Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 106 | 107 | (Page 108) | 109 | 110 | .... | 204 | newer

    0 0
  • 03/03/15--09:38: FIM SSPR and AD password
  • Is active directory password stored in the FIM database?
    For out of the box SSPR implementation, wanted to get an idea of how the password reset flow takes place.


    0 0


    I have been working on using the Granfeldt Powershell MA for keeping our ActiveDirectory and eDirectory instances synchronized. I have it just exporting attribute changes from AD user/group object attributes to their corresponding eDir user/group object attributes, and have gotten that working. 

    I was wondering if there is the capability with this Management Agent to actually provision user/group objects from Active Directory to eDirectory. I love the flexibility of this MA, and would like to try and use it to provision accounts, but I'm not sure if it has hooks into that aspect of FIM.

    Should I just use the Granfeldt Codeless Provisioning for this instead?

    0 0

    Hi all,

    i created an AD inbound synchronization rule and after i run the sync i can't access the portal even with the fimadmin account, i guess it's missing the objectSID and domain attributes, can i add these attributes with power-shell script and if yes what is the commands.



    0 0
  • 03/03/15--23:21: Metaverse to External System
  • Hi all,

    Just have some questions and need your supports

    - Is that possible to export metaverse objects to External system by using only FIM Sync (without outbound rule created on FIM portal). Seem that we need to create provisioning rules on extensions...?

    - I see "the attribute flow" on MA but have no ideas what is different between them and the rule on outbound/inbound sync rule that be able to be created on FIM portal.

    Thanks !

    0 0

    Hi all,

    I have a FIM workflow that requests an approval from a dynamically determined person, who typically will type a reason for the approval or rejection.  As part of the workflow, I want to read this post-approval, and write the reason into an object.

    I've looked at the ApprovalActivity.RejectedReason (there doesn't seem to be an "ApprovedReason") and it's null.  I expected it might be a property on ApprovalActivity.CurrentApprovalResponse, but I can't see it.

    Anyone ever done this, and I just can't see for looking?

    Many thanks,


    0 0


    I'm importing FIM data via a SQL agent and I have a column with this data:


    when the import runs, I see in the CS Object Properties that the new value is


    Whats appenning and how can I tell FIM not to do this?

    Many, many thanks,


    0 0

    I have a date attribute in FIMportal. In sync engine FIMMA, I have direct import flow (no export flow) from Datasource to MV Attribute. There is no option to select null. In MV designer, configure flow precendence rule, FIMMA is given equal precedence for this attribute as it is the only flow. There is no other connector for this attribute. How to flow the data to MV if the attribute value changes to null in fimportal. Please help!

    0 0


    Does FIM 2010 R2 provide any feature for performing user access revalidation? If not, are there any 3rd party tools that can be used along with FIM. Is this something being introduced in MIM.

    Thanks in Advance.

    0 0

    I'm trying to change an object's attribute using Powershell using the following commands:

        $ImportObject = FIM-ModifyImportObject -ObjectType "Person" -TargetIdentifier $fimwf.TargetId
        $ImportChange = FIM-CreateImportChange -AttributeName "FirstName" -AttributeValue "Test" -Operation 1
        $ImportObject = FIM-AddImportChangeToImportObject -ImportObject $ImportObject -ImportChange $ImportChange
        $ImportObject | Import-Fimconfig

    When I do that I get an error stating:

    Import-Fimconfig : Failure when making web service call.
    Error = System.InvalidOperationException: Operation is not valid due to the current state of the object.

    EDIT: The script works once the object is in the new set but not during transition in.
    Also boththe account I use in the portal and the FIM Service account are in the admins group.

    I can update this attribute using the FIM portal (on the same machine with the same credentials).


    0 0


    I am new to FIM. I had a requirement. If suppose, a user in FIM is a owner of the group A, and group A contains certain members. How can i delegate permissions to that group owner so that he can access the FIM portal and be able to view only the user accounts that are members of the Group A. He should be able to view the users who are not part of that group.

    Is this is possible, if so please provide me the steps to give specific access to the group owner in order to view only the members in FIM portal.

    Note:- The owner and group members had an AD account, ObjectSID, and domain.



    0 0


    How can I get the name of the workflow/set that triggered my custom activity?

    I'm planning to make my custom activity to have diferent behaviour depending on the ResourceType, action(modify, create) andworkflow/set name that "triggered" it

    Many thanks,


    0 0
  • 03/06/15--00:47: System Center
  • Can Oracle database integrate with Microsoft SCCM 2012?

    0 0

    Hi All,

    We have FIM installed and want to export the key, I have used the account running the service "Forefront Identity Manager Synchronization Service", it does not have the right to export the key, Is there is a way to find by which service account it got installed.

    Thanks and Regards,
    Raja Village Syc

    0 0

    We are identity Providers with Multi tenant Services. How can an Muti-Tenant IDP provider provide Office-365 Services to multiple Partners.  Is there away O365 SAML audience can be configured from 'urn:federation:MicrosoftOnline' to something different value that is specific to Partner. Like 'urn:federation:MicrosoftOnline:service1', 'urn:federation:MicrosoftOnline:service2' etc.

    So that the IDP aggregator can authenticate the user with respect to their instance of O365 and federate?

    If the SAML Request Issuer is same value 'urn:federation:MicrosoftOnline' then IDP can not distinguish from One partner to the other.



    0 0

    Is it possible to create such a set?

    This does not work, but describes the wanted result.
    /Person[DateAttribute1 > op:subtract-dayTimeDuration-from-dateTime(fn:DateAttribute2(), xs:dayTimeDuration('P5D'))]

    /Frederik Leed

    0 0


         In FIM Portal, I have a security group "Group1". The group contains 5 user accounts(User1,2,..User5). The user account "User6" is the owner of that group "Group1". Whenever the owner of group  i.e."User6" logs into FIM Portal, on "users" page he/she should be able to search only the memebers of that group "Group". When the user "User6" clicks on Users link in FIM portal, and searches for the users, then he should be able to view only the users "User1,2...User5" but not all the users.

    How can i achieve this scenario. Please suggest.



    0 0

    We have multiple Exchange forests connected through FIM Galsync; and we are in the process of consolidating users from all these connected Exchange forests into one. Once migrated I need to exclude the migrated user from the source domain and target domain irrespective of which OU they are located. Please advise if I can set the exclusion using any custom attribute. 

    Jimmy George

    0 0

    Hello everyone,

    i have a problem with a ConsoleApplication which I am actually writing for FIM CM. The problem appears with or without .Net remoting I tested both. 

    The problem appears at this little piece of code:

    public static ReadOnlyCollection<ProfileTemplate> FindAllProfileTemplates(FindOperationsByCulture findOperationsByCulture)

           FindOperations.UseRemoting = true;
           return findOperationsByCulture.FindAllProfileTemplates(CultureInfo.InvariantCulture, CultureInfo.InvariantCulture);

    And in my main method I am calling the function like this:

    ReadOnlyCollection<ProfileTemplate> templates = FindAllProfileTemplates(findOperationsByCulture);

    Which leads to the Exception mentioned in the title:

    Unhandled Exception: System.InvalidCastException: Return argument has an invalid
       at System.Runtime.Remoting.Proxies.RealProxy.ValidateReturnArg(Object arg, Ty
    pe paramType)
       at System.Runtime.Remoting.Proxies.RealProxy.PropagateOutParameters(IMessage
    msg, Object[] outArgs, Object returnValue)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDa
    ta, Int32 type)
       at Microsoft.Clm.Provision.FindOperationsByCulture.FindAllProfileTemplates(Cu
    ltureInfo uiCulture, CultureInfo culture)

    Can anybody explain me what am I doing wrong? I took the PowerShell example from Craig Martin ( and in PowerShell everything works like a charm. I do the same (but ajdusted it for C#) and i get this exception.

    I post the whole Code of the program here, so maybe the Problem is in another place of the code.

    Every help is highly appreciated :-)

    Thank you very much!


    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using Microsoft.Clm;
    using Microsoft.Clm.Common;
    using Microsoft.Clm.Common.Requests;
    using Microsoft.Clm.Common.TypedData;
    using Microsoft.Clm.Provision;
    using ProvisionApiRequests = Microsoft.Clm.Shared.Requests;
    using Microsoft.Clm.Shared.ProfileTemplates;
    using Microsoft.Clm.Shared.Profiles;
    using Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp;
    using System.Runtime.Remoting;
    using System.Collections.ObjectModel;
    using System.IO;
    using System.Runtime.Remoting.Channels;
    using System.Collections;
    using System.Runtime.Remoting.Channels.Http;
    using System.Net;
    using System.Globalization;

    namespace ConsoleApplication1
        class Program : MarshalByRefObject
            public static ReadOnlyCollection<ProfileTemplate> FindAllProfileTemplates(FindOperationsByCulture findOperationsByCulture)

                FindOperations.UseRemoting = true;
                return findOperationsByCulture.FindAllProfileTemplates(CultureInfo.InvariantCulture, CultureInfo.InvariantCulture);

            static void Main(string[] args)
                string path = Directory.GetCurrentDirectory();
                RemotingConfiguration.Configure(path+@"\app.config", true);
                BinaryClientFormatterSinkProvider binaryClientFormatterSinkProvider = new BinaryClientFormatterSinkProvider();
                HttpClientChannel httpClientChannel = new HttpClientChannel("ClmHttpChannel", binaryClientFormatterSinkProvider);
                ChannelServices.RegisterChannel(httpClientChannel, true);
                FindOperationsByCulture findOperationsByCulture = new FindOperationsByCulture();
                var channelProperties = ChannelServices.GetChannelSinkProperties(findOperationsByCulture);
                Uri clmUri = new Uri(RemotingServices.Marshal(findOperationsByCulture).URI);
                NetworkCredential networkCredentials = new NetworkCredential("administrator", "Password1", "stind");
                CredentialCache credentialCache = new CredentialCache();
                credentialCache.Add(clmUri, "ntlm", networkCredentials);
                channelProperties["credentials"] = credentialCache;

                ReadOnlyCollection<ProfileTemplate> templates = FindAllProfileTemplates(findOperationsByCulture);    

    0 0

    Hello All,

    I have a slow load issue of user details in the FIM portal.

    When the portal loads it is decent in the quickness, but when you click on a user to get the details there is sometimes a 15-30 second load lag for the first couple of users.

    Any idea what could be causing this or how to speed this up? It says "loading" with a spinning circle.



    Russell Lema

    0 0

    Somehow the New and the Delete button in the "Users" page have disappeared, even for users in the "administrators" and "user administrators" set, but we did not realize this until we restarted the machine recently. A lot of things have changed in the mean time. Any suggestions on what I should be checking? Note that we did not knowingly implement any policies to hide these buttons. Any insight/suggestions to make these buttons to appear will be highly appreciated.


older | 1 | .... | 106 | 107 | (Page 108) | 109 | 110 | .... | 204 | newer