Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

(Page 1) | 2 | 3 | .... | 202 | newer

    0 0

    I know I am forgetting something obvious - however... I have a sync rule for flowing attributes from FIM to AD and in the list of attributes to flow to (Destination) I don't see the generational qualifier.  However I've added that mapping within the FIM MA attribute mapping.  What am I forgetting? How do I get a broader set of AD attributes to appear in the destination attribute drop-down list?

    0 0


    Im trying to create an MPR to enable managers to create users, but They cant see the New user button.

    Any ideas?

    0 0

    Hello All,

    is there any max limit of members within a Security Group in the FIM Portal ?

    I experienced the problem within a group with about 400 members.

    The members tab is not opening by clicking on it. Groups with less members are no problem.

    It this general an overall performance case?

    Any ideas, where I need to check the settings?

    Regards Fatih

    0 0


    I'am starting use Powershell Management Agent but i'am a little bit confused . 

    Actually, i want to make a simple test writing (export) in a text file the displayName of my users. 

    can someone give me the first steps to do it via the Powershell MA. 


    0 0

    Hi Folks - I currently flow a handful of FIM Portal attributes for a user to AD successfully.  However, recently I added several more yet they don't seem to appear in AD or even AD Connector Space. Yet I did add map them in the FIM MA and selected the specific attributes I want within the AD MA such that I could flow them in the sync rule.  I did see them in the Metaverse so I know they are being populated with values.  They just never make out... thought?


    0 0

    Hello , 

    i'am looking for a powershell Script permetting to create the attributs and bindings in FIM from a CSV file ? 


    0 0

    [Troubleshooting] FIM Service Polling the Exchange Web Service (EWS) fills the Application Event Log:

    Tim Macaulay Security Identity Support Team Support Escalation Engineer

    0 0


    In the default RCDC for creating a new group there is a RadioButton default set in 'owner approval required'

    How do I get it set default in 'none' instead ?

    I have tried with changing the order of the <my:Option  but that didnt work.

    <my:Control my:Name="Join" my:TypeName="UocRadioButtonList" my:Caption="%SYMBOL_JoiningCaption_END%" my:RightsLevel="{Binding Source=rights, Path=MembershipAddWorkflow}">
              <my:Option my:Value="Owner Approval" my:Caption="%SYMBOL_OwnerApprovalCaption_END%" my:Hint="%SYMBOL_OwnerApprovalHint_END%"/>
              <my:Option my:Value="None" my:Caption="%SYMBOL_NoneCaption_END%" my:Hint="%SYMBOL_NoneHint_END%"/>
              <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=MembershipAddWorkflow.Required}"/>
              <my:Property my:Name="ValuePath" my:Value="Value"/>
              <my:Property my:Name="CaptionPath" my:Value="Caption"/>
              <my:Property my:Name="HintPath" my:Value="Hint"/>
              <my:Property my:Name="ItemSource" my:Value="Custom"/>
              <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=MembershipAddWorkflow, Mode=TwoWay}"/>
              <my:Event my:Name="SelectedIndexChanged" my:Handler="OnChangeMembershipWorkflow"/>
            <my:Event my:Name="BeforeLeave" my:Handler="OnLeaveOwnersGrouping"/>



    0 0


    In the default RCDC for creating a new group there is a UocIdentityPicker for members of the group.

    During creation it default suggests the user creating the group as a member.

    How do I in the RCDC XML remove that suggestion ?

