out of the box (see http://technet.microsoft.com/en-us/library/ff608275(WS.10).aspx). In case the platform you want to synchronize against isn’t listed (or in case it’s not fully satisfying your needs) FIM supports so called Extensible Connectivity Management Agent (ECMA). Using an ECMA you can use your own piece of code (ie C# or VB) to do the actual provisioning.
For example an ECMA can be used to provision userfolders (ie. Homedrive- and profile-folders. I’ve written an ECMA that provisions those folders (homedrive and profile) on a DFS share using C#. Of course the service account that FIM uses when provisioning needs the necessary rights on the share to actually create the folder. As we all know users need special permissions on their profilefolder. I used C# to actually give the useraccount in question the appropriate NTFS permission. Furthermore a user needs to be the owner of his profilefolder to actually make the roaming profile work. But, only administrative permissions are allowed to transfer ownership, and since we don’t want to give our FIM service account that much permissions we need another solution.
For the service account to be able to transfer the ownership you need to hand out the following privilege: “Restore files and directories” on the fileserver(s) in question. The best way to do this would be by making use of a GPO. This is where you can find the settings:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
For more information see about the privilege see also: http://msdn.microsoft.com/en-us/library/ms813998.aspx

Welcome to my blog!

Hi Everyone,

In this blog I will share my experience with Microsoft products that I work with. I'm a senior infrastructure engineer focused on the Microsoft platform. The Microsoft products that I'm specifically interested in and will mostly talk about in this blog are in the range of Remote Desktop Services, Forefront Identity Management, Group Policy and besides that the Microsoft platform in general.

Hope you enjoy reading it!

Freek Berson