We are using FIM 2010 R2 SP1 Password Reset Portal. The FIM 2010 R2 SP1 Rich client is installed on client machines and I would like to know if it is possible to modify the displayed errors the user gets when they try to reset their password via the Rich client.
Regards Andre van der Westhuizen
If you've got a data source that takes a very long time to sync and you have a new user appear in your data source that needs to be provisioned ASAP, what do you do?
Would it be ok to have two identitcal Management Agents connecting to the same data source? You could have a projection rule to ensure that you don't end up with duplicates. Then you can simply use the second one for DIDS while the first one is doing the hour long sync part of it's FIFS.
Any thoughts?
Hi,
I am facing the problem of no-start-database-schema-mismatch error in fim 2010,when i run HRMA Management agent(This is the Source database where i get the value) so please help me why this error comes and how to remove this error.
Regards
Anil Kumar
Hi,
Is it possible to have multiple GALsync MA pair in single FIM server? For example, DomainA/OU1 <=> DomainB/OU1, DomainA/OU2 <=> DomainB/OU2, DomainC/OU3 <=> DomainD/OU3 and so on.
Kelvin Teang
Hello i have this error when i try to reset password in FIM2010 R2
Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> System.TypeInitializationException: Une exception a été levée par l'initialiseur de type pour 'Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient'. ---> System.TypeInitializationException: Une exception a été levée par l'initialiseur de type pour 'Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection'. ---> System.InvalidCastException: Impossible d'effectuer un cast d'un objet de type 'Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection' en type 'Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection'.à Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection.Create() à Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection..cctor() --- Fin de la trace de la pile d'exception interne --- à Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection.get_Instance() à Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient..cctor() --- Fin de la trace de la pile d'exception interne --- à Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient..ctor() à Microsoft.ResourceManagement.WebServices.ResourceManager.get_SchemaManager() à Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(String typeName, LocaleAwareClientHelper localePreferences, ContextualSecurityToken securityToken) à Microsoft.ResourceManagement.WebServices.Client.UninitializedResource..ctor(String domain, String userName, CultureInfo locale, ContextualSecurityToken securityToken, ClientOptionsHelper clientOptionsHelper) à Microsoft.ResourceManagement.WebServices.Client.UninitializedResource..ctor(String domain, String userName, ClientOptionsHelper clientOptionsHelper) à Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse) à Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler) à Microsoft.IdentityManagement.CredentialManagement.Portal.Components.ResetDriver.InitiatePasswordReset(String domain, String username) à Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.MoveToAuthenticationGates() à System.Web.UI.WebControls.Button.OnClick(EventArgs e) à System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) à System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) à System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) --- Fin de la trace de la pile d'exception interne --- à Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs) à System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e) à System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e) à System.Web.UI.TemplateControl.OnError(EventArgs e) à System.Web.UI.Page.HandleError(Exception e) à System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) à System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) à System.Web.UI.Page.ProcessRequest() à System.Web.UI.Page.ProcessRequest(HttpContext context) à ASP.default_aspx.ProcessRequest(HttpContext context) à System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() à System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Any idea ?
Thanks
I have a full working FIM website which I've mostly used for account synchronization (portal is not installed).
Setup:
Windows Server 2008 R2
FIM 2010 R2
SharePoint Services 3.0
SQL Server 2008 R2
I have a requirement within my environment to server up a small website with static pages and I'm thinking of installing an additonal IIS site on my FIM server using a different IP address.
It's either this or create a virtual machine for what would amount to 3 pages of HTML.
I'd like some general advice on how to do this and whether installing an additional IIS site on FIM is an unsupported or dangerous thing to do (dangerous in terms of getting me sacked if I broke FIM)....
Thanks
IT Support/Everything
Hi,
I am using the sync engine of FIM 2010 only, it is configured to sync users between an account forest and resource forest.
I am struggling with the deprovisioning and hoping someone can help me out. I have read other questions/answers on the forum about this subject and also 'understanding-deletions-in-ilm-2007' article, but I still can't get FIM to delete the resource account.
At the moment I have FIM disabling a user account and moving to a 'pending deletion OU' when the user is moved to a OU called 'Disabled' in the account forest. What I would like to do now is when an account is deleted from this OU, and only this OU, the account is the resource forest is also deleted.
Can anybody share any pointers or even some code that will help me out?
Many thanks...David
Hi,
I am experiencing a peculiar issue when creating a Set by using criteria in FIM 2010 R2. The Set is supposed to show users which still have EREs attached to them when they are about to be deleted.
The criteria I am using is the ERE display name and the resource parent belonging to a set for users about to be deleted.
When testing the set it works just fine, but when submitting it takes a long time, and eventually an error is displayed saying that a timeout has occured.
Has anybody experienced this? And how can I fix it?
Thanks
Johan Marais
JkM6228
The objective of this page is to provide you with:
You can use the following table to locate existing Azure AD community resources:
| Tag | Description |
|---|---|
| Wiki Article Development | The article contains information about developing Wiki articles. |
| FIM | The article is about FIM. |
| FIM Technical Article | The article is about a technical description. |
| FIM Reference Article | The article contains reference information. |
| FIM How To Article | The article describes how to configure something. |
| FIM Troubleshooting Article | The article describes how to troubleshoot an issue. |
| FIM How To Script | The article is about a FIM related script. |
You can easily become an active member of the Windows Azure AD community by developing and posting a Wiki article.
This link provides you with a list of articles that help you with the development process.
For specific instructions, see:
To simplify the process of developing Wiki articles, see the Wiki Toolbox.
 Note |
|---|
| To provide feedback about this post, create a new discussion post on this forum. |
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Please let me ask a question.
Synchronizing SQL Server Objects to AD using ILM2007.
<Purpose>
A:When a user is deleted from SQL, I would like to perform the following processings.
1.UserAccountControl = 514;
2.DN="OU=RetiredUser,OU=UserOU,DC=local.DC=com";
B:It is made to Join when the user with same SamaccountName is created by SQL.
<Tried contents >
1.Deprovision coding ->MV delete ->B cannot
2.Provision coding -> UserAccountContorol is read only ->A cannot
#System.InvalidOperationException: attribute userAccountControl is read-only
--------------------
void IMVSynchronization.Provision (MVEntry mventry){
ConnectedMA ma = mventry.ConnectedMAs["ADMA"];
int ADMAconnect = ma.Connectors.Count;
int SQLconnect = mventry.ConnectedMAs["SQL_User_MA"].Connectors.Count;
if (SQLconnect == 0 && ADMAconnect == 1)
{
csentry = ma.Connectors.ByIndex[0];
// Moves the disabled user account to another container.
string container = "OU=RetiredUser,OU=UserOU,DC=local.DC=com";
string rdn = "CN=" + csentry["samAccountName"].Value;
//csentry["userAccountControl"].Value = "514"; <error Point>
ReferenceValue dn = ma.EscapeDNComponent(rdn).Concat(container);
csentry.DN = dn;
//throw new UnexpectedDataException(rdn);
}
}
-------------------
3.ADMA>Attribute Flow>rules extension coding.
But User deleted from DB does not pass along Export Rule.
-------------------
void IMASynchronization.MapAttributesForExport (string FlowRuleName, MVEntry mventry, CSEntry csentry)
{
if(FlowRuleName == "UAC"){
//throw new EntryPointNotImplementedException(temp);
if (mventry.ConnectedMAs["SQL_User_MA"].Connectors.Count == 0)
{
csentry["userAccountControl"].Value = "514";
}
else {
csentry["userAccountControl"].Value = mventry["userAccountControl"].Value;
}
}
}
-------------------
I am troubled very much.
Aren't there any good methods?
It will be saved if advice is got.
We are under migration from MIIS to FIM.
We disable Provisioning and Full import of GAL MA of FIM.
Most of connectors were successfully joined by existing MIIS join rule.
we CSexport-ed MIIS and FIM connector data using below script that change XML to CSV data
and compared disconnectors of MIIS and FIM.
But we found in some GALMA, there are around 1000 not-joined object by current join rule.
I would like to know how to solve this problem.
Is there any good idea ?
or, how could I know which join rule were used when joining and why those 1000 not-joined object are not joined ?
I need to provision mailbox through FIM synchronization service manager, i need to know how to configure the same?
Steve
Hi,
I want to export datetime attribtue from Oracle to FIM portal. though I modify the attribute before bringing inot meatverse, it gets converted and throws error during FIM Export
Dolly
Hi All,
This question is a direct spin-off of this thread:
I want to add a "Comments" box to the FIM portal page when a user requests to Join a group. At the moment, I'm only dealing with "Join Group" and not with "Add Members" page.
Following the link above, I have done the following things:
So far this is ok, but when I try and open the page, I get an odd error:
c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Custom\JoinGroups.aspx.cs(156): error CS0012: The type 'Microsoft.ResourceManagement.ObjectModel.RmResource' is defined
in an assembly that is not referenced. You must add a reference to assembly 'Microsoft.ResourceManagement.ObjectModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. at System.Web.Compilation.AssemblyBuilder.Compile()
The code behind file already has a reference to Microsoft.ResourceManagement.ObjectModel, and so does the aspx file, so I'm a bit lost here.
The changes from the original post I have done are that I wasn't able to easily install the assemblies to GAC. To do so, I converted them to strongly-typed first, then added them to GAC using powershell, which created the assemblies in GAC with version number 1.0.0.0 and a differerent public key compared to the original thread. I changed my references in the aspx file accordingly, and now I encounter this problem.
I have probably done something wrong in adding the assembly to the GAC since it wasn't quite as straightforward as I thought it would be, so that might be the source of the problem but I can't figure out what.
Any suggestions/tips on how to resolve this will be much appreciated.
Thanks
I am not able to connect to a SQL server 2000 database from the FIM 2010 R2 SP1 MA. I installed SQL Server Management Studio on the FIM server and can connect to the database with no problem, so it's not a firewall or rights issue. I even tried altering the .Net Runtime Startup Configuration in the miiserver.exe.config file.
Any ideas?
Thanks,
Mark
Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com
I have written a Custom MA {Extensible Connectivity 2.0) for exporting to an XML file. for my 2010 R2 MIIS server (version 4.1.3441.0)
I have everything working (I think) except one part.
I don't get any statistics updates when I run the export.
The statistics update fine for Import and sync. but I get nothing for export even though it is working.
I have done some digging, and it looks like I need to see references to setting the ErrorCodeExport property of the csentrychange (http://social.technet.microsoft.com/Forums/en-US/5ffcf3e7-9cc9-4922-a900-97e25ca936dc/how-does-the-csentrychangeresult-work)
the problem is that there doesn't seem to be such an property. just the errorCodeImport http://msdn.microsoft.com/en-us/library/windows/desktop/microsoft.metadirectoryservices.csentrychange_properties(v=vs.100).aspx
Anyone have any idea how to update the statistics:
Meow
Tim Macaulay Security Identity Support Team Support Escalation Engineer
Hello All,
This is most likely a really easy thing to do but for some reason I'm experiencing a brain fart today. I need to trigger an email to be sent when an employee's employee status has been switched to Disabled.
I already have an Employee status dropdown that triggers the enable/disabled rules set up. What I need help with is to create is a set based on "Employee Status" is "Disabled", however when I attempt to do this I get the following error "Filter definition is not permitted."
Any help would be appreciated
All,
I am creating users with scoped provisioning in AD and Ldap. Now, i could see that the relationship criteria tab in the syn rule is blank. It looks like as if I didn't select any criteria at all. So, I tried creating a new scoped provisioning sync rule. It allows me to select the relationship but as soon as I click submit and repoen the sync rule, the relationship tab is empty. Is there any error in the application? In this case, should I be using a join rule in sync engine?
Thanks!
Tim Macaulay Security Identity Support Team Support Escalation Engineer
