I'm sure this is something obvious I really should know, but my brain is clearly not working today. I have an OOB SQL MA which reads from a view. The view has WHERE clauses to make users drop out if they are a certain category. Some users have hit the excluded category, dropped out of the view, but their CS object remains. I am most confused, shouldn't we see an import delete?
Cheers,
Dave
Hi,
I have created Attestation Steward and Campaign Owner Roles.And have assigned the permissions "Attestation webservice allowed" and attestation steward/attestation campaign owner permissions to it.
Then i have assigned it to the OU.The OU has roles linked to it.
which is also linked to the users in the OU.But the permissions are not getting reflected in the User's Permission Tab.
Now i have tried restarting the B1 service and IIS.But still no solution.
I checked in the database table.the taskid reflects "Attestation webservice allowed" and attestation steward/attestation campaign owner permissions." wrt the Users.
But it is not reflected in the users in the BHOLD ui.
Can anyone suggest any remedy to this issue ?
shakti
I've got a powershell workflow activity which adds members to a group.
If I run this script manually (i.e. from a PS command line) it works. The member ID I provide is added to the group ID I provide. When this workflow activity is triggered it shows a PostProcessingError in the Search Request.
I assume it has something to do with the fact that during the workflow the script is run with different credentials than when run manually.
Search request shows 2 errors for this:
1) Request Title: Update to set "x" - status PostProcessingError - operation Modify
This has "Administration: Administrators control set resources" as the matching MPR.
2) System Event REquest - status PostProcessingError - operation System EventThis has ".Group SMPR: LDAP AD Group Provisioning" as the matching MPR (this is a set transition).
If I remove " $ImportObject | Import-Fimconfig" from the script, all errors are gone.
Where do I set the right permission / add permissiomn for the attribute.
Hi,
I am facing issue when users go for password reset using the SSPR client, they receive error pop-up saying “Could not connect to Password Reset Service”.
We have tried restarted the FIM client machine,repair the FIM add ins on client system,restarted the FIM service,reset IIS etc.
Please suggest to resolve the issue. We have FIM 2010 R2 SP-1 with latest hotfix.
Error in event log is as below.
Source: Microsoft.ResourceManagement.PasswordProxy
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
PwdMgmtProxy: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSInitiateCommunication()
at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSSubmit(Byte[] gateData)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.ValidateUser(ClientPipeContext& client)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.Authenticate(ClientPipeContext& client)
at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement.PasswordProxy" />
<EventID Qualifiers="0">3</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T12:01:46.000000000Z" />
<EventRecordID>94</EventRecordID>
<Channel>Forefront Identity Manager</Channel>
<Security />
</System>
<EventData>
Thanks
Harry
Hello ,
I have two Problems with fim 2010 R2 . First i have installed the synchronization manager , the installation is complete and when i check my Active directory the groups FimSyncAdmins , FimSyncPassword, FimSyncBrowse ... are not created.
The second Problem is with fim portal i can create objects like distribution goups , security groups so i cannot create users . I mean that i create the user but i cannot see that one in fim fim portal . So when i go to "Manage my requests" the status of the creation is completed but i didnt see that any user that section of users is empty .
Best Regards
Hi Experts,
I am building a custom object and for the edit RCDC , I have taken the code from Group Edit RCDC.
and My delta datasource is of type ReferenceDeltaDataSource.
<my:ObjectDataSource my:TypeName="ReferenceDeltaDataSource" my:Name="delta" />
and my control is configured as shown below:
<my:Property my:Name="Value" my:Value="{Binding Source=delta, Path=MultiValRef.Remove, Mode=TwoWay}" />
When I open the resource and edit this attribute , I can able to see the changes in the summary page. But the value is not being updated to the source.
Any suggestions please!!
I am stuckup here.
Thanks and Regards, Siva Kumar Balaguru
hi all
I want to display the userEnabled checkbox in the user creation GUI in FIM portal. I tried to copy the xml code from user editing RCDC file and paste it into user creation xml file.
But I get an error: There's an error in the Person display configuration.
I have done this procedure for other attributes and it worked fine, are there any dependencies I have not thought of?
