Hello,
Our organization is using FIM 2010, Version: 4.0.3531.2. We are planning to upgrade the Active Directory to 2012. I was wondering if there are compatibility issues and what needs to be done on the FIM side?
Thank you in advance for any help.
Forefront Identity Manager 2010 and Active Directory 2012 Compatibility
↧
↧
FIM Client add-in, Outlook 2013 and hiding Groups ribbon
Hi,
I am trying to hide the Groups ribbon/button on Outlook client, using the registry values from here https://msdn.microsoft.com/en-us/library/ff800821%28v=ws.10%29.aspx . I am using 32-bit Outlook 2013. The registry value ShowGroupManagementUi set to 0 does not hide the "GROUPS" button from Outlook.
Can anyone confirm if they have been able to hide the Groups ribbon on Outlook 2013 or if there is something else to check?
-Mikko
↧
FIM DB restore
Experts,
Some wrong data got synched in FIM due to wrong input. We are thinking of restoing DB rather than correcting individual accounts.
Just restoring the previous night backup will do the trick. Is there anything that I should take care?
DB Names,
FIMSynchronizationService
FIMService
Thanks,
Mann
↧
PeopleSoft Web Services Connector Error – Failed to create a ‘RequestMessageMemberType’ . . .
Hello all,
I am new to FIM and am currently in the process of setting-up a PeopleSoft Web Services MA. I am receiving the following error in the FIM Sync Manager in the Create Management Agent dialog in the Global Parameters section:
“Test Connection failed with the following error: Failed to create a ‘RequestMessageMemberType’ from the text d:Find__CompIntfc__CI_PERSONAL_DATATypeShape’. Below is the information about configured endpoint address(es): http://<FQDN>:10320/PSIGW/PeopleSoftServiceListeningConnector/HR92DEV”.
I had no issues with the discovery process in the Web Services Configuration tool. The following parameters were supplied for the config file:
WSDL: http://<FQDN>:10320/PSIGW/PeopleSoftServiceListeningConnector/HR92DEV/PSCONNECTORWEBSERVICE.1.wsdl
Namespace: targetNamespace
Basic authentication <user>, <password>; Interoperable:PasswordText
Has anyone else received this error message or can anyone give me some advice on how to troubleshoot? Any help would be greatly appreciated.
Thanks.
↧
FIM CALs on multiple instance of FIM Portal, for the same users
Hi,
We have FIM Sync, FIM Service/Portal & SSPR deployed (Server #1). We have licensed the server components of FIM, as well as the user CALs (2000 users).
Due to business requirements, if we now deploy another FIM Sync and FIM Service/Portal (Server #2) - I understand we will require server licenses.
However, since we already have the 2000 FIM CALs (being used on Server #1), my understanding is that we do not need to purchase another 2000 CALs, as we will be managing the same 2000 users on the new FIM Service/Portal server.
Is this understanding correct?
Thanks,
SK
↧
↧
Azure Active Directory Connector - completed-no-objects
I am trying to pull data out of Azure AD using the FIM Azure Connector.
I have:
- Installed the Beta Microsoft Online Sign-In Assistant (7.250.4551.0)
- I am using FIM Sync version 4.1.3508.0
- Installed the Azure AD connector (1.0.6635.69)
- Granted permissions to the MSOLCoExistence registry key
- Activated Directory Sync under Directory Integration in the Azure portal
- Created an Azure management agent in the Sync engine (specified the credentials, object types, attributes, etc.)
- Created a Full Import run profile
- Ran the Full Import
When I did all of this I got a successful run of the management agent with a status of completed-no-objects. (And of course I don't get any imported records.)
If I look in the event logs, I see an info message from the "Directory Synchronization" that looks like:
Import::Iteration: 1, Current batch size: 0, Imported total: 0, More: False,TrackingId: d2f02eac-0186-471b-ab49-cbcf85ace0ef, SyncCookie: ...
So it appears that it is talking to Azure.
Any suggestions as to what I am missing? My Azure AD has three records in it (the subscription account, the global admin user that I set up for the connector, and a basic test user), and none of these records came down on the Full Import run.
Edit: Of course after posting this question I found this thread, which asks a similar question. No idea why it came up as a related thread, and not in my initial search. Anyway my need is to pull down Azure accounts that have no on-premises representation. Is this possible?
Thanks
Rex
↧
moving distribution list memberships from contact to user object with sync engine
We only have the FIM sync engine and when replacing an AD contact object with a user object I am being asked to move the distribution lists that the contact is a member of over to the new user object. I've done the contact to user replacement provisioning many times before but never had to migrate the group memberships over.
Does anyone have any advice for the best approach to do this?
↧
Update / create user accounts in LDAP
I have an MA which get user accounts from LDAP into FIM. For this I use the "Generic LDAP (Microsoft)"-driver and importing works fine. I now want to write / export to LDAP as well. The account I use has r/w access to LDAP.
What I have done is set create a set "NewLDAP".
Created an OSR with following scope
MV: person
External: inetOrgPerson
Relationship
MW: UIDNumber
External: uidNumber
Create reosurce in external system: true
And flowing various attributes from MV to LDAP including an initial flow from GidNumber -> gidNumber
Created a workflow which adds the target resource to the above sync rule.
Lastly, an MPR using transition into set and the above action workflow.
Enable Sync Rule provisioning is enabled.
However once a new user moves into the set, nothing happens. I do a manual Delta Imp & Sync on the FIM MA and I can see some of the other MPRs/WF being activated but no "Outbound Synchronisation" happens for the LDAP OSR.
Did notice an "sync-rule-flow-provisioning-failed" error when doing the import/sync.
What am I missing?
Thanks
↧
FIM2010: Protect passwords in configuration files
↧
↧
RCDC Join Group with Justification
Hi,
I would like to update the Group Edit RCDC to include two new fields (a Dropdown and Text Area). The dropdown would allow the end-user to select the business category (static list of values) and a text area where the user can enter his/her justification.
In summary, I want to know if I captured everything properly from development efforts:
1. Create two new variables (dropdown and text area) and associate them to Group entity in FIM
2. Update the Group Edit RCDC for the user to enter the data
I then want this information to be visible to the group's owner for the owner to approve and reject accordingly.
I have done a number of development in FIM a long time ago and would like a refresher here.
Thanks.
↧
Adding a new Tab to an existing RCDC
I'm trying (and failing) to add a new tab to an existing RCDC.
I've read several posts on this and I cannot figure out what I'm missing.
I insert the following code in between 2 other groupings and every time I get the message "There is an error in the Group display configuration".
<my:Grouping my:Name="NewTab" my:Caption="NewTab"><my:Control my:Name="NewTabText" my:TypeName="UocLabel" my:Caption="NewTabText"><my:Properties><my:Property my:Name="Text" my:Value="!!!" /></my:Properties></my:Control></my:Grouping>
I've tried this code and mild variations of this code on several RCDCs and I always get a negative result.
Any help, thoughts appreciated. If I do another iisreset today I might explode.
Thanks
↧
Populating AD from csv file via FIM
I'm a FIM 2010 newbie so apologies.
Thus far I'm ok for creating AD users / groups from a csv file via FIM portal. I can create users in AD and have them synch to FIM. To replace something we do already I'm looking for some way to construct a csv file with users with attributes for example number of group memberships and have this via MA upload into FIM and then out to AD.
Is there a way to do this even as a 2/3 step process to get the user into FIM then to AD and perhaps via other step, pull in a file and populate FIM and then out to AD to add group memberships. I've looked at URL for creating Groups but not via an external file that will add user to the groups ...
thanks in advance.
↧
FIM Sync service is using 100 % CPU while running Run Profile
Hi All,
with one of my test lab environment I am running Active Directory MA Full Sync and It starts very smoothly and processes few records. After sometime, It stops to process any record and got hanged with 100 % CPU utilization.
I cannot find any error is event log. No ERROR AT ALL. SQl server resources are normal and being used less thn 10 %.
Please help.
If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu
↧
↧
Office 365 - change local domain when already using DirSync
Hi,
We are using O365 with DirSync. Nothing odd or strange. However it has been decided to rename (or rebuild) the domain name. Company is changing its branding. Long boring storey. Anyway, so I would imagine I will have to stop synchronising the domain, rebuild/rename the domain and then set backup DirSync. So my question is, will Office 365 be able to cope with that? Anything I should know?! The company email domain is not changing, just the local domain.
Any suggests would be welcome!
↧
Disconnect object using a script (not from FIM Management console)
Hi,
Is there any way to disconnect a connector from its connected Metaverse object using a PowerShell command or wathever?
For the moment we use the Management Console to achieve this operation by clicking on "disconnect" to force the connector to become "disconnector".
Thanks for your help.
↧
What is the standard or best method of returning the manager attribute value as a DN (directory string type) to a MV attribute?
We have an SQL table which supplies authoritative HR data to FIM including the employee's manager HR id. Using the FIM and reference attributes we can stuff the manager on AD correctly.
BUT, this table is used by other systems and one column (varchar 128) is named AdManager and is supposed to hold the DN of the Manager e.g. cn=A Manager,ou=User Accounts...
The only way I can think of to get around this is to push the DN of each connected AD account into a indexed string MV attribute called adDN flowing ad attribute dn -> mv attribute adDN. This is pushed onto the Portal into attribute adDN so the
idea is that every Portal user (including managers of employees) that has an AD account has his dn stored in adDN as a STRING.
When I want the managers dn... will this work on the Outbound sync rule attribute flow definition????
source [//Target/Manager/AdDN]
target AdManager
It seems so artificial there just has to be a better way.
↧
Sync AD Groups to FIM 2010 R2 SP1
Hi all,
i want to sync my AD groups to the FIM portal and i want the members to be approved by a specific administrator, also i want to remove the members automatically after a specific period of time how can i do that.
