Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 115 | 116 | (Page 117) | 118 | 119 | .... | 204 | newer

    0 0
  • 05/06/15--07:57: ECMA 2 Connection Log
  • When using an OOTB MA which connects to a system, such as SQL Server MA or ADDS MA, a connection status is visible which when clicked on opens a connection log. Is it possible to create such a status/log with ECMA2 and if so, what method do I use?

    Thank you.

    0 0
  • 05/06/15--12:00: FIM mailnickname append
  • Hello,

    We have run IDFix and found duplicated contacts from FIM that we need to fix. We think we can fix that if we make changes to the emailnickname attribute that are coming in from another forest.  Our idea is to add a suffix to the end of the nick name as in gets synchronized to our domain.  So it would be something like this. If the emailnickname is, we want to change it to  for example.  Can this be done using the functions? Would you be able to send me an example on how the function would look like such as ReplaceString and how to apply the function?  I am sorry, but we have been doing a straight GALsync for a long time but nothing has been done in this level.

    Thank you. 

    0 0

    Am unable to add any staffs to the security group. It pop's for the below mentioned error,

    Error processing your request: The operation was rejected because of access control policies.

    Reason: The server workflow rejected the operation.

    Correlation Id: 6ebb20f7-9807-4db8-a412-8a80cc1fa829

    Request Id: 6d05799f-3c92-410c-88c1-accb8f0d64a5

    Details: The Workflow Instance 'fbcef8fb-4524-4deb-9af3-c03ca7a7b93e' encountered an internal error during processing. Contact your system administrator for more information.

    0 0

    Hi Guys,

    We have a situation where Owner for a group should be Active, Enabled and Employee of the organization. We can set this criteria in Search Scope.

    But when I try setting the Owner(who does not meet the required conditions) via PowerShell script or via sync from AD-->MV-->FIM Portal, the portal seems to accept the value.

    Is there any way where we can configure FIM Portal to not accept Unsatisfactory inputs from other sources?

    I am thinking its not possible to set this in FIM Portal and might be we have to manually be sure of the Owner value what we set using Powershell or AD.

    Please let me know your thoughts on this.


    0 0

    I have an ECMA2 ma, and in the Full Import I create a list of CSEntryChange objects with ObjectModificationType Add, like in this example:

    // iterate through the objects in the connected system
    foreach (var website in theListOfWebsitesInTheConnectedSystem) {
        // create a CSEntryChange object
        var entry = CSEntryChange.Create();
        entry.ObjectType = "website";
        entry.ObjectModificationType = ObjectModificationType.Add;
        entry.AnchorAttributes.Add(AnchorAttribute.Create("Name", website.NAME));
        entry.AddAttributeAdd("Description", website.DESCRIPTION);
        entry.AddAttributeAdd("Category", website.CATEGORY);
        // add it to the list (this list will be split somewhere else to manage the page size)

    My understanding was that if an object is not in the list of objects I return, FIM should understand that the object has been deleted in the connected system, and try to recreate it.

    However, if I delete an object in the Connected System and then run a Full Import, the object is NOT returned in the list, but FIM still sees it as a connector in the connector space of my MA, and I see no deletion in the import results.

    How is this supposed to work? What should I do to make FIM realize that an object was deleted?

    Paolo Tedesco -

    0 0

    We have several domains  to manage for our customers, so we have installed "FIM 2010 R2" to manage our admin-accounts. But if I now try to delete a user, by deletion from the "User Set", I get this error (please note the screenshot) after synchronization.


    Running management agent:

    AD MA xyz



    Latest occurrence:

    07.05.2015 15:30:06

    Initial occurrence:

    07.05.2015 11:07:22

    Retry count:


    Connected data source error code:


    Connected data source error :

    Access is denied.

    I don't get more information about this error, not in the eventvwr and also not in the FIM-Panel even. 

    Maybe someone knows more about this issue I would be very thankful for helping to solve this problem.

    If more information is needed let me know what kind of.

    Thank you

    0 0

    I am trying to get some numbers on how many password resets have occurred in a specified amount of days/Months/years.

    Is there a way to do this with sets? Or is this something done with FIM Powershell or FIM Query?



    0 0


    We are using Generic Rest API MA for Google(Naohiro) Provisioning from FIM. For provisioning,we are using provision code and mapped FIM "Email" Attribuite with DN(google) i.e.(FIM Email->dn) and FIM Email-->PrimaryEmail(Google) in MVExtension code. Now we have to change PrimaryEmail value on Google. As 'PrimaryEmail' is used as Anchor attribute, through FIM Sync we are unable to change PrimaryEmail. So, we came up by deleting/disconnecting the metaverse object  and re provisioned the user with changed Email. So now we want to automate deleting a particular user from Metaverse.

    Is there any way for automating the deletion of a specific user from metaverse using some script(powershell or any others).



    0 0


    The Generic LDAP MA takes about 50 minutes to import 90 records from a target Oracle server.

    So we looked for a hotfix, and came across this:

    However, once we download this hotfix and try to extract it, we get the following error:

    "An error has occurred while unzipping. One or more files were not successfully unzipped. The error code is 40."

    We have tried to download and extract this file on 3 different computers, but get the same error message.

    Please could someone from Microsoft fix the zip file please, or point us to the correct URL?

    thank you,


    0 0


    Does the built-in FIM 2010 R2 Oracle MA support structural, aux and extensibleObject classes?



    0 0

    Trying to develop an Email Template for local user to Notify when a new AD account is created for the user.

    The local language here norse/finnish/ has extended ascii characters in the alphabet e.g. ö ä å Æ æ Œ œ ø Ø þ Þ ð Ð

    (I hope these are visible in the forum message, they are danish/norwegian and swedish/finnish characters)

    These get scrambled when the Notification Email is built by FIM.

    How do I start debugging this to track down what is wrong?


    0 0

    We have a tab in FIM that has 3 boolean attributes. 2 set of users have got different level of access to those attributes. When one of the boolean is checked, FIM is trying to set the value to false for other 2 attributes and they are getting access denied error. In RCDC, I changed the default value to false for all those 3 attributes but still getting the same error. Is there any other solution?

      <my:Property my:Name="Text" my:Value="Termination" />
      <my:Property my:Name="Checked" my:Value="{Binding Source=object, Path=ForceDeprovision, Mode=TwoWay}" />
      <my:Property my:Name="DefaultValue" my:Value="false" />


    0 0


    Have listened to this Ignite 2015 talk, and have a few questions:

    1. The roadmap goes as follows: FIM to MIM to AAD Connect. So will AAD Connect have a different Sync Engine from its predecessors? Will we still have a Metaverse, Connector Space, Management Agents, etc? Or is the entire architecture changing?
    2. Will AAD Connect still have the 'FIM Portal' equivalent?
    3. It almost sounds like AAD Connect will only support Declarative Provisioning, and will no longer support Rules Extensions, is this correct?
    4. Is there BHOLD in AAD Connect?
    5. Will the FIM deprecated features still be available in MIM?; and they will only be unavailable in AAD Connect?
    6. Comment: sounds like MIM 2016 will still support "FIM Reporting & SCSM combination". MIM will also be able to use Azure AD for Reporting (via an agent).

    If anyone has any more questions/comments, please post.

    Looking forward to the answers.



    0 0

    What version of EWS libraries does FIM 2010 R2 Sp1 use?

    I have traced the problem with FIM 2010 R2 SP1 Notifications via EWS down to the message to the BodyType. At least with our Exchange 2013 set up we get scrambled accented chars.

    Writing a simple Powershell script to use the latest 2.2 EWS immediately highlighted the issue. Switching the BodyType has a profound effect.

    Question is.. If I want, how can I configure FIM to use Text Emails always?

    #Web Service Path

    $EWSServicePath = "C:\Program Files\Microsoft\Exchange\Web Services\2.2\Microsoft.Exchange.WebServices.dll"

    #Importing WebService DLL

    Import-Module $EWSServicePath

    #Creating Service Object

    $Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList Exchange2010_SP1

    #Setting up Credentials

    $user = "mydomain\fim.service"

    $pass = "********"   # just a test ffs

    $service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.WebCredentials -ArgumentList $user, $pass

    #Setting up EWS URL for exchange.

    $EWSurl = ""   # same as FIM config

    $Service.URL = $EWSurl

    #Setting up Email message Class

    $message = New-Object Microsoft.Exchange.WebServices.Data.EmailMessage -ArgumentList $service

    $message.Subject = "This Message has been Created by EWS on my mail server"

    $message.From = "fim.service@mydomain.local"


    $message.Body = "This is Test Message öäåÖÄÅ <br>Greetings, EWS Client 2.2"

    $message.Body.BodyType = 'Text'   # works

    #$message.Body.BodyType = 'HTML'   # likes the break but scrambles the scandies



    0 0

    Hi all,

    In the middle of retrofitting a test environment with OTP in SSPR and while FIM Portal sends my new user notifications fine, I am having troubles sending out the one-time-codes.

    In SSPR, I enter the username, and it sits there for a while with a spinning wheel before erroring out with the message: Unable to send a security code.

    When I review Event logs, I can see that the e-mail sending is timing out:

    Any thoughts on why this might be? It works fine in production, but not in test - and the only difference between the two environments is that we're using EWS in Prod and SMTP relay in test... but again, I've verified the SMTP relay works.

    - Ross | MCTS: FIM 2010 | Now Offering ECMA1->ECMA2 Upgrade Services

    0 0


    we experienced an obscure issue in FIM, that costs us a lot of time and effort.

    I would like to share my experiences.

    We recently applied a FIMService Database backup for our FIM environment, due to a failed change implementation.

    After implementing the fallback Database, everything was fine at the first glance. After some weeks, I recognized that our criteria based groups and sets in the FIM portal withdate time filters doesn’t work properly as intended and the necessary MPR’s didn’t get fired.

    Long story short, I figured out that the SQL Server Agent Jobs didn’t run successful since our fallback. In our case the FIM_TemporalEventsJob (This job evaluates temporal sets and policies, validates set and group membership, and runs daily by default.)

    Recognized failure in the Job history:

    'EXECUTE AS LOGIN' failed for the requested login “ServiceAccount”.  The step failed.

    That was strange, because the ServiceAccount, that runs the Jobs is owner of the FIMService Database.

    Further investigations reveals following:

    The database owner SID recorded in the master database differs from the database owner SID recorded in database 'XXXX'. You should correct this situation by resetting the owner of database 'XXXX' using the ALTER AUTHORIZATION statement.

    To prove that the problem is in factdiffering SID's I ran the following two SQL statements.

    • To get owner SID recorded in the master database for the current database
      SELECT owner_sid FROM sys.databases WHERE database_id=DB_ID()
    •  To get the owner SID recorded for the current database owner
      SELECT sid FROM sys.database_principals WHERE name=N'dbo'

    They should return youSID values in the format of a GUID

    Now if the two SID's differ which they did in my case it means that you need to reset the database owner so that both values are the same. To do this you can run another ALTER statement and pass in the owner value you want to use e.g

     ALTER AUTHORIZATION ON Database::XXXX TO [domain\user]

    Once I had run this code the problem was fixed.

    Hope this helps for those for those, having similar issues.

    Thanks Fatih

    0 0


     I am trying to install Quest FIM Powershell Snapin. I dowloaded from Codeplex and added the DLL "Quest.FIMPowershellSnapin.dll" into the assembly. In powershell i checked whether the snapin is registered or not and the results showed that this Quest sanpin is registered. But When i try to add "Add-PSSnapin Quest.FIMPowershellSnapin", it is givivng me an error

    Add-PSSnapin: Cannot load  windows powershell snapin "Quest.FIMPowershellSnapin.dll" because of the following error "The windows powershell snapin module Quest.FIMPowershellSnapin.dll does not have required  windows powershell snapin  strong name Quest.FIMPowershellSnapin version=,Culture=neutral,PublicKeyToken=null".

    Please help



    0 0

    I have been looking around.

    We have decided to use the FIM portal more and our current system we have a separate sharepoint environment to house the FIM portal.

    I cannot seem to find any examples, but we would like to migrate this FIM portal to a different sharepoint environment that our company is already using that way it has better infrastructure than the current shallow sharepoint we have.



    Russell Lema

    0 0

    Hi all

    I'm wanting to export a value to the CS which I want to be unique.

    I've read a few pages regarding how this can be done using custom worksflows etc, but I'm wanting to do the comparison this based on what's in the CS rather than FIM/MV, as there's more objects (unrelated to FIM) in there that may already have this generated value.

    I originally found the MV class utils.findmventries:

    I'm wondering if there's something just like this but for the CS or is there a better way?

    0 0

    So I was just doing some checking up and making sure everything was running correctly, which it seems it is, but I have come across a lot of errors in the Windows logs attached to the FIMSync Service. Was wondering if anyone could give me any advice.

    This is happening on our cycles, delta sync and exports

    I know that some of the errors have to do with ADMIN accounts and the MA account does not have access to manage them. But not sure what the rest are


    Forefront Identity Manager 4.1.3599.0

    The server encountered an unexpected error in the synchronization engine:


     "BAIL: MMS(5504): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)

    BAIL: MMS(5504): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)

    BAIL: MMS(5504): d:\bt\37281\private\source\miis\shared\entry\tower.cpp(3989): 0x80004005 (Unspecified error)

    ERR_: MMS(5504): d:\bt\37281\private\source\miis\shared\entry\tower.cpp(12133): BAIL: MMS(5504): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(1833): 0x80004005 (Unspecified error)

    BAIL: MMS(5504): d:\bt\37281\private\source\miis\server\sync\expcall.cpp(905): 0x80004005 (Unspecified error)

    ERR_: MMS(5504): d:\bt\37281\private\source\miis\server\sync\expbase.cpp(2957): PutAnchorWithDnInternal failed on CS object {0E6B94B6-4416-E211-ABF9-005056BA0089} with 0x80004005 (pass 1 of 5)

    Forefront Identity Manager 4.1.3599.0"

    The management agent controller encountered an unexpected error.


     "BAIL: MMS(5504): d:\bt\37281\private\source\miis\cntrler\cntrler.cpp(12498): 0x80004005 (Unspecified error)

    BAIL: MMS(5504): d:\bt\37281\private\source\miis\cntrler\cntrler.cpp(9395): 0x80004005 (Unspecified error)

    BAIL: MMS(5504): d:\bt\37281\private\source\miis\cntrler\cntrler.cpp(8158): 0x80004005 (Unspecified error)

    Forefront Identity Manager 4.1.3599.0"


    HRESULT: '0x80230507' Source: 'd:\bt\37281\private\source\miis\server\rules\project.cpp(1635)' Thread ID: '0x109c' Additional Info: ''

    Russell Lema

older | 1 | .... | 115 | 116 | (Page 117) | 118 | 119 | .... | 204 | newer