Is active directory password stored in the FIM database?
For out of the box SSPR implementation, wanted to get an idea of how the password reset flow takes place.
Thanks!
FIM SSPR and AD password
↧
↧
Granfeldt Powershell MA for Provisioning Accounts
Hello,
I have been working on using the Granfeldt Powershell MA for keeping our ActiveDirectory and eDirectory instances synchronized. I have it just exporting attribute changes from AD user/group object attributes to their corresponding eDir user/group object attributes, and have gotten that working.
I was wondering if there is the capability with this Management Agent to actually provision user/group objects from Active Directory to eDirectory. I love the flexibility of this MA, and would like to try and use it to provision accounts, but I'm not sure if it has hooks into that aspect of FIM.
Should I just use the Granfeldt Codeless Provisioning for this instead?
↧
add attributes to an AD Inbound syncronization Rule with Powershell
Hi all,
i created an AD inbound synchronization rule and after i run the sync i can't access the portal even with the fimadmin account, i guess it's missing the objectSID and domain attributes, can i add these attributes with power-shell script and if yes what is the commands.
Thanks
Teka
↧
Metaverse to External System
Hi all,
Just have some questions and need your supports
- Is that possible to export metaverse objects to External system by using only FIM Sync (without outbound rule created on FIM portal). Seem that we need to create provisioning rules on extensions...?
- I see "the attribute flow" on MA but have no ideas what is different between them and the rule on outbound/inbound sync rule that be able to be created on FIM portal.
Thanks !
↧
Obtaining workflow approval response
Hi all,
I have a FIM workflow that requests an approval from a dynamically determined person, who typically will type a reason for the approval or rejection. As part of the workflow, I want to read this post-approval, and write the reason into an object.
I've looked at the ApprovalActivity.RejectedReason (there doesn't seem to be an "ApprovedReason") and it's null. I expected it might be a property on ApprovalActivity.CurrentApprovalResponse, but I can't see it.
Anyone ever done this, and I just can't see for looking?
Many thanks,
Paul.
↧
↧
Comma separated values into MV
Hi,
I'm importing FIM data via a SQL agent and I have a column with this data:
00E704CB-40AE-0616-5B5A-6E0965BD5616,018F1801-34AE-FEE9-F98D-86E484F1812D
when the import runs, I see in the CS Object Properties that the new value is
00E704CB-40AE-0616-5B5A-6E0965BD5616\,018F1801-34AE-FEE9-F98D-86E484F1812D
Whats appenning and how can I tell FIM not to do this?
Many, many thanks,
DD
↧
Null value not flowing from fimportal to MV
I have a date attribute in FIMportal. In sync engine FIMMA, I have direct import flow (no export flow) from Datasource to MV Attribute. There is no option to select null. In MV designer, configure flow precendence rule, FIMMA is given equal precedence
for this attribute as it is the only flow. There is no other connector for this attribute. How to flow the data to MV if the attribute value changes to null in fimportal. Please help!
↧
FIM 2010 R2 - User Access Validation
Hi,
Does FIM 2010 R2 provide any feature for performing user access revalidation? If not, are there any 3rd party tools that can be used along with FIM. Is this something being introduced in MIM.
Thanks in Advance.
↧
Import-Fimconfig : Failure when making web service call.
I'm trying to change an object's attribute using Powershell using the following commands:
$ImportObject = FIM-ModifyImportObject -ObjectType "Person" -TargetIdentifier $fimwf.TargetId
$ImportChange = FIM-CreateImportChange -AttributeName "FirstName" -AttributeValue "Test" -Operation 1
$ImportObject = FIM-AddImportChangeToImportObject -ImportObject $ImportObject -ImportChange $ImportChange
$ImportObject | Import-Fimconfig
When I do that I get an error stating:
Import-Fimconfig : Failure when making web service call.
Error = System.InvalidOperationException: Operation is not valid due to the current state of the object.
EDIT: The script works once the object is in the new set but not during transition in.
Also boththe account I use in the portal and the FIM Service account are in the admins group.
I can update this attribute using the FIM portal (on the same machine with the same credentials).
Thanks,
JD
↧
↧
Provide FIM Portal access to a User(Group Owner) to search only the users who is a member of that group in FIM portal.
HI,
I am new to FIM. I had a requirement. If suppose, a user in FIM is a owner of the group A, and group A contains certain members. How can i delegate permissions to that group owner so that he can access the FIM portal and be able to view only the user accounts that are members of the Group A. He should be able to view the users who are not part of that group.
Is this is possible, if so please provide me the steps to give specific access to the group owner in order to view only the members in FIM portal.
Note:- The owner and group members had an AD account, ObjectSID, and domain.
Thanks
Prasanthi.
↧
FIM Workflow custom activity - Get the workflow/set name
Hi,
How can I get the name of the workflow/set that triggered my custom activity?
I'm planning to make my custom activity to have diferent behaviour depending on the ResourceType, action(modify, create) andworkflow/set name that "triggered" it
Many thanks,
DD
↧
System Center
Can Oracle database integrate with Microsoft SCCM 2012?
↧
Service Account used to installed Synchronization
Hi All,
We have FIM installed and want to export the key, I have used the account running the service "Forefront Identity Manager Synchronization Service", it does not have the right to export the key, Is there is a way to find by which service account it got installed.
Thanks and Regards,
Raja Village Syc
↧
↧
Office 365 Cloud Identity Management: How O365 Support IDP aggregators Cloud Service Providers
We are identity Providers with Multi tenant Services. How can an Muti-Tenant IDP provider provide Office-365 Services to multiple Partners. Is there away O365 SAML audience can be configured from 'urn:federation:MicrosoftOnline' to something different value that is specific to Partner. Like 'urn:federation:MicrosoftOnline:service1', 'urn:federation:MicrosoftOnline:service2' etc.
So that the IDP aggregator can authenticate the user with respect to their instance of O365 and federate?
If the SAML Request Issuer is same value 'urn:federation:MicrosoftOnline' then IDP can not distinguish from One partner to the other.
Thanks
Raju
↧
Create a set of users where DateAttribute1 is after 5 days prior to DateAttribute2
Is it possible to create such a set?
This does not work, but describes the wanted result.
/Person[DateAttribute1 > op:subtract-dayTimeDuration-from-dateTime(fn:DateAttribute2(), xs:dayTimeDuration('P5D'))]
/Frederik Leed
↧
Restrict permissions to a user to search only few users who is part of a group.
Hi,
In FIM Portal, I have a security group "Group1". The group contains 5 user accounts(User1,2,..User5). The user account "User6" is the owner of that group "Group1". Whenever the owner of group i.e."User6" logs into FIM Portal, on "users" page he/she should be able to search only the memebers of that group "Group". When the user "User6" clicks on Users link in FIM portal, and searches for the users, then he should be able to view only the users "User1,2...User5" but not all the users.
How can i achieve this scenario. Please suggest.
Thanks,
Prasanthi
↧
Galsync User Account Exclusion Filter
We have multiple Exchange forests connected through FIM Galsync; and we are in the process of consolidating users from all these connected Exchange forests into one. Once migrated I need to exclude the migrated user from the source domain and target domain
irrespective of which OU they are located. Please advise if I can set the exclusion using any custom attribute.
Jimmy George
↧
↧
FIM CM C# returns System.InvalidCastException
Hello everyone,
i have a problem with a ConsoleApplication which I am actually writing for FIM CM. The problem appears with or without .Net remoting I tested both.
The problem appears at this little piece of code:
public static ReadOnlyCollection<ProfileTemplate> FindAllProfileTemplates(FindOperationsByCulture findOperationsByCulture)
{
FindOperations.UseRemoting = true;
return findOperationsByCulture.FindAllProfileTemplates(CultureInfo.InvariantCulture, CultureInfo.InvariantCulture);
}
And in my main method I am calling the function like this:
ReadOnlyCollection<ProfileTemplate> templates = FindAllProfileTemplates(findOperationsByCulture);
Which leads to the Exception mentioned in the title:
Unhandled Exception: System.InvalidCastException: Return argument has an invalid
type.
at System.Runtime.Remoting.Proxies.RealProxy.ValidateReturnArg(Object arg, Ty
pe paramType)
at System.Runtime.Remoting.Proxies.RealProxy.PropagateOutParameters(IMessage
msg, Object[] outArgs, Object returnValue)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDa
ta, Int32 type)
at Microsoft.Clm.Provision.FindOperationsByCulture.FindAllProfileTemplates(Cu
ltureInfo uiCulture, CultureInfo culture)
Can anybody explain me what am I doing wrong? I took the PowerShell example from Craig Martin (http://www.integrationtrench.com/2010/11/use-fim-cm-provision-api-from.html) and in PowerShell everything works like a charm. I do the same (but ajdusted it for C#) and i get this exception.
I post the whole Code of the program here, so maybe the Problem is in another place of the code.
Every help is highly appreciated :-)
Thank you very much!
Tom
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Clm;
using Microsoft.Clm.Common;
using Microsoft.Clm.Common.Requests;
using Microsoft.Clm.Common.TypedData;
using Microsoft.Clm.Provision;
using ProvisionApiRequests = Microsoft.Clm.Shared.Requests;
using Microsoft.Clm.Shared.ProfileTemplates;
using Microsoft.Clm.Shared.Profiles;
using Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp;
using System.Runtime.Remoting;
using System.Collections.ObjectModel;
using System.IO;
using System.Runtime.Remoting.Channels;
using System.Collections;
using System.Runtime.Remoting.Channels.Http;
using System.Net;
using System.Globalization;
namespace ConsoleApplication1
{
class Program : MarshalByRefObject
{
public static ReadOnlyCollection<ProfileTemplate> FindAllProfileTemplates(FindOperationsByCulture findOperationsByCulture)
{
FindOperations.UseRemoting = true;
return findOperationsByCulture.FindAllProfileTemplates(CultureInfo.InvariantCulture, CultureInfo.InvariantCulture);
}
static void Main(string[] args)
{
string path = Directory.GetCurrentDirectory();
RemotingConfiguration.Configure(path+@"\app.config", true);
BinaryClientFormatterSinkProvider binaryClientFormatterSinkProvider = new BinaryClientFormatterSinkProvider();
HttpClientChannel httpClientChannel = new HttpClientChannel("ClmHttpChannel", binaryClientFormatterSinkProvider);
ChannelServices.RegisterChannel(httpClientChannel, true);
FindOperationsByCulture findOperationsByCulture = new FindOperationsByCulture();
var channelProperties = ChannelServices.GetChannelSinkProperties(findOperationsByCulture);
Uri clmUri = new Uri(RemotingServices.Marshal(findOperationsByCulture).URI);
NetworkCredential networkCredentials = new NetworkCredential("administrator", "Password1", "stind");
CredentialCache credentialCache = new CredentialCache();
credentialCache.Add(clmUri, "ntlm", networkCredentials);
channelProperties["credentials"] = credentialCache;
ReadOnlyCollection<ProfileTemplate> templates = FindAllProfileTemplates(findOperationsByCulture);
}
}
}
↧
Slow load of user details FIM Portal
Hello All,
I have a slow load issue of user details in the FIM portal.
When the portal loads it is decent in the quickness, but when you click on a user to get the details there is sometimes a 15-30 second load lag for the first couple of users.
Any idea what could be causing this or how to speed this up? It says "loading" with a spinning circle.
Thanks
Russ
Russell Lema
↧
New and Delete missing on the Users page
Somehow the New and the Delete button in the "Users" page have disappeared, even for users in the "administrators" and "user administrators" set, but we did not realize this until we restarted the machine recently. A lot of things have changed in the mean time. Any suggestions on what I should be checking? Note that we did not knowingly implement any policies to hide these buttons. Any insight/suggestions to make these buttons to appear will be highly appreciated.
Regards,
John
↧
More Pages to Explore .....