Thanks
Teka
↧
↧
Failed to connect to the database FIMSynchronizationService on FIMTEST
Hi All,
The service FIMSynchronizationService is not starting at all, in event logs the below are the details.
The server encountered an unexpected error and stopped.
"ERR: MMS(3984): sql.cpp(5583): Query (CSession::Open()) performed with error
ERR: MMS(3984): sql.cpp(5604): Error retrieving error
BAIL: MMS(3984): sql.cpp(571): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(387): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(259): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): storeimp.cpp(275): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): server.cpp(297): Failed to connect to the database FIMSynchronizationService on FIMTEST
BAIL: MMS(3984): server.cpp(298): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): server.cpp(3696): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): service.cpp(1531): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): service.cpp(980): Error creating com objects. Error code: -2145188858. This is retry number 0.
ERR: MMS(3984): sql.cpp(5583): Query (CSession::Open()) performed with error
ERR: MMS(3984): sql.cpp(5604): Error retrieving error
BAIL: MMS(3984): sql.cpp(571): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(387): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(259): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): storeimp.cpp(275): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): server.cpp(297): Failed to connect to the database FIMSynchronizationService on FIMTEST
BAIL: MMS(3984): server.cpp(298): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): server.cpp(3696): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): service.cpp(1531): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): service.cpp(980): Error creating com objects. Error code: -2145188858. This is retry number 1.
ERR: MMS(3984): sql.cpp(5583): Query (CSession::Open()) performed with error
ERR: MMS(3984): sql.cpp(5604): Error retrieving error
BAIL: MMS(3984): sql.cpp(571): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(387): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(259): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): storeimp.cpp(275): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): server.cpp(297): Failed to connect to the database FIMSynchronizationService on FIMTEST
BAIL: MMS(3984): server.cpp(298): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): server.cpp(3696): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): service.cpp(1531): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): service.cpp(980): Error creating com objects. Error code: -2145188858. This is retry number 2.
ERR: MMS(3984): sql.cpp(5583): Query (CSession::Open()) performed with error
ERR: MMS(3984): sql.cpp(5604): Error retrieving error
BAIL: MMS(3984): sql.cpp(571): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(387): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): sql.cpp(259): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): storeimp.cpp(275): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): server.cpp(297): Failed to connect to the database FIMSynchronizationService on FIMTEST
BAIL: MMS(3984): server.cpp(298): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): server.cpp(3696): 0x80230406 (An error has occurred at the store)
BAIL: MMS(3984): service.cpp(1531): 0x80230406 (An error has occurred at the store)
ERR: MMS(3984): service.cpp(980): Error creating com objects. Error code: -2145188858. This is retry number 3.
BAIL: MMS(3984): service.cpp(994): 0x80230406 (An error has occurred at the store)
Forefront Identity Manager 4.0.2592.0"
I am thinking of unstall FIMcync Engine. Any Pointer or hint greatly appreciated.
Regards,
Anirban
↧
FIM 2010 R2 Sp1, Windows 2008 R2 SP1 and Recycle Bin issues
Hi,
We are running FIM 2010 R2 Sp1 (build 4.1.3613.0)
Also running Windows 2008 R2 Forest and Domain functional level environment. (Windows Server 2008 R2 SP1 on all DCs). The previous Recycle Bin hotfix https://support.microsoft.com/en-us/kb/979214/ fails to install since we are already running WS08 R2 SP1
on all the DCs.
During deprovisioning, when a user is deleted from the source HR system, FIM deletes the object from AD, FIM Sync & Portal.
FIM also manages a FIM Portal group, where membership is assigned manually. This membership is then updated in AD.
When a user (who is part of this group) is deleted in HR, FIM deletes it from AD, FIM Sync, FIM Portal, FIM also removes user from FIM Portal group. The user is also removed from the AD group (by FIM group object membership attribute flow to AD)
...however, on the next AD Export, FIM fails to update the same group and complains about this very same user (CD Error) and lists the user as: CN=username\0ADEL:GUID, CN=Deleted Objects,DC=domain,DC=com
It appears that there is a problem with FIM and the Recycle Bin again?
Are there any new Recycle Bin/FIM hotfixes ?
Thanks,
SK
↧
Sync rule validation parsing error (ADLDS Sync Rule, Outbound System Scoping Filter)
Hi,
I am trying to export users to ADLDS, using an Outbound System Scoping Filter Sync Rule.
Data successfully imports from AD & exports to FIM Portal. Now I would like to export this data to an ADLDS instance.
ADLDS MA, ADSIEDIT and LDP connects just fine to the ADLDS instance.
However, when I 'Full Sync' on the FIM MA, I get the "Sync rule validation parsing error". The Outbound scoping is as follows: Domain = ADATUM (which all users have populated in MV and Portal).
ADLDS and the Sync Rule config is as follows:
Thank you,
SK
↧
More Pages to Explore .....
