Month: May 2016

Finding your Bitlocker Recovery Key in Azure AD

When you Azure AD join your device and activate Bitlocker, you get the option to store the Recovery Key in Azure AD.

If you ever wonder where to find them, they are all available from the Details Window for your registered devices in the Azure AD Management Portal.

A few easy steps to get there

  1. Open Azure AD in the Management Portal
  2. Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
  3. Go to the Devices tab, and in the View box, select Devices.
  4. Select the affected device, and click View Details.
    All registered keys should be visible




Joining objects in MIM when you have to calculate the matching attributes

Had a case this other day where we where unable to get a unique identifier from the different source systems, and all of these where to enter the same Windows AD.

The case

We have multiple countries with the same HR system each (Same system, but different databases). In all countries’ databases, the employee number stated on 10001. To solve this, we chose to prefix the employee number upon import. This isn’t a big deal, but it’s a bit more tricky when we need to make sure that a join is successful.


Not that tricky, but it takes time if you don’t know where to start, right?

As we have chosen to use Employee ID as the linked attribute, we decided to use this attribute for joining also. Why make it more complicated than we need to?

To begin, create a Management Agent Extension, and add the following Join rules there

void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
    switch (FlowRuleName)
        case "JoinEmployeeID":
            if ((csentry["employeeID"] != null) || (csentry["employeeID"].StringValue != ""))
                String emloyeeIdWithPrefix = "NO" + csentry["employeeID"].StringValue;
                throw new Exception(String.Format("EmployeeID can't be blank!"));
            throw new EntryPointNotImplementedException();

Then configure the following join rules on the Management Agent

Data Source Object Type Join Project Comment
Person Yes Yes
Mapping Group Action Metaverse Object Type Resolution
1 Join Person No
Data Source Attribute Mapping Type Metaverse Attribute Comment
employeeID Rules Extension – JoinEmployeeID employeeID See join extension rule
Use rules extension to resolve False

Thanks, and hope this could help someone else also 🙂