Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Invoke-Quickstart FAIL to sync users from AD to FIM 2010

0
0

Trying ton do the initial sync of users in AD to FIM 2010. Run the invoke-quickstart command through PS.

ERBOSE: Verifying the forest and account
VERBOSE: Verifying the container
VERBOSE: Verifying the FIM management agent account
VERBOSE: Verifying the AD management agent account
VERBOSE: Verifying FIM service base uri for the FIM MA
VERBOSE: Verifying the installation of FIM and Synchronization service
VERBOSE: Retrieving the forest BIOS name and SID
VERBOSE: Verifying management agent configuration state
VERBOSE: Updating the AD management agent configuration
VERBOSE: Updating the FIM management agent configuration
Invoke-QuickStart : No such host is known
At line:1 char:1
+ Invoke-QuickStart -container "ou=victoria,dc=PRIVATECOMPANY,dc=org,dc=au" -Data ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Invoke-QuickStart], SocketException
    + FullyQualifiedErrorId : System.Net.Sockets.SocketException,Microsoft.IdentityManagement.QuickStart.InvokeQuickStart

Stuck on this sequence:


ERE & DRE still exists for a user, even though he left the Set

0
0

Hi,

When a user entered a Set, the relevant ERE and (later) DRE was generated (as expected).

Subsequently the Set criteria changed, and the user was removed from the Set.

Why then is the ERE & DRE still associated with the user in the FIM Portal?

Thank you,

SK

Workflows use function to update value.

0
0

As part of a workflow I'm trying to update an object value using Function Evaluator.

However when I set the Workflow parameter to "Target" and look through the list of attributes (Parameter attribute), I don't see the attribute I'm after. This attribute is created in the FIM portal and when I look at the extended properties of an object in the portal I can see this property.

Thanks for ur help.

Password History in FIM Password Reset

0
0

Hello

We have a problem no one seem to be able to fix. 

We have a register/reset portal up n running and everything works great. Users can register and then change passwords.

The problem is the password History, they can change back to old passwords. I have tryed all thinkable solutions but we cant seem to handle the history. We have policys on group level that applies this rules.

Anyone with a solution or that have similar problem?

GAL synchronization to specific target OU

0
0

We already have GAL synchronization setup between two AD\Exchange forests using FIM 2010 R2. What we want is to configure Management Agents to put contact objects from specific OU into target specific OU, for example users from DOMAINa/Resursser/Users/Shared Accounts 
should be synchonized and put into DOMAINb/domainaGroups/Shared Accounts
And there is a few pairs of such OUs. Should we configure separate Management Agent in FIM for each pair or is there any way to configure it in one Management Agent?
As You can see on below screen it is impossible to select two containers as target container



XPath Question!

0
0

Hi Guys

I am trying to use a xpath filtering for my groups, I will Explain the scenario:

I am using two resource types: Person and Asset (custom).

A Person could have more than an asset associatedto it, for this reason I created a new resource type called PAssets, on this resource type, have objects with two reference attributes, one for person and a multi-valued reference for asset (there one exception that the user can have more than one asset associated).

I need to create groups including all the Person that have a certain type of Asset. Tried some examples, but i couldn't navigate inside the nodes to put the Person related for a Asset in a group.

Can anyone help me?


- Diego Shimohama http://www.dshimo.com.br

Unable to delete Oracle MA

0
0

Hi,

We have a working Oracle MA (out of the box MA), but are unable to delete it (as we wish to perform further tests).

It processes the records (when we click to delete the CS and MA), and when the bar shows full progress is complete, it just sits there for hours. The MA does not delete. Btw. we have disabled provisioning, and made sure all the Imports and Syncs are complete and healthy.

When we ran the following SQL query, it showed a few hundred rows with "anchor = NULL"

SELECTTOP 1000 [object_id]
     ,[ma_id]
     ,[pobject_id]
     ,[rdn]
     ,[ancestors]
     ,[anchor] FROM [FIMSynchronizationService].[dbo].[mms_connectorspace]
 where anchorisNULL

Since this is a test system, we then ran the SQL query below, but it said there is nothing to delete.

Can anyone suggest other approaches to deleting an MA?

