Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 118 | 119 | (Page 120) | 121 | 122 | .... | 204 | newer

    0 0

    Hi all,

    is there a way to import the value of the "msDS-UserPasswordExpiryTimeComputed" attribute in Active Directory MA ?

    The value is present in ADUC but in Import flow it is null.

    0 0

    I am facing an issue to prepare collection of RFC_DB_FLD for the Tablr fields to put in the TABLE_OF_RFC_DB_FLD to read the fields and their values from the table mentioned in the "QUERY_TABLE'.

    we are using WebService configuration tool 5.3.407.0 to integrate SAP with the FIM 2010 R2, in which we are using the RFC_READ_TABLE BAPI to read the PA0001 table of columns "PERNR,ORGEH,WERKS,PERSKBEGDA".

    i am not able to provide the above mentioned columns in a collection as the TABLE_OF_RFC_DB_FLD is not accepting the collection of RFC_DB_FLD.

    need help and any suggesstions on this would be helpful.

    Thanks and appreciate utmost help.

    0 0
  • 06/03/15--09:15: FIM IIF Custom Expression
  • Hello,

    I'm trying to write a custom IIF statement. I want employees according to their Employee Type to be placed in certain groups. I have an example code I wrote up, but it seems to give me an error:


    Is this correct?

    0 0


    We have employeestartdate and employeeenddate attributes in FIM.

    Is there any way to push this into AD via codless outbound synch rule to AD? I have created a new attribute in AD with same datatype as whencreated.

    While AD export I get ‘incorrect syntax’ error?



    0 0

    Hi all,

    Please suggest action to overcome the below issue.

    When FIM MA export run, its throws the below error continously and complete as "stopped server". Service restarting automatically.

    Event log throws below error 

    Event ID :6401
    The management agent controller encountered an unexpected error.
     "BAIL: MMS(16652): d:\bt\16961\private\source\miis\cntrler\cntrler.cpp(12495): 0x80004005 (Unspecified error)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\cntrler\cntrler.cpp(9392): 0x80004005 (Unspecified error)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\cntrler\cntrler.cpp(8155): 0x80004005 (Unspecified error)
    Forefront Identity Manager 4.1.3496.0"

    Event ID :6301

    The server encountered an unexpected error in the synchronization engine:
     "BAIL: MMS(16652): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\shared\entry\tower.cpp(3989): 0x80004005 (Unspecified error)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\shared\entry\tower.cpp(12133): 0x80004005 (Unspecified error)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(1833): 0x80004005 (Unspecified error)
    BAIL: MMS(16652): d:\bt\16961\private\source\miis\server\sync\expcall.cpp(905): 0x80004005 (Unspecified error)
    ERR_: MMS(16652): d:\bt\16961\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {829698DC-3F91-E211-97EF-005056BC7686} with 0x80004005 (pass 1 of 5)
    Forefront Identity Manager 4.1.3496.0"

    Thanks in advance


    0 0
  • 06/04/15--17:35: AADSync Delta Sync Process
  • Hi Experts,

    When we execute the Delta sync, i could see below steps are executing in AADSync connectors.

    [1] AD Connector - Delta Import
    [2] AAD Connector - Delta Import
    [3] AD Connector - Delta Synchronization
    [4] AAD Connector - Export
    [5] AAD Connector - Delta Import
    [6] AAD Connector - Delta Synchronization
    [7] AD Connector - Export

    Could you please help me to understand what will happen on each steps. Or is there any blog which already has these information?

    Regards, Nidhin.CK

    0 0

    Hello Everyone,

    I am working on develoving a call based ECMA for our FIM environment to communicate with our Emergency Alert Notification System. However I am having trouble finding sample code or documentation around the Call Based functionality of ECMA when using an API. I found this link but it deals with connecting to a SQL DB. Would anyone be willing to share some sample code around Call Based/API ECMAs?

    0 0


    I am trying to implement a small application that retrieves certificates for existing profiles from the FIM CM server. I've been looking at the documentation and i tried the FindOperations.FindCertificates(profile) but returns a list of X509ClmCertificates and those objects does not contain the information I need from the certificate (validity, issuing date, etc...). Is there nay way to get the right certificate with this function?