This is the code snippet I pasted in:
<my:Control my:TypeName="UocCheckBox" my:Name="userEnabled" my:Caption="{Binding Source=schema, Path=userEnabled.DisplayName}" my:Description="{Binding Source=schema, Path=userEnabled.Description}" my:RightsLevel="{Binding Source=rights, Path=userEnabled}"><my:Properties><my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=userEnabled.Required}"/><my:Property my:Name="Checked" my:Value="{Binding Source=object, Path=userEnabled, Mode=TwoWay}"/></my:Properties></my:Control>Andre
Domain:A
Domain:B
can we provision user (xyz) in to domain A and domain B in FIM Sync Server.
FIM Architecture:
FIM Sync: Import (Call or File base)
: Sync (Full Sync with MV)
: ADMA-Export (Domain-A, Domain-B)
we have two different ADMA with different AD configure same attributes.
Please advice how to provision one user in two domain.
With Best Wishes,
Pramod Chandra Das
With Best Regards, Pramod Chandra Das
Hi,
I am trying to find out where I can remove the Home Phone field from Users (Contact Info) in the Self Service area, also any other areas that needs to be updated?
I am a FIM Administrator and now have access to the Admin section.
Hi,
Is it possible to set the set the Exchange attribute «ForwardingSmtpAddress» in a MA? I can’t find any attribute for this.
TIA,
Carlos
Hi,
According to the FIM licensing guide:
"For each user for whom the Forefront Identity Manager software issues or manages identity information, a CAL is required."
So is a CAL required for a user who has left the organisation, but for legal reasons, the account will remain in FIM/AD/etc for 5 years (as a disabled account).
Thanks,
SK
Hi,
I'm using FIM to create AD users and mailboxes. Exchange email notifications and distribution group management is not being used.
I'm running Exchange 2010 SP 2 (ht,cas and mbx on a single server) with FIM 2010 R2 (both Exchange and FIM are running on Windows 2008 R2).
The problem I have is that FIM is logging warnings in the event log (Cannot connect to Exchange web service).
On Exchange I've configured integrated windows and forms based authentication with SSL (these settings are required to publish OWA via TMG and allow users to change their password).
The FIM service account has a mailbox, which it can logon to.
In Microsoft.ResourceManagement.Service.config.exe I have the mailserver key configured as:
<appsettings>
< add key="mailServer" value="https://email.contoso.com/ews/exchange.asmx" />
<add key="isExchange" value="1" />
<add key="SendAsAddress" value="svc-fim@contoso.com" />
<add key="synchronizationServerName" value="SvrFIM01" />
</appsettings>
On the FIM server, if I open IE by performing a runas using the FIM service account and browse to https://email.contoso.com/ews/exchange.asmx I'm prompted for logon credentials - once I've entered I and accepted the IE warning to "show all content"
I'm presented with the Exchange XML information.
1. Is there a way to stop this warning from being logged? Presumably I would need to re-configure the OWA authentication settings (something I'm not keen to do).
2. If I'm not using email notifications, what impact does a failure to contact Exchange web services have?
Thanks
| FIM Community Information Center Article |
 |
Wiki Page:
FIM 2010: SSPR with one-way trust |
| Go to the FIM Community Information Center |
| FIM Community Information Center Article |
| |
Wiki Page:
FIM2010: Eliminating equal precedence |
| Go to the FIM Community Information Center |
I tried generating a Group History report after a long and tedious battle to install FIM Reporting.
When you get the report, the Attribute Name/Attribute Value pair is something like:
Attribute Name Attribute Value
Explicit Member 7FB2B853-24F0-4498-9534-4E10589723C4
We can explain what Explicit Mmeber means but it is hard to explain why the report dumps the users internal ID and not his name.
I have the credential (domain, username and password). What do I need to do to launch the FIM portal from my code?
Thanks & Regards,
John
Hi,
My customer is using SSPR without registration portal (users are automatically registered for password reset). So they just need password reset part of client to be installed.
What is recommended way of installation (Registration portal URL seems to be mandatory)?
Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)