-- Get your MA GUIDs first to set @maid
-- select ma_id, ma_name from mms_management_agent

declare@maid as uniqueidentifier
set@maid ='6F513A91-99F0-40D9-9392-89C69AAEDFC2'

-- Clean mms_csmv_link first ...
delete mms_csmv_link from
mms_csmv_link csmv
innerjoin
mms_connectorspace cs
on cs.object_id = csmv.cs_object_id
where cs.ma_id =@maid AND
anchor
isNULLAND
not(cs.partition_idISNULL)-- placeholders have null anchor, so we exclude them

-- Then clean mms_connectorspace ...
delete mms_connectorspace where ma_id=@maid AND
anchor
isNULLAND
not(mms_connectorspace.partition_idISNULL)-- placeholders have null anchor, so we exclude them

Thank you.

unable to approve request

0
0

I have created an MPR which triggers an authorization workflow. The workflow only contains 1 activity: "Ask for Approval from...".

The approver gets the email stating that a request is awaiting approval (or reject).

The request is visible in the "Approve  Requests" dialog for this user with a status of "Pending" but it can not be Approved or Rejected.


Help with an IIF query required

0
0

Hi,

How would I write this IIF query into an Outbound Sync Rule:

If Boolean_attribute_X is False, export the following 'static' value into the target_AD_attribute,

else do nothing (if true)

My thinking is something along these lines for the custom expression:

IIF(Boolean_Attribute, Customexpression(NULL())), "Static Value"

Thank you




Management Agent running Continuously.

0
0

Hello All,

The SQL MA Full Import is running for a long time and in statics it is not showing any update, Unable to stopped the MA, When i tried to stop the MA , it is not stopping at all. I wonder why it not stopping and nothing is happening with the MA. It is in limbo state.

Kindly advice, is there are other way to stopped it.

Thanks,
RajaVillageSync

projection rules

0
0

Hi,

i have a question about projection rules and how they apply to cs objects.

Scenario: i have 2 MAs: AD and FIM. I have an OU in AD, where all of fired users stored. The evaluation on either user should move to this OU or not is done by FIM logic(based on several attributes, such as lastLogonTimestamp, accountExpires and other).

When conditions are met, outbound sync rule applies, user moves into OU, disables and clears from all group membership(its mandatory). Since, there is no simple way to clear users membership, i decided to make that users a disconnectors using MV extension code, and thus, they'll clear of all groups. (I must mention, that before choosing that solution, I tried to filter them out, but it's not working, because of export-filter error)

So, now i need to not project that kind of users into MV, because if they'll projected, during the sync phase they'll become disconnectors again when MV extension strikes, and this is unwanted workload. I have a MA extension, and this is a ShouldProjectToMV function code:

if (csentry.ObjectType == "user")
            {
                if (String.Compare(UseFiredUsersOU, "1") == 0 && csentry.DN.ToString().Contains(FiredUsersOU))
                {
                    MVObjectType = "person";
                    return false;
                }
                else
                {
                    MVObjectType = "person";
                    return true;
                };
            };

Then i configured projection rules, it looks like this and projection rules extension works just fine after one full sync cirle:


But, after a second full sync circle it looks like this and projection rules not applied anymore:


Any thoughts why this happens?


FIM XPath and Security Group filter

0
0

Hi,

I'm able to create a SG with a simple xpath filter like this: /Person[(ObjectID = '7fb2b853-24f0-4498-9534-4e10589723c4')]

Now, I want to crate a SG with a more complex filter like this one:

/Person[ObjectID = /UserEntityAssociation[EntityRef = /Entity[EntityCode = '100'] and RoleRef=Role[DisplayName = ‘RESP’]]/Manager]

The Expression I'm using in the filter works on a FIM Webservice defaultClient.Enumerate

Is this a FIM limitation or a configuration issue?

I doubt it's a permissions issues because I'm able to change the xpath expression. I just can´t put a more complicated one.

The error I get on the portal is this:

Error processing your request: The server was unwilling to perform the requested operation.
Reason: Unspecified.
Attributes:
Correlation Id: e8a666f0-4b7b-4e4d-b64e-3d3e8c7538ad
Request Id:
Details: Request could not be dispatched.

