0
Under review
Bob Bradley 1 year ago • updated 4 weeks ago 4

When a FIM Event Broker configuration includes an incoming operation list for the WAAD (OOTB Windows Azure AD) connector, a check operation is required which can be used to poll AAD for changes.

Answer

+1
Answer
Under review

Added to backlog. In the meantime this can be achieved using the PowerShell operation.

+1
Answer
Under review

Added to backlog. In the meantime this can be achieved using the PowerShell operation.

Adam - I'd love a tutorial on how to write change detectors for EvB in PowerShell, after which time (given my PowerShell experience) I am sure I could write one.  The things I am not familiar with:

  1. Invoking the O365 REST API with the same parameters as the O365 Broker connector
  2. Persisting cookies and/or tokens in Event Broker for a subsequent Operation List execution
  3. Persisting them in file format if #2 isn't an option

However, the WAAD connector has since been deprecated by Microsoft, so this specific use case is no longer valid.

Other use cases which might be appropriate would be sites which have EvB but don't have IdB to connect to Azure. I imagine that wouldn't warrant building anything in advance of a need - but the know-how would be wonderful.

  1. Let me know if the MS documentation doesn't explain it, from memory we are just using the sample code (or very close to it)
  2. It's the responsibility of the script to do this (no mechanism is provided to the script, e.g. Identity Broker stored values collection)
  3. Yes

I can't see WAAD disappearing any time soon as graph is no where near parity - MS appear to be focusing solely on adding in new services and not fixing up existing ones.

Thanks - on the last point, see here, in particular:

Q: What about the Azure AD Connector for FIM/MIM?
The Azure AD Connector for FIM/MIM has not been announced as deprecated. It is at feature freeze; no new functionality is added and it receives no bug fixes. Microsoft recommends customers using it to plan to move from it to Azure AD Connect. It is strongly recommended to not start any new deployments using it. This Connector will be announced deprecated in the future.

There is also this comparison.  We knew as far back as early last year that the WAAD connector for FIM/MIM was being deprecated in favour of AAD Connect, and indeed this was a key driver for QBE to move off MIM for one of their 2 sync services.  This page implies that certain features will not be supported via FIM/MIM - which does not actually rule out a lot of use cases.  I am surprised they are not reinforcing the first message here - can only presume there was a bit of backlash about the deprecation advice ... but it will be deprecated.