I'm looking for a way to use the SQL MA to write username and encrypted password to SQL database. Getting the usernames iinto SQL is a"normal" FIM job and the database can be set as a password target (PCNS is already in place) . To get started does anyone have a sample password extension? And what additional field is required in the database to store that password.
Also, can a diiferent encryption method be used when writing out the password to the sql database?
Thnx
JD
So I have added computers to the FIM portal to allow IT admins modify computer attributes and project them back to AD.
I am unable to modify the columns displayed on the pages I have created though. I customized the columns in the All Users it was easy, I followed the same steps and modified the columns in the search scope for all Computers but no luck.
Any assistance on this would be helpful.
Russell Lema
I have enabled password sync (pcns) in FIM and use our AD as the source. I've got 2 target MA's, 1 being a simple SQL database. Both targets have the MA's have password management enabled and the SQL MA has a custom extension assigned.
When I change a password in AD I can see the correct events being created on the DC.
On the FIM server I can see events (stage & set) being created for the 1 MA but the SQL MA is not even triggered. No errors nothing. What am I missing?
Thanks
JD
Is it possible to have SMS gate active only when the user is accesing the FIM Portal outside the N/W ?
Experts,
Could anyone suggest how many objects can we manage by FIM(Specially FIM Synch Service)? My curiosity arises because only one instance of FIM Synch service can be active at a time.
How many objects can we go on making without hitting a performance or functionality hit?
Thanks,
Mann
Event log:
The mail sender could not send an outbound email. This failure indicates a misconfiguration either with the mail server or with the specific mail. Frequent, repeating instances of this event indicate a failure with the mail server. If this
event occurs alongside event 12, then this event indicates a failure with Exchange. Infrequent instances of this event indicate misconfiguration of individual emails.
The mail server address is incorrect or specific outbound email has invalid data.
Ensure that the mail sender is configured to connect to the correct mail server and that the outbound mail has correct email addresses.
The specific exception reported by the mail server:
--------------------
This is every time i am trying to register for password reset.
Exchange 2013
This is from C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config
<add key="mailServer" value="https://mail.mydomain.com/ews/exchange.asmx" />
<add key="isExchange" value="1" />
<add key="sendAsAddress" value="fim-farm@mydomain.com" />
P.S. Ip of FIM server is added for free relay in exchange, so i can freely send mail with telnet.
Be real
Hi everyone,
I'm experiencing troubles while trying to upgrade FIM Synchronization by installing hot fixes.
My current version is (4.1.3114.0) and I need to go up to new hotfix (4.1.3613.0).
While installing the file (FIMSyncService_x64_KB3011057), I am getting this message :
" Forefront Identity Manager Synchronization Service was not successfully installed. To install Forefront Identity Manager Synchronization Service, run this wizard again."
When I run it again, I get the same message.
I will be grateful if someone can help.
Thanks in advance.
When I try to create a MA based on ECMA2 I get an error on the connectivty page.
For instance if I use a SQL MA based on ECMA2 I get an error on the connectivity page stating "Unable to retrieve schema. Error: An anchor attribute defined by the extension...."
JD
Hi all,
I got an error when I try to open FIM Synchronization Service although the service is started now.
My current login account is a member of administrators local group and FIMSyncAdmins group. (Even a member of Domain Admins). But it cannot work.
I also try to restart the server (because right after install FIM, I also installed hotfix for FIM server)
Anyone can help please?
Have this in logs
1) WARNING: Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity.rules.
2) WARNING: Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.ReceiveCreateResourceActivity.rules.
3) ERROR: Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> Microsoft.ResourceManagement.WebServices.Client.AuthorizationRequiredException: Permission is
required
at Microsoft.ResourceManagement.WebServices.Client.Resource.Update(ClientOptionsHelper clientOptionsHelper)
at Microsoft.ResourceManagement.WebServices.ResourceManager.ResumableUpdate()
at Microsoft.ResourceManagement.WebServices.ResourceManager.Resume(ContextualSecurityToken securityToken)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.FinalizeRegistration()
at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
at System.Web.UI.TemplateControl.OnError(EventArgs e)
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.default_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
4) WARNING: Invalid or NULL email address
5) ERROR: Microsoft.ResourceManagement.Service: System.ArgumentException: Invalid or NULL email address
at Microsoft.ResourceManagement.Mail.Utilities.ValidateMailMessage(GenericMessage message, IMailServer mailServer)
at Microsoft.ResourceManagement.Mail.ApprovalMessage.Send(Int32 timeoutInMilliseconds)
at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.SendMailMessage(MessageContent messageContent, Int32 timeoutInMilliseconds)
at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
--------------------------------------
What is already done:
1) Double checked all setup process with permissions, wmi, dcom, etc.
2) double checked that Fim service account is mail enabled end can successfully reach EWS web page without any issues.
3) All users have e-mail fields filled
4) Totally confused. Don't know where to dig.
Be real
I have some Distribution Groups which can be managed through Exchange by the owners. I have inbound Sync rules to import the changes to FIM. I am facing following issues in the process:
1) If a new owner is added to a group through Exchange, after import, I can see the the new user in the owner attribute, but the previous owner only in the Displayed Owner attribute (not as both owner and Displayed Owner). This causes the error in the FIM portal when I open the group "Please select a displayed owner among the owners above".
2) If an owner adds a new owner to the group through exchange, and if the new owner comes above in the list in alphabetic order, then the new owner is set as the Displayed Owner in FIM after import (the displayed owner gets changed).
how can I address these issues? Any help will be appreciated.
hello,
I want to prepare a lab for my FIM deployment. do you think it is possible to have all roles in a single server? I mean to have portal sync and SCSM on a single server. this is because I am running low on resources and as a result I want to have a FIM server for everything related for my FIM.
Thanks
I have Azure DirSync setup, working. Have been syncing user groups for Office, OneDrive, SharePoint. No Exchange online. Exchange is completely on prem.
No issues with syncing users, licensing for Office, OneDrive all good.
Now I need to start syncing some groups for SharePoint permissions. I've added OUs for groups to partitions that will sync with DirSync. Some groups sync okay, others cannot be seen in Azure. It appears that the groups that are not syncing are all distribution groups. Again - no - Exchange Online, Exchange is on Prem.
What is required to sync an on prem distribution group in Azure?
Trying to modify FIM 2010
Product Name: Forefront Identity Manager Service and Portal.
Product Version: 4.1.3646.0.
Product Language: 1033.
Reconfiguration success or error status: 1603.
In debug logs finded only Error 1316. The specified account already exists. Can't imagine what's wrong, as all service accounts are working ...
Debug LOG, containing exact error and install sequence:
Action start 21:35:11: InstallExecute.
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack retraction.
CAQuietExec: Removing feature for microsoftidentitymanagement.wsp
CAQuietExec: Retracting microsoftidentitymanagement.wsp
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack retraction.
CAQuietExec: Removing feature for microsoftilmportalcommondlls.wsp
CAQuietExec: Retracting microsoftilmportalcommondlls.wsