A hotfix rollup package (build 4.0.3627.2) is available for Microsoft Forefront Identity Manager (FIM) 2010. This hotfix rollup package resolves some issues and adds some features that are described in the "More Information" section.
This version of Forefront Identity Manager is affected by the issue that is described in Microsoft Security Advisory 2749655. In this issue, the digital signature on files that are produced and signed by Microsoft will expire prematurely. To resolve the issue for Forefront Identity Manager, install hotfix 2750673.
Component update packages
The following table contains the component update packages that are available for download from Microsoft Support.
To apply this update, you must have Forefront Identity Manager 2010 build 4.0.2592.0 or a later build installed.
You must restart the computer after you apply this update. Additionally, you may have to restart the server components.
This update replaces the following updates:
2688078 A hotfix rollup package (build 4.0.3617.2) is available for Forefront Identity Manager 2010
2635086 Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010
2520954 A hotfix rollup package (build 4.0.3594.2) is available for Forefront Identity Manager 2010
2502631 A hotfix rollup package (build 4.0.3576.2) is available for Forefront Identity Manager 2010
2417774 A hotfix rollup package (build 4.0.3573.2) is available for Forefront Identity Manager 2010
2272389 A hotfix rollup package (build 4.0.3558.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
2028634 A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
978864 Update Package 1 for Microsoft Forefront Identity Manager (FIM) 2010
The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Issues that are fixed or features that are added in this update
Fixed issues in FIM Synchronization Service
The ExchangeUtils:CreateMailbox method requires administrator permissions in Active Directory when the logon SID for an account is provided to the method.
When equal precedence is set on an attribute and a management agent's delta import encounters changes for an object multiple times during the same run, the management agent incorrectly blocks synchronization of the combined changes to the metaverse.
FIM synchronization cannot de-provision user objects in Active Directory when Microsoft Exchange Server has added Active Sync devices.
A management agent that has a large dataset reports "0 is not a valid DN depth" at the end of a full import when the agent processes object obsoletion.
Fixed issues and new features in FIM Service MA
When the Microsoft .NET Framework 4.0 is installed on a computer that is running FIM Sync Engine, FIM MA creation and configuration may fail.
Additional logging is added to the Application log if a nonrecoverable exception is thrown in the FIM MA. This was done to provide better diagnostics for stopped-server errors.
New features in Sets and Query
Adds support to configure the Query and Sets features to treat underscores as literals instead of as SQL wildcard characters.
To enable this feature, the site administrator has to change the Web.config file to include the TreatUnderscoresAsLiterals key at the following location: