Compatibility question for SQL Server 2012 R2 Service Pack 2 (v11.00.5058.0) and Forefront Identity Manager 2010 R2
SQL 2012 Compatibility Question
↧
↧
Synchronization Rules - Can't create outbound attribute flow
After installing http://support.microsoft.com/KB/3008923, known issue #1. there might be a problem creating inbound and outbound attribute flows in any Synchronization rule. IE11 have some issues here ...
To solve this, just install Windows Patch 3025390. This Patch does not require any restart either on Windows 8.1 or Server 2012 R2.
I found a thread around this matter on: https://social.technet.microsoft.com/Forums/ru-RU/2d72a287-4fa4-439b-8066-45ff47f2ed4d/synchronization-rules-cant-create-outbound-attribute-flow?forum=ilm2
With this post I hope that you guys find it easier to find!
Regards
//Jörgen
↧
3 million user on Local AD to be synchronized with Office 365 FID issue
Hello everyone,
I have a customer (University) Who has an issue with DirSync. They have 3 million users on Local AD they want to synchronize with Office 365 to enable
these users for Exchange online.
Now they have users "Students" enabled for Exchange online and management and staff are enabled on the On-premises Exchange servers.
Dirsync during the day synchronize 2 times fine without any error and again 2 times doesn't synchronize and gives error with no details. the error
is "Stopped Extension-dll exception"
More errors shown as below
Directory Synchronization:
An unknown error occurred with the Microsoft Online Services Sign-in Assistant. Contact Technical Support. SetCredential() failed. Contact Technical
Support. (0x8009000B)
I am attaching other errors as well
at Microsoft.Online.Coexistence.ProvisionHelper.GetLiveCompactToken(String userName, String userPassword) at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Initialize() at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Import(Byte[] syncCookie, Boolean isFullImport) at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore() at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep) Forefront Identity Manager 4.1.3465.0" FIMSynchronizationService: The management agent "Windows Azure Active Directory Connector" failed on run profile "Delta Import Delta Sync" because the server encountered errors. FIMSynchronizationService: The management agent "Windows Azure Active Directory Connector" step execution completed on run profile "Delta Import Delta Sync" but the watermark was not saved. Additional Information Discovery Errors : "0" Synchronization Errors : "0" Metaverse Retry Errors : "0" Export Errors : "0" Warnings : "0" User Action View the management agent run history for details. Directory Synchronization: The Management Agent Windows Azure Active Directory Connector failed on execution. Error returned is 'stopped-extension-dll-exception'. If the problem persists, contact Technical Support.
Customer have tried to involve Microsoft with them through a third party technical support company but microsoft was not able to apply anything since they have tried to apply some scripts but those scripts would take
3 days without finishing.
The first time the Dirsync was applied it took 1 week without finishing until now they were not able to apply a full import and export sync.
What have really got me interested is that Microsoft did not suggest to the customer to upgrade his FIM (ForeFront Identity Manager)'s old version
to the latest one.
Customer is using Full SQL deployment on a dedicated server and DirSync (FID) on a separate server too. The deployed servers are virtual and have 32
GB ram and 200 GB HDD size and 4 cores.
I have recommended to this customer that we do not touch this current deployment since Microsoft themselves couldn't do anything in regard, but what
we could do is take a virtual snapshot and then apply the upgrade and see if this resolves the issue or not?
Note:
Microsoft talked to them about a limited number of synchronized items to their Azure site per week! I am not sure about this but what the customer
said is that they change approximately about 25,000 user object per day.
Could this issue happens because of this limit?
Thanks
↧
Remote Management of Sync Service
Hi,
I wonder if anyone can help - is it possible to install just the FIM 2010 Management Console for the Sync Service on a server and then connect to the Sync Service running on a remote server? TIA
↧
email verification during the SSPR registration process
The SSPR registration process allows you to specify an email address. But that email is not verified. During password reset a code is sent to the email. But what if the user entered the wrong email during the registration?
Shouldn't there be an email verification process built into the registration workflow? At least ask the user to enter the email twice so that it matches?
↧
↧
Error message while while upgrading FIM RTM to FIM Service pack 1
Hi All,
I am getting the below error message while while upgrading FIM RTM to FIM Service pack 1, I had followed the same procedure in one of my test lab and it upgraded successfully. Kindly advice.
Regards,
Anirban Singha
↧
Facing Error While Upgrading FIM 2010r2 RTM to FIM 2010r2 SP1.
Hi,
Facing error while upgrading FIM 2010R2 RTM to FIM 2010R2 SP1.
Upgrade Path: Taken all Back up as MS article: http://technet.microsoft.com/en-in/library/jj134291(v=ws.10).aspx#synch_con.
Upgrading SP1 Patch only. Start--> RUN--> CMD (as admin)--> located the FIM upgrade MSI file--> Enter
With Best Wishes,
Pramod Chandra Das
↧
Ghosted objects cause unexpected-errors
had an issue with our FIM install. Some objects which have been removed from the metaverse, still sit in the FIM MA cs and everytime a full import/sync is run, these objects return an "unexpected-error". How can I remove them from the FIM MA cs or recreate them in the MV?
Thanks,
M.
↧
object with DN already exists in management agent
During a full sync I get a lot of DN
Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: An object with DN "XYZ" already exists in management agent "ActiveDirectory". The DNs are all groups within OUs which have been created during the initial provisioning phase when onboarding new departments. Is there a way to prevent this?
↧
↧
how to (bulk) link objects in the FIM MA to metaverse objects
Is there a way to link / join objects which still exist in the FIM MA CS with objects in the metaverse?
Thanks
Mik
↧
Delete selective objects from an MA
Is there a tool / script which allows me to selectively delete a group of objects from an MA.
For instance if (for whatever reason) I want to delete all groups from the FIM MA CS.
Thanks,
Mik
↧
Find distinguished name (DN) in AD MA
How can I use Powershell to retrieve a user's DN (cn=xx,ou=xx,dc=xxx) from the Active Directory MA.
When I use export-fimconfig I can find a particular Person using a given accountname but that doesn't show me the DN.
Looking at the AD connector space in the Sync Manager, I can see the the correct DN on the preview page (Source object Distiguished Name (DN).
↧
Add member to a group's "member" attribute.
I need to add users to a group in FIM using Powershell.
Both the users and groups are already in the FIM MA and metaverse.
The group's "member" attribute is a reference attribute.
The list of users (accountname only) to add to a group is stored in a multivalue string called "add_to_group".
How can I update the "members" attribute with the correct value representing the correct user.
JoT
↧
↧
Is it possible to modify the Outlook Add-on configuration after install on client? If so, how?
I want to take advantage of the Groups Website option in the Add-on Groups Menu option.
However, the URL generated uses the FIM Server I entered at installation of Add-on. I followed the example guidelines by just giving the hostname only. e.g. fimone
The URL generated by the Add-on uses httpS://
Is it possible to edit the Add-on config files somehow to produce an URL like
http://fimone.fim1.local/IdentityManagement/aspx/groups/MyDLs.aspx
instead of
https://fimone/IdentityManagement/aspx/groups/MyDLs.aspx
No big deal, the user can edit the URL in the browser but to do so would mean extra education/documentation etc etc.
↧
Configuration of Ldap management agent
Hi,
I need to configure the Ldap management agent in FIM 2010 R2 SP-1 to provision/deprovision the users. Which management agent we should use?
- Active Directory Domain Services
- Active Directory Lightweight Directory Services (ADLDS)
As I have only used ADDS to provision/deprovision the users/groups.
Thanks
Harry
↧
Integrate new MA without changing the existing environment
Hi,
Can any one please suggest me for the below scenario.
Consider in the current environment. , we have deployed FIM sync server and configured three management agent of type ADDS. There are some rule extension deployed for exchange and Lync. FIM Portal and MS Bhold is not installed and used. Total number of user are 15k.
Now we have new requirement to integrate a new AD and new Ldap management agent to provision and provision 500 user.
For these new 500 users, we also need FIM Portal and MS Bhold.
We don't want to make any change in the existing configured MA. Can we implement like this.
1. Install FIM Portal and MS bhold on the existing server on which FIM syn server is already installed.
2. Configured the new management for new AD and Ldap.
3. Configured the FIMMA to allow only the new 500 user to provision in FIMService based on some criteria which can get from the new AD and Ldap.
4. Do the required configuration of MPR,Syn rule etc in FIM Portal.
5 .Do the configuration export and import the user in Bhold for only new 500 users to approval, groups management etc.
OR
Install the FIM Portal and Bhold and then reconfigure the all exiting management agent using the FIM Portal GUI.
Please suggest which is best way. If we need to reconfigure the all the existing MA using FIM Portal or just install the FIM Portal and Bhold and configure the required MA for new 500 users only.
Thanks
Harry
↧
Generic LDAP Connector used against AD
I am trying to use the generic LDAP connector to provision to a development AD. The only port available is 389 so the AD MA cannot be used because it requires 88 for Kerberos.
The generic LDAP hangs during configuration after the Configure Anchors screen. The release notes say that it will work against 3389 on a GC.
Is there some special set of choices to configure this to connect to Active Directory?
Randy
↧
↧
DirSync - Join/Protection validation error
Hi,
We are trying to configure an additional on prem AD OU to sync to Office 365. We have several OUs already syncing successfully. When selecting our Shared Mailboxes OU in the Configure Directory Partitions section of the miisclient, we receive the following error and the OU is not selected.
"Join/Protection validation error:
'publicFolder' is no longer included in the list of selected object classes."
We are running version 1.0.7020.0 Active Directory Sync Tool.
DirSync is running on its own dedicated server.
Please see screenshot of error below(Screenshot will be added once my account has been verified as I am unable to add images at this point
Once we click ok to the error, the focus of the pointer is automatically dropped to the "Configure Join and Protection Rules"
It appears that we are missing the publicFolder object in this list as you can see from the screenshot below (Screenshot will be added once my account has been verified as I am unable to add images at this point)
Can anyone suggest areas of investigation around this error?
Many Thanks
↧
FIM has slowed down completing request
Hello friends,
Lately, although Managers approve the end-user's requests, yet the portal still shows the requests in as Authorizing.
All MAs are working fine, it used to take few seconds, now it takes more than an hour.
What gives?
Thanks,
Nas
↧
ECMA Agent Configuration too large for Portal/Service ma-data object
Hi,
We have an agent implemented in ECMA 2.3. The agent has 9 Object Types. Each object type has a large number of attributes (the total number of attributes is 130).
We've had no problems with the agent until now when we added some more Object Types (and more attributes). The agent imports fine in the FIM Sync Engine, but we get the errors listed below when FIM tries to update the ma-data config object for the agent in the FIM Service/Portal.
Unfortunately I think we've hit some limit on the size of the agent configuration in the ma-data object (one attribute value becomes too large "String or binary data would be truncated"). The attributes in the ma-data resource should probably all be unindexed strings, but they are not :(
I guess we're the first to use this many attributes in an agent. Has anyone else run into this aswell?
Event Log:
A update on the configuration of a MA or MV failed to replicate to a target connector directory that is capable of storing MA/MV configurations. As a result, the MA/MV configuration data in this connector directory is not up to date. Please
correct the condition that causes the error, and triggers a resync by updating the password information of the target MA.
Error 1:
Additional information:
Error Code: 0x80230020
Error Message: (Management agent encountered an error exporting to the connected directory.)
Operation: Create MA
Name of the MA to replicate: LargeAgentName
Guid of the MA to replicate: {17380C64-973F-499D-9DA3-94EAA59BD089}
Name of the target MA: FIMMA
Guid of the target MA: {BE7E9C7E-AB08-44FF-974C-02A79CE61833}
Error 2:
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 8152, Level 16, State 10, Procedure GenerateRequestOutput, Line 505, Message: String or binary data would be truncated.at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
--- End of inner exception stack trace ---
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
at MIIS.ManagementAgent.Configuration.SynchronizationConfigurationManager.CreateSynchronizationConfigurationObject(SynchronizationConfigurationObjectType objectType, SyncConfigObject synchronizationConfigurationObject)
at MIIS.ManagementAgent.Configuration.SynchronizationConfigurationManager.ProcessDescription(SynchronizationConfigurationObjectType objectType, String managementAgentDescription, Boolean update)
at MIIS.ManagementAgent.RavenMA.DoUpdateSynchronizationConfigurationObject(String identifier, MASyncConfigOp operation, String description)
↧
More Pages to Explore .....
