Hi there,

I've created an object type with a multivalued string which has a regex constraint set to ensure data entered is small letters only. I created a new RCDC for create/edit/view of this object which is working as expected. When I create an object which complies with restraints, all works perfectly. When I create an object with capital letters in the MV string, the first time I click "OK" seemingly nothing happens, the second time I click "OK" the page displays an "Unable to process your request" error.

Is this behaviour to be expected? Is there a way for me to show a more useful error message like the "The required field cannot be empty" messages seen on other attributes?

Thanks

Hi,

Created an Outbound System Scoping Filter Sync Rule, and during initial setup I set the "Relationship Criteria attribute" to be 'employeeID'. However, this value cannot be modified once the rule is created, as the drop down box is grayed out (1st pic below).

When I subsequently try Full Import/Full Sync on the FIM Portal MA, I get this error message:

"Relationship criteria of a root synchronization rule should not be null." (2nd pic below)

Sounds like FIM (build 4.1.3479.0) is confused?

Thanks,

SK

I am running an action workflow against user which should only set an date field value. For some reason, I get this kind of error message:

EXCEPTION DATA\r\n\r\nMESSAGE: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)\r\n\r\n**METHOD:Void ProcessRequestResponse(System.Object, System.Workflow.ComponentModel.QueueEventArgs)\r\n\r\n**METHOD:Boolean Run(System.Workflow.ComponentModel.IWorkflowCoreRuntime)\r\n\r\n**METHOD:Void Run()\r\n\r\n

What could be the reason?

i have the below powershell script but which will create only one user at time in the FIM. Can somebody help me with powershell scripit which will help us to create a bulk users .

#----------------------------------------------------------------------------------------------------------
 set-variable -name URI -value "http://localhost:5725/resourcemanagementservice'" -option constant
#----------------------------------------------------------------------------------------------------------
 function SetAttribute
 {
    PARAM($object, $attributeName, $attributeValue)
    END
    {
        $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
        $importChange.Operation = 1
        $importChange.AttributeName = $attributeName
        $importChange.AttributeValue = $attributeValue
        $importChange.FullyResolved = 1
        $importChange.Locale = "Invariant"
        if ($object.Changes -eq $null) {$object.Changes = (,$importChange)}
        else {$object.Changes += $importChange}
    }
}
#----------------------------------------------------------------------------------------------------------
 function CreateObject
 {
    PARAM($objectType)
    END
    {
       $newObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
       $newObject.ObjectType = $objectType
       $newObject.SourceObjectIdentifier = [System.Guid]::NewGuid().ToString()
       $newObject
     }
 }
#----------------------------------------------------------------------------------------------------------
 if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
 clear-host

 if($args.count -ne 1) {throw "You need to specify your attribute values as parameter"}
 $attributes = ($args[0]).split("|")

 if(0 -ne [String]::Compare(($attributes[0]).split(":")[0],"displayname", $true))
 {throw "You need to specify a display name"}

 $objectName = ($attributes[0]).split(":")[1]
 $exportObject = export-fimconfig -uri $URI `
                                  –onlyBaseResources `
                                  -customconfig "/Person[DisplayName='$objectName']"
 if($exportObject) {throw "L:User $objectName already exists"}

 $newUser = CreateObject -objectType "Person"
 foreach($attribute in $attributes)
 {
    $attrData = $attribute.split(":")
    SetAttribute -object $newUser `
                 -attributeName  $($attrData[0]) `
                 -attributeValue $($attrData[1])
 }             

 $newUser | Import-FIMConfig -uri $URI
 write-host "`nUser created successfully`n"
#----------------------------------------------------------------------------------------------------------
 trap
 {
    $exMessage = $_.Exception.Message
    if($exMessage.StartsWith("L:"))
    {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
    else {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
    Exit
 }
#----------------------------------------------------------------------------------------------------------

I'm developing an ECMA2 MA to which supports delta imports.  I have found very few samples of working code to do delta imports, so my attempts are created using a lot of trial and error... Any samples of working Call based MA's with delta support would be much appreciated :-)

The data is located in a SQL server and the schema (for delta) is like this (simplified):

EmpID string
Status string
UPDATESTATUS string (<-- This is the update column with values New/Update/Delete)

For each EmpID, there may be multiple Status values, i.e. Status should be imported into a multi value attribute in FIM.

For the full import this is working as expected, but I run into issues when attempting to do the delta imports

The code for the delta import

privateGetImportEntriesResults GetImportEntries_Delta(GetImportEntriesRunStep importRunStep)

       {

           GetImportEntriesResults importReturnInfo;

           List<CSEntryChange> csentries =newList<CSEntryChange>();

           string employeeID = null;

           string appStatus = null;

           string currEmployeeID = "";

           CSEntryChange csentry = null;

           List<string> appStatusList =newList<string>();

           string changeMode = "";

           for (int i = currentReadRecord; i <= da.Tables["AppStatus"].Rows.Count - 1; i++)

           {

               if (currEmployeeID != da.Tables["AppStatus"].Rows[i].ItemArray.GetValue(0).ToString().Trim())

               {

                   if (currEmployeeID != "") // this should be true except for the first run

                   {

                       csentry.AttributeChanges.Add(AttributeChange.CreateAttributeUpdate("IdentityStores", appStatusList));

                       csentries.Add(csentry);

                       appStatusList = new List<string>();

                       if (csentries.Count >= m_importPageSize)

                       {

                           currentReadRecord = i;

                           importReturnInfo = new GetImportEntriesResults();

                           importReturnInfo.MoreToImport = (i <= da.Tables["AppStatus"].Rows.Count - 1);

                           importReturnInfo.CSEntries = csentries;

                           return importReturnInfo;

                       }

                   }

                   changeMode = da.Tables["AppStatus"].Rows[i].ItemArray.GetValue(2).ToString().Trim();

                   csentry = CSEntryChange.Create();

                   csentry.ObjectType = "ApplicationIdentity";

                   employeeID = da.Tables["AppStatus"].Rows[i].ItemArray.GetValue(0).ToString().Trim();

                   currEmployeeID = (string)employeeID;

                   switch (changeMode)

                   {

                       case"New":

                           csentry.ObjectModificationType = ObjectModificationType.Add;

                           csentry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("EmployeeID", employeeID));

                           break;

                       case"Update":

                           csentry.ObjectModificationType = ObjectModificationType.Update;

                           csentry.DN = employeeID;

                           break;

                       case"Delete":

                           csentry.ObjectModificationType = ObjectModificationType.Delete;

                           csentry.DN = employeeID;

                           break;

                       default:

                           thrownew UnexpectedDataException(string.Format("Unknown modification type: {0}", changeMode));

                   }

               }

               appStatus = da.Tables["AppStatus"].Rows[i].ItemArray.GetValue(1).ToString().Trim();

               appStatusList.Add(appStatus);

           }

           // save the last object

           if (csentry != null)

           {

               csentry.AttributeChanges.Add(AttributeChange.CreateAttributeUpdate("IdentityStores", appStatusList));

               csentries.Add(csentry);

           }

           importReturnInfo = new GetImportEntriesResults();

           importReturnInfo.MoreToImport = false;

           importReturnInfo.CSEntries = csentries;

           return importReturnInfo;

       }

The code compiles and executes, but the delta import fails with the "invalid-attribute-value" message per csentry.

From the eventlog I have the following message

The server encountered an unexpected error while performing an operation for a management agent.

"System.InvalidCastException: Unable to cast object of type 'System.Collections.Generic.List`1[System.String]' to type 'System.String'.

   at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.AddAttributeToDImage(CDImage* pdimage, String attributeName, AttributeModificationType attributeModificationType, IList`1 attributeValueChanges, Int32 escapeReferenceDNValues)

   at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.ConvertToDImage(CSEntryChange csEntryChange, CDImage** ppDImage, Int32 escapeReferenceDNValues)

   at Microsoft.MetadirectoryServices.Impl.ScriptHost.InvokeExtMA_ImportEntry(UInt32 cBatchSize, UInt16* pcszCustomData, UInt32 cFullObject, _OCTET* rgoctFullObject, UInt32* rgomodt, UInt32* pcpcszChangedAttributes, UInt16*** prgpcszChangedAttributes, Int32 fIsDNStyleNone, UInt16** ppszUpdatedCustomData, _OCTET* rgoctCSImage, Int32* rgextec, UInt16** rgpszErrorName, UInt16** rgpszErrorDetail, Int32* pfMoreToImport)"

To me it seems as if FIM is unable to process the List of strings that is returned when processing the delta. Remember that this works OK when doing the full import. 

Do you have any suggestions as to why this fails?

Kjetil

Hi,

I am trying to customize the FIM portal to enable the user to bulk add a list of users from a CSV file into a distribution group. What would be the best way to do this? I have a PowerShell script that can do this, but I want to modify the FIM UI to allow the user to easily use a CSV file containing a list of users when creating or modifying a DG.

Thanks,

Sam

Hi,

In FIM Sync, we have Inbound Sync Rule of ADDS MA and Outbound sync Rule of ADDS MA. In FIM Portal,suddenly we have seen some 100s of blank users created with no (display name,no first name,no last name, no account Name). I din't understand why those users had created. I had checked on one user and the "created by" field is showing as "Built in Synchronization account". By this i came to know that this creation of blank users is due FIM SYNc.

Could you please help out...

Thanks

Prasanthi

Is there away to verify a proper email being used when registering in FIM Registration Portal? How to catch mistypes or incorrect emails?

Thanks,

Brandon

using the Generic LDAP Agent, the latest eDirectory (8.8.SP8 (20806.01) and FIM Version (4.1.3627.0)) I encounter the following problem in very special situations (namely when the value in eDirectory only differs from the FIM value by different upper/lower case letters:
NDS error: duplicate value (-614)

DirectoryOperationException: (0) 0 Server Message: The attribute exists or the value has been assigned.

Hi All,
We have been facing an issue with the fimservice off late.
When a new account is created on FIM, we see that not all the values are populated on portal.
Looking at the logs, the Person object is getting populated and this is passed to the create method.

This issue does not occur every time and it used to work perfectly fine earlier. We have been noticing this problem off late and tht too only for a few set of users.

We recently had done a migration of 25k users. I am not sure if it is something related to the load on the DB.

Can you'll please help us out as we are running out of options!

Hi

I have a data repository with MySQL database. I need to provision/de-provision users into this repository.

Can I use MS SQL server MA for interaction with MySQL or DO I need to create extensible MA for MySQL?

thk

Elkin

The text in the article

http://social.technet.microsoft.com/wiki/contents/articles/2487.how-to-license-fim-2010-and-mim-2015.aspx

has a line that states:

"FIM Server 2010 R2 lices will not be available anymore on the price lists"

I'm guessing it's a typo for "licenses". But if there are lice in there, please DE-BUG it!

Hi,

I am syncing the users present in FIM to Google Apps. For this i am using Generic REST API MA. I am able to provision a user to Google successfully. But I am unable to update some attributes at Google through attribute flows. So, we have a standalone c# code for updating those attributes like email alias. But i am not aware how to trigger that code on provisioning a user from FIM to google.

Is there any way of trigger a satndalone code post success provision of a user from FIM Sync.

Thanks

Prasanthi.

We have a requirement where we have to send a consolidated email to the new group owner which lists all the groups that are tagged to him/her.

This requirement is needed so that the new group owner can be notified of the groups that he/she owns. Group owner information can be updated in AD which would then sync with FIM, Bulk updates for groups in FIM.

So first we would have to basically track the group owner change in FIM, retrieve the owner information, then list all the groups listed under him, consolidate an email and trigger the notification.

Can someone help me and let me know how this can be achieved?

Thanks in advance!!

Hallo, I’m designing a new FIM infrastructure. The requirements are “ as secure as possible” within the usual Microsoft limits. Gathering information is difficult. Please think with me and help me gather the information in one place.

Q1. Which FIM 2010 R2 components can be installed on a Windows 2012 or 2010 R2 server core?

Q2. Can I install the Windows 2012 R2 Remote Access with the Web Application Proxy role on a server core?

Q3. Which browser will work with the FIM portal without additional plug-in? An upgrade to a recent version is allowed. So are Chrome, Safari and Firefox useable with FIM Portal and SSPR?

Additional questions may follow.

GH

Hello,

I tried to change the "Group Creation" RCDC to make  "EmailEnabling" check box as required by putting  

<my:Property my:Name="Required" my:Value="true"/><my:Property my:Name="Checked" my:Value="true"/>

inside properties like the below

<my:Control my:Name="EmailEnabling" my:TypeName="UocCheckBox" my:Caption="%SYMBOL_EmailEnablingCaption_END%" my:Description="%SYMBOL_EmailEnablingDescription_END%" my:AutoPostback="true" my:RightsLevel="{Binding Source=rights, Path=Email}"><my:Properties><my:Property my:Name="Required" my:Value="true"/><my:Property my:Name="Checked" my:Value="true"/><my:Property my:Name="Text" my:Value="%SYMBOL_EmailEnablingValue_END%"/></my:Properties><my:Events><my:Event my:Name="CheckedChanged" my:Handler="OnChangeEmailEnabling"/></my:Events></my:Control>

but it is not at all reflecting in the group creation..

Please help me.

Hello, 

I am having an odd issue. I created a new MA from AD to MV. It is looking specifically at an Applicaiton Group OU, There are only SG in there. When I do the import, then a sync, two fields are giving me errors

Member and ManagedBy, they both say reference is unavailable. 

No the users already exist in the MV, but is is giving me the error because I am not allowing the MA to look in any other container besides where the application group is?

I am not sure, I checked the precedence, I have tried with both equal precedence and letting this MA being the upper precedence.

Any ideas what may be causing this error?

There is no code, I am doing a direct flow.

Thanks 

Russell Lema

Hello, 

I am trying to do Group management in the portal, but I have thousands of groups, currently we want to run a pilot of manageable groups in the portal, I have set an attribute on the groups and want to only allow users to see the groups that have that attribute.

Is this possible?

Thanks

Russ 

Russell Lema