Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 105 | 106 | (Page 107) | 108 | 109 | .... | 204 | newer

    0 0

    Hello guys,

    I have a customized access rights request form in FIM 2010. This form is filled by users requesting different rights to a number of applications listed. A workflow is triggered when the user clicks on submit button. However, some requested application rights don't need approval from top management.

    Is there a way by which picking selected attributes within this resource can trigger different workflows?

    That is, if the specific attributes are selected by users, a workflow that includes top management on approvers' list is triggered.




    0 0

    Hello guys,

    I am trying to sync objects from eDirectory 8.8.5. Everything works fine, I map inetOrgPerson objects to person objects. I discovered if an inetOrgPerson object has an auxiliary class attached in eDirectory it does not get synchronized into the connector space. In case it is referenced by another user or group, a placeholder object is created.

    When I remove the auxiliary class, the object gets synchronized fine.

    Is there a solution/workaround?

    I believe I have the latest hotfix rollup installed, 4.1.3599.0



    0 0

    I have created a custom resource in FIM , I have following options to enter - accountname , displayname, domain.

    All these are custom attributes binding done to custom resource.

    I have created a create RCDC.

    Now when I create that resource , after entering details i see following screen

     As you can see display name is no display name.

    My question,

    1- How do i change this pane to reflect my custom display name , my custom accountname and NOT display name description created time etc ?

    2-I don't want creators to put any any display name while creating so display name should be accountname automatically when resource is created.

    Please advice.


    0 0

    I have created a distribution group and try to notify the list owner when somebody wants to join to the group.

    The group owner can see the request and approve or deny it from the portal, but no email is sent.

    From the server's where the portal is located at evet viewer gives this kind of errors:

    The Forefront Identity Manager Add-in for Outlook will not function without required configuration data.

    Required configuration data was not found.

    Ensure that configuration data is available for the Outlook Add-in either from the application configuration file or via group policy.




    The mail sender could not send an outbound email.  This failure indicates a misconfiguration either with the mail server or with the specific mail.  Frequent, repeating instances of this event indicate a failure with the mail server.  If this event occurs alongside event 12, then this event indicates a failure with Exchange. Infrequent instances of this event indicate misconfiguration of individual emails.

    The mail server address is incorrect or specific outbound email has invalid data.

    Ensure that the mail sender is configured to connect to the correct mail server and that the outbound mail has correct email addresses.
    The specific exception reported by the mail server:


    I have tested that exchange works.

    Can I somehow check what are the Outlook Add-In's configs?

    Do I need a email for the distribution group? It now contains only a email alias?

    Outlook Add-In can't find distribution group when trying to join using Outlook.

    0 0


    I am new to FIM2010 R2. We are going to implement FIM2010R2 Sync services and are testing. The Sync service suddenly stops when we are doing a full sync on a particular MA. Below is error details from Application log:

    Faulting Application: miisserver.exe, version: 4.0.3613.0, timestamp:)x546133b4

    Faulting module name: clr.dll, version: 4.0.30319.233, timestamp: 0x4d92ed2f

    Fault offset: 0x0000000003b18a1

    Faulting process id: 0xa88

    Faulting application start time: 0x01d051546ce8e460


    I am unable to attach a screen shot at this point as my account is not yet verified.

    Can somebody point me in the right direction on why this is happening and what could we possibly do to fix this.

    Also i have question on what are latest hot fixes we need to apply for FIM 2010 R2 Sync services.



    0 0

    When I am trying to join a group using Outlook Add-In I can't see any groups under the join menu. The group exist in the fim portal and I can access to it from the portal. The portal is also able to send for example notification emails.

    The picture shows a part from a joining message generated by Outlook. When I press the join button shown in the picture, I can't find any groups from there.

    Ok, I can't add any pictures because my account is not verified.

    0 0


    I have to import an AVP-based file to a FIM management agent. There is a multivalued attribute but I don't know how the format should be of the multivalued attribute in the AVP file. Can you help me with this? What is the default separator and how should it be used?