    I've also tried the function ExecuteOperations.Enroll(request.Uuid, certificateRequests, "pfxPassword", "some comment"); explained here ( but I do not know what do in the method GetCertificateRequests. This topic has been already asked in this forum but not answered.

    What I need to do is to get the certificate then encode the whole content and send it to an external service by serializing it as Json. That's why i thought I could use the ExecuteOperations Class to get a PFX and serialize it.

    Could you guys please give some help on this....i will really appreciate it.

    Thanks a lot

    0 0

    I am new to FIM, I have deployed FIM for Microsoft Online by first enabling Metaverse Rules Extension MSONLINE.MVExt.dll. Everything synchronizing without problems.

    Now I am supposed to create an Exchange forest trust with a company we purchased. We have VPN connection with the two forests and configured AD forest trust. So can I use the same FIM by enabling Metaverse Rules Extension GALSync.dll to use for Exchange contacts sync.

    0 0


    I need up the service Forefront identity  manager service, but I got or appear the next issue:


    Gonzalo B.

    0 0


    I am trying to retrieve a Profile using the FindOptions class and I get the following exception:

    There is no row at position 0.

    Server stack trace:
       at System.Data.RBTree`1.GetNodeByIndex(Int32 userIndex)
       at System.Data.RBTree`1.get_Item(Int32 index)
       at System.Data.DataRowCollection.get_Item(Int32 index)
       at Microsoft.Clm.Common.TypedData.CertificateDataSetGenerated.ProfilesDataTable.get_Item(Int32 index)
       at Microsoft.Clm.BusinessLayer.Shared.FindOperations.CanCurrentUserViewProfile(Guid profileUuid)
       at Microsoft.Clm.BusinessLayer.Shared.FindOperations.GetProfile(Guid profileUuid)
       at Microsoft.Clm.Provision.FindOperationsByCulture.GetProfile(Guid profileUuid, CultureInfo uiCulture, CultureInfo culture)
       at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.Clm.Provision.FindOperationsByCulture.GetProfile(Guid profileUuid, CultureInfo uiCulture, CultureInfo culture)
       at Microsoft.Clm.Provision.FindOperations.GetProfile(Guid profileUuid)

    On the portal I can see that the user does have a profile and the Guid is a valid Active Directory Object-GUID.

    This is the code I am using:

    FindOperations.UseRemoting = true;
    var profile = FindOperations.GetProfile(new Guid("476d566c-2cb5-482c-99d0-bd2c8c8981ca"));

    I do have access to the FIM System but I cannot find the cause of this problem.

    Could you guys help me on this...I would appreciate it.

    Thanks a lot

    0 0

    I cannot create criteria-based sets in either of my FIM Environments.  In production I get a permissions error even though I am a member of the Administrators set.

    In the development environment we get the following detailed error description

    Error processing your request: The operation was rejected because of access control policies.
    Reason: The supplied request content violates system rules.
    Correlation Id: c949132e-75a0-474c-9534-de4d1154b39b
    Request Id: a7c43448-548b-4fec-a950-fb6c9584596d
    Details: The Request contains changes that violate system constraints.

    I have looked through everything to do with the sets and Attribute Filters and all seem to be in order.  I have seen similar items before, but they were related to SPNs and AppPool permissions, which are not the case here.  Anything that can be done to point me in the correct direction is greatly appreciated.



    The early bird gets the worm. The second mouse gets the cheese.

    0 0

    Hi , I am new to FIM and can't figure out if there is a way for me to sync user accounts from non domain joined servers. That is we have a set of servers that do not belong to the domain , mainly 2008 R2 -2012-2012 R2 , and we need to provide some way of self service password reset for the accounts stored on these.

    The user that actually has a local admin account on those servers  , also has a domain account in the forest.

    Any ideas , greatly appreciated

    0 0


    I have an AD MA, AD LDS MA and FIM MA, I already synchronize group from AD to FIM and AD LDS. 

    Now I want only to export only some groups to FIM ? is that possible to make some filter ? 



    0 0


    My environment requires me to be able to create Exchange mailboxes on existing users, disable those mailboxes and then, some time later, re-enable them and have Exchange reconnect them automatically all driven from some Metaverse attributes.

    I have code in MapAttributesForExport which performs this "provisioning" and "deprovisioning" of mailboxes which is working fine. Basically this:

    If mventry("mailenabled")

    If csentry("homeMDB").isPresent Then csentry("homeMDB") = inventHomeMDB()

    End If

    Else csentry("homeMDB").delete End If

    inventHomeMDB() takes a list of databases and assigns one at random. Then equivalents for msExchHomeServerName and mailNickname.

    When it then comes to reprovisioning, I need to be able to recall what homeMDB was set to when the deprovision occurred (as it may have been changed in Exchange by a Move-Mailbox).

    I have tried flowing homeMDB back into the MV with a catch in a rules extension to not flow an empty value but this doesn't work because the code is never run when the attribute is Deleted.

    I have thought about keeping a small SQL table with the "last known values" in (kept up to date in an IAF rule) which could be checked before calling inventHomeMDB() but this seems rather inelegant.

    Any ideas? Thanks!


    0 0


    I was wondering if there was a way to set an AD group to both Security and Distribution. This group is initially a Distribution Group, which is on the "Distribution List" in AD, but this group will not show up in FIM under Distribution Groups. I believe my FIM environment is not configured to provision Distribution Groups over, only Security groups are. So unless I change this group to "Group Type = Security" then it will appear on FIM. So before I configure for Distribution Groups to be synced over, is it likely for a group to be both Security and Distribution?

    0 0


    Recently i created a Management Agent for Oracle, this MA used an Updatable View, when i run a FI all works fine but when i run an export the MA throws an error, the error is:

    Oracle ROW-00009: Cannot update row  Ora-ORA-01446

    I have doubt if FIM 2010 R2 supports Oracle updatable views or not?.

    I tested with SQL Server and works fine using an updatable view.


    MCP-ASP.NET With C#, MCTS SQLServer 2005 I&M

    0 0

    ***I know this is not a FIM question, but as it's ADFS it belongs under IDM but there is no option for that.***

    I am trying to get AD FS 3.0 up and working being load balanced through a pair of physical Citrix NetScaler ADC's. The load balancing part of the AD FS side is working fine, it is creating the trust relationship between the WAP's (which are in the DMZ) and the AD FS servers (which are in the LAN) that are being load balanced across the NS.

    So the topology is 2*WAP in the DMZ and 2*ADFS in the LAN. There are two vServers one for the DMZ and LAN side, there is a NAT rule configured to forward traffic from the external IP to the DMZ vServer for the WAP's. Load balancing is working across the LAN vServer as I can browse to the ADFS URL's using the vServer IP. 

    The real issue is when I try to run the WAP trust relationship wizard to pair the WAP's and ADFS servers, there is an entry in the hosts file configured with the ADFS service name which points to the IP of the vServer in the LAN.

    I also know this is not a Citrix forum but the NS is configured with a service pointing to each of the four servers, I have tried using the following protocols SSL_TCP, SSL_Bridge and SSL. The result is the same for all of the protocols, there does not have to be SSL offloading done on the WAP/ADFS

    The error on the WAP is simply cannot save the configuration there is nothing in the events.

    I know ADFS has changed in v3.0 and in 2012 it used to be like load balancing any other SSL website.

    0 0


    We have a requirement wherein when a user who is a Membership manager for a group becomes inactive his groups should be rolled to the respective Group owners and also email notification should be triggered to each group Owner.

    For Ex: User A became inactive, and he was membership manager(MM) for 10 groups and 10 groups have 10 different groups Owners. So I need to roll up the MM field to 10 diff group Owners.

    I created a set which captures users for whom Employee Status is Inactive. I have a powershell activity in the Workflow that fetches all the groups for which the inactive user was the membership manager and also their respective Group Owners. Now to update the membership Manager field can we iterate through this list in Update Resource WF activity? Or it needs to be done via Powershell? or is there any better way?

    Thanks for the help!!

    Expecting a response.

    0 0
  • 06/10/15--08:02: 70-158 Certification update
  • Is the 70-158 Forefront Identification Management Certifcation going to be updated due to the new version - MIM 2016? 

older | 1 | .... | 118 | 119 | (Page 120) | 121 | 122 | .... | 204 | newer