Many thanks,

DD



Use extension flow rules on object projection

0
0
We have a management agent that creates a CSV every time it is run.  There are never any updates/deletions, only "Adds".  The issue is that I'm trying to remove a symbol (the "+") from the phone numbers when it is exported, but from what I'm reading only during synchronization (i.e. not projection/creation) can I use special rules in creation.  Is this correct?

Galsync Cross Forest Exchange 2010 and Exchange 2013 - AddressListMembership' is on a read-only object

0
0

Hello,

We are setting up for a cross forest migration, with Exchange 2010 in the old forest and exchange 2013 in the new Forest.   I have setup galsync using FIM 2010 R2 Sp1.  I am using the default Management Agents with no modifications.   When syncing mail enabled users from the Exchange 2013 forest back as contacts to the Exchange 2010 forest I am getting an error for each account.   After every export run of the management agent a duplicate contact is being created.  This is holding up the migration and I have not found anything online except this forum post, which does not explain how to resolve the issue in any detail.

Forum Post

This is the error I am getting in the event log, it is an "ma-extension-error"

"The property 'AddressListMembership' is on a read-only object and can't be modified"

Supposedly there is some sort of way to hardcode the exchange version to 2010, instead of 2013, which resolves this issue. I assume it is a hack or workaround, but I am quite perplexed why there is no info from MS about this. 

If someone could give me detailed instructions on how to get around this problem I would be most appreciative.

WF Custom Activity & Error Log

0
0

Hi,

I have a custom activity and I'm doing error log to eventLog and to text file.

Is there a way to inform FIM about errors in the activity? Any way to have the logs integrated in FIM?

Many thanks,

DD


Forwarding password reset form info

0
0
Anyone know of a way to forward form data to the reset web portal so that the user doesn't have to enter their username? Specifically, when a user incorrectly enters login data to an external web portal, I want that to forward them to the reset portal without the need for the user to enter their account name again. Any thoughts? Thanks.

FIM MA - SAP

Set a reply to address in Notification Email

0
0

Hi,

Is it possible to add extra tags to the configuration file on the service box to put a reply to setting on email notifications that is different than the sent from address.

Granfeldt Powershell MA Export not doing anything

0
0

I'm sure i'm doing something wrong that is a simple error.

I have a powershell MA that connects to eDirectory, and successfully imports the user and group objects I want with the needed attributes.

I am running into issues with the Export process.

I am running the 5.5 management agent.

I am just trying to do some simple tests to see how the export script handles the attributes, and am using simple objects. In my current export script I just have it attempt to dump the attributes passed to is in a text file to see what they are, but I've run into a roadblock.

When I format the script as shown in all the examples I see, none of it runs. So the following will produce no text file:

PARAM (
    $Username,
    $Password
)

BEGIN
{
write-output "begin section" | Out-File c:\test.txt -Append
}


PROCESS
{
write-output "process section" | Out-File c:\test.txt -Append
}

END
{
write-output "end section" | Out-File c:\test.txt -Append
}


however if I comment out the begin, process, and end blocks, it will create the text file.

PARAM (
    $Username,
    $Password
)

#BEGIN
#{
write-output "begin section" | Out-File c:\test.txt -Append
#}


#PROCESS
#{
write-output "process section" | Out-File c:\test.txt -Append
#}

#END
#{
write-output "end section" | Out-File c:\test.txt -Append
#}

I of course in my first go-arounds with this had scripting in there to grab the needed attributes using the PSCustom object formatting, but since I can't seem to get past this part of the process, i figured i'd just share this?

what am I missing?

thanks for any suggestions!

Have FIM Email notifications display or contain only true boolean values

0
0

Hi guys,

My scenario: The summary of a filled form in FIM returns both true and false Boolean values on the summary page of the form and on the email notification to approvers.

Required: A summary of filled in attributes only. All attributes are Booleans.

How can I achieve to only have a summary of true Boolean values to avoid the clutter in the mail notifications?

Kind regards,

Phina 


Phina

Viewing all 4767 articles
Browse latest View live




Latest Images