    0 0

    When I run a Full Sync on the AD MA, I get a bunch of "ambiguous-import-flow-from-multiple-connectors" errors when running AD MA. How can I find out which attribute is causing this?

    If I open one of the errors and run a "generate preview" I can see there is a join ("match") based on (data asource attribute) samaccountname &  (metaverse attribute)  accountName but I don't seem to be able to figure out what attribute is causing this and / or needs precedence.

    Anyone any ideas?


    0 0

    I'm using the Microsoft Web Service MA to synchronize with SAP. I've modified the example workflows for import and can successfully import data from Employee and User objects, but when I try to export an Email to an Employee (again by modifying the example) I'm hitting the following:

    "Microsoft.MetadirectoryServices.ExtensibleExtensionException: Sequence contains no matching element ---> System.InvalidOperationException: Sequence contains no matching element

       at System.Linq.Enumerable.Single[TSource](IEnumerable`1 source, Func`2 predicate)

       at Microsoft.VisualBasic.Activities.VisualBasicValue`1.GetValueCore(ActivityContext context)

       at Microsoft.VisualBasic.Activities.VisualBasicValue`1.TryGetValue(ActivityContext context, TResult& value)

       at System.Activities.InArgument`1.TryPopulateValue(LocationEnvironment targetEnvironment, ActivityInstance activityInstance, ActivityContext resolutionContext)

       at System.Activities.ActivityInstance.ResolveArguments(ActivityExecutor executor, IDictionary`2 argumentValueOverrides, Location resultLocation, Int32 startIndex)

       at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)

       --- End of inner exception stack trace ---

       at Microsoft.IdentityManagement.MA.WebServices.ExportStrategy.PutExportEntries(IList`1 csEntries)

       at Microsoft.IdentityManagement.MA.WebServices.WebServiceManagementAgent.PutExportEntries(IList`1 csentries)

    Forefront Identity Manager 4.1.3599.0"

    Has anyone seen this before, or got the WS MA to export Email to an Employee?



    0 0


      FIM Community Information Center Article




      Go to the FIM Community Information Center



    0 0

    I am using active directory management agent to provision mail enabled security groups in Exchange 2013.

    I have selected Provisioning for Exchange 2010 (as suggested on other websites) because we do not have option for exchange 2013. And then in the box => http://{Server-Name}/Powershell

    Everything works fine but the group is created as Exchange 2007(our previous version) rather than Exchange 2013. Can anyone help  me on this please.

    0 0


    I could use some advice with a smart card renewal issue in FIM CM 2010 R2. (Self-service)

    How can I prevent FIM CM update service from creating additional renewal requests for a smart card that was already renewed?

    FIM CM update service detects in FIM CM database when a certificate enters its renewal period. When it's time, a renewal request is created and an email with OTP is sent to the user. The user successfully completes the renewal request and all should be OK.

    The problem: FIM CM update service will soon (default within 5 hours), re-check for certificates entering renewal. Although the smart card was just renewed, an additional renewal request is created and a new OTP email is sent to the user.
    If the user completes also the second renewal request, a third request is generated, and it goes on.

    I'm assuming that the still valid, still expiring certificate is re-detected by the FIM CM update service.

    The second renewal request can be avoided by enabling "revoke old certificates" in the revokation settings workflow, without delay. This would however make the renewal request creation revoke the certificate. I would prefer to keep the certificate valid until expiry, or revoke it when the request is completed.


    0 0

    I'm a FIM newbie and am currently configuring an Oracle Management agent to connect to a view I created on the Oracle DB server.  Everything look good with the exception of my inability to edit any of the column attributes from within the Management Agent Designer.  Specifically the column length.  I need to use a specific field (column) as an anchor, and currently it is too large (DBTYPE_WSTR length 4000).     

    Any help will be appreciated.

    0 0


    I followed the guidelines from "Create a Logging Custom Activity and Deploy it to the FIM Portal"

    and it worked fine with a workflow MPR. I can see the type of the operation performed and the resource attributes that changed.

    Now, when I use it on a Set MPR I don´t have the same information. Should I use a workflow MPR for that? I mean to know if a resource in that set had an attribute value change?

    Many, many thanks,


    0 0


    I have some custom resources imported into MV and now, when running FIM-MA Export, those resources are not created.

    In the sync service console (operations tab) I can see in the "export errors", this: "...No policy grants the Requestor permission to complete all changes..."

    I opened the request in the portal and saw that it has no MPRs in "Applied Policy" Tab.

    Although the requests created in the portal UI are succeeded (they have anadmin account and an applied MPR).

    What should I do to have the "Built-In syncronization account" be able to create those custom resources?

    Please note I'm a developer, not the administrator who created the resources, so walkthrough docs/articles are welcome.

    Many thanks,


    0 0
  • 03/02/15--21:46: FIM Metaverse & FIM Service
  • Dear all,

    I am trying to sync user from AD01 to AD02 using FIM. I already installed FIM Sync & FIM service

    As far as I understand, I need to have 02 MA to connect to AD01 and AD02 and the flow seems to be like this

    AD01=====(MA01)=> CS01==> Metaverse ==>CS02=(MA02)=====>AD02

    Now I still have no idea to configure them and appreciate someone can hell me some questions

    - There is only one Metaverse on FIM Sync?

    - How to push user object from CS01 to Metaverse? Is it projection rules?

    - How to push Metaverse to CS02 and export them to AD02. Any pre-conditions to be able to create object on AD02

    - Anyone have LAB guide for this scenario please send me the link.

    Thanks a lot !

    0 0


    In our environment, we have two AD's (Domain A and Domain B) in two different forests. The FIM is located in Domain A. Now, i am trying to sync a user from AD domain B to FIM. I got synced and created at FIM(Domain A). But the domain attribute in FIM is not populating with the external Domain i.e. Domain B, and the user is also unable to access the FIM Portal.

    Could you please help me out. Please let me know if any configurations have to be done in FIM portal for an external user to access the FIM portal.



    0 0

    Hi all,

    i configured an inbound AD sync rule to sync the AD users to FIM, after creating this rule no one can access the portal even the administrator, i receive this error You do not have permission to access this site.



    0 0

    Hello , I am trying to export My users form a CSV file to FIM Portal so i got the following error messages. 

    Does anyone have an idea about what can be the issue 

    Best regards 

    Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <RepresentationFailures xmlns="" xmlns:xsi="" xmlns:xsd=""><AttributeRepresentationFailure><AttributeType>MailNickname</AttributeType><AttributeValue></AttributeValue><FailureMessage>Exception: ValueViolatesRegularExpression Target(s): Micheal Jackson
    Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: ValueViolatesRegularExpression
       at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateObjectAttributes[T](RequestType request, Guid objectIdentifier, String objectTypeName, IEnumerable`1 parameters, OperationType operationType)
       at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateInputRequestCreate(RequestType request)
       at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>ValueViolatesRegularExpression</AttributeFailureCode><AdditionalTextDetails>The specified attribute value does not satisfy the regular expression.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>6b91286f-4b45-4097-8c1d-38d699a968c5</CorrelationId></RepresentationFailures>

    0 0
  • 03/03/15--06:45: Reference attributes
  • Guys,

    I am trying to figure out what is happening with my custom reference attributes.

    I created two custom resource types, coming from a single view, separated by a object type column.

    On the customs resource types on Portal:

    • Extend Schema on FIM Portal / MV
    • Set permissions through MPR
    • Set ADM and Non-ADM Filters
    • Create Synchronization Acct MPR and give permission on the new resource types
    • Configure Search Scope by both
    • Configure the Inbound Rule (join by a GUID) and attrib flow on the FIM MA

    So, let's Custom1 and Custom2.

    On Custom1 I have two reference attributes, one to refer to user EmployeeID and other to reference to Custom2 ID.

    When I execute the Sync, the FIM doesn't flow the reference attributes to MV neither FIM Portal, if I open the object and try to fill the attribute with EmployeeID / Custom2 ID, FIM not find the objects.

    Any idea?

    Diego Shimohama

older | 1 | .... | 105 | 106 | (Page 107) | 108 | 109 | .... | 204 | newer