    <my:Grouping my:Name="GroupingMembers" my:Caption="%SYMBOL_MembersTabCaption_END%">
          <my:Help my:HelpText="%SYMBOL_MembersTabHelpText_END%" my:Link="5d8daa86-efd0-48f8-bb91-8f8eebc9897f.htm#bkmk_grouping_GroupingMembers"/>
           <my:Control my:Name="MemberToAdd" my:TypeName="UocIdentityPicker" my:Caption="%SYMBOL_MembersToAddCaption_END%" my:Description="%SYMBOL_MembersToAddDescription_END%" my:RightsLevel="{Binding Source=rights, Path=ExplicitMember}">
              <my:Property my:Name="Mode" my:Value="MultipleResult"/>
              <my:Property my:Name="Rows" my:Value="10"/>
              <my:Property my:Name="ObjectTypes" my:Value="Person,Group"/>
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, AccountName"/>
              <my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName"/>
              <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=ExplicitMember , Mode=TwoWay}"/>
              <my:Property my:Name="UsageKeywords" my:Value="%Attribute_Type%"/>
              <my:Property my:Name="ResultObjectType" my:Value="Resource"/>
              <my:Property my:Name="ListViewTitle" my:Value="%SYMBOL_MembersPopupListviewTitle_END%"/>
              <my:Property my:Name="PreviewTitle" my:Value="%SYMBOL_MembersToAddPopupPreviewTitle_END%"/>
              <my:Property my:Name="MainSearchScreenText" my:Value="%SYMBOL_MemberSearchText_END%"/>



    0 0
  • 05/23/13--02:42: Group Membership BulkUpdate
  • Hello People,

    we experienced in our FIM Portal system a lot of complaints from our customers about bulk membership updates within groups.

    Therefore we developed an own administrative page and added to the portal, which allows you to add/delete and report the membersips of your groups in a easy way.

    If somebody require also this convenient administrative task, send me an email.

    I can send the aspx site and the code behind.

    Regards Fatih

    0 0

    I know that FIM 2010 R2 SP1 now claims support for SCSM 2012. FIM Reporting allows us to use a free copy of SCSM / DW for just the purpose of reporting services. Does this only apply to SCSM 2010 or does this include SCSM 2012 as well? I just want to make sure that we don't install SCSM 2012 assuming that it's free when in reality only SCSM 2010 is free. This issue came about because SCSM 2010 did not require a product key, but SCSM 2012 does.



    Mark Creekmore - BlueVault Software

    0 0
  • 05/23/13--08:26: PCNS Ports
  • Hi all,

    I'm working with a customer on delivering password changes cross-forest, with changes originating in a source domain and being reset in a target domain that also contains my FIM server.  I added a new target to a pre-existing PCNS installation today, set the SPNs and opened up the usual ports (135, 5000-5100 and 57500-57520) but found the password changes weren't being delivered to FIM, with an RPC error being logged in event log.  When I looked at a network trace, I was surprised to find it using port 49200.

    I opened up this port and password changes are being delivered OK now, but I'm anxious to make sure that 49200 isn't just in a range of dynamic ports that I've otherwise not opened up.  Anybody have any advice, or what I can check?  We did find something suggesting that RPC can use a random port in the range 49152-65535 - would PCNS use that on Windows 2008?  Though the strange thing is that EVERY DC seemed to be using this port - not very dynamic at all!




    0 0


    Wondering if anyone out there has come across a neat solution to allow a user to use a choice of either SMS, or E-mail, or the QA gate to reset their password in forefront identity manager 210 r2.

    I have see the solution of setting up a custom attribute that users can enter a value themselves and based on this value then present them with the password reset by questions or e-mail or sms.

    I was hoping that somewhere the otp gates could be modified to say "if a user gets either the question or the security code right then proceed and give the user the option to change their password"

    In other words, present the user with the questions, and then the security code, and then check to see if they have either option correct to proceed with the password reset process.

    Hope this makes sense.

    Regards, Thomas.

    0 0

    Hi, I have this pb and I can't foud the solution.

    The creation of mailbox is ok, but I sync AD user to FIM who doesn't have mailbox (generic account). But when I do a export, I have this error => for me, it's beacause FIM follow Exchange attibute for this user. 

    I don't know what is the solution in my case? 

    Thank you by advanced.

    There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=stagiarepdl,OU=Utilisateurs,OU=LOIRE,DC=aocdtf,DC=ass.

    Type: Microsoft.MetadirectoryServices.ExtensionException

    **** ERROR ****

    ExternalEmailAddress is mandatory on MailUser. Property Name: ExternalEmailAddress

    **** END ERROR ****

    **** ERROR ****

    The mail contact and mail user must have a valid external e-mail address. Property Name: ExternalEmailAddress

    **** END ERROR ****

    **** ERROR ****

    The mail contact and mail user must have a valid external e-mail address. Property Name: ExternalEmailAddress

    0 0
  • 05/24/13--07:39: FIM Calendar
  • Hello, 

    i'am using for FIM2010 R2. After deploying it in SharePoint when i want to access to FIM Portal i have unable to process  your request 

    Any idea ? 

    0 0

    So I'm in the process of rolling out the FIM 2010 R2 2010 SP1 SSPR FIM Client extensions and testing the end to end solution. The challenge for myself and the client I'm working with is that some answers during Password Registration aren't acceptable even if they meet the Answer Constraint. For testing we modified the answer constraint to allow any characters and the length of the answer to be greater than or equal to 2.

    When we enter a1, hbi123, "answer", or even password is throws an error. Has anyone ran into this before or could shed some light on why the QA Gate is so picky?

    0 0

    I'm following the guide ( to import AD DS objects into FIM.  I can successfully get all users who are not covered under the AdminSDHolder into FIM, and I can search for them within the FIM Portal.  The users that are covered by AdminSDHolder get the following error on Export of the FIMMA:

    Requestor: urn:uuid:fb89aefa-5ea1-47f1-8890-abe7797d6497
    Correlation Identifier: 30f0a139-74f0-4d06-aadb-c53c01b3af5b
    Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied.
       at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
       at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
       at Microsoft.ResourceManagement.Data.DataAccess.GetDomainConfigurationIdentifiersFromDomain(String domainName)
       at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.AddDomainConfigurationFromDomain(CreateRequestParameter domainNameParameter, RequestType request)
       at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.DoRequestCreationPreProcessByAttribute(RequestType request)
       at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.DoRequestCreationPreProcessByAttribute(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
       --- End of inner exception stack trace ---

    Also, is there a good guide for exporting a user object from the FIM Metaverse to a directory system?

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    0 0

    I am having problems with a specific type of xpath query which I believe is showing an unwanted variation in behaviour between FIM R1 and R2 (SP1).  To this end I have created a new bug report on Connect, but I am not sure it is being read by anyone so I am re-posting here.

    • The following two queries should return identical results for a valid Person guid, as they do with FIM R1:
      /Person[Creator=/* and ObjectID='<myPersonGuid>']
    • /Person[Creator=/* and ObjectID=/Person[ObjectID='<myPersonGuid>']]

    However, for FIM R2 SP1 (version 4.1.3419.0) the first query returns no results.  I have confirmed this result on two separate 4.1.3419.0 versioned sites.

    Can anyone else please confirm this problem (i.e. only query style #2 above works for FIM R2 SP1 when style #1 should be all that is needed)?

    Bob Bradley (FIMBob @ ... now using Event Broker 3.0 for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    0 0

    I am newbie of VisualStudio.
    We use MIIS and VisualStudio2003 for metaverse rule and MA rule extension.
    How could I debug those rule extensions ?

    I would like to debug those extension code step by step and understand how the galsync synchronization processes are working.

    We have test environment of MIIS.


    Souce code need to exist in MIIS server ?


    Do I need to set break point to source code and complile by debug mode and put created DLL and pdb file to extension follder ?

    Where should I set break point to trace all rule extension functions ?

    0 0

    Forum Members,

    I have a confusion as in when/who uses ‘connector filter rules’?

    Do these rules get applied during import or during synchronization?

    To make it more clear say my ‘authorized data source’ MA has only two run profiles, full import and full synch.

    When connector filter rules will apply, during full import orduring full synch?

    Kindly help.

    Thanks in anticipation.


(Page 1) | 2 | 3 | .... | 202 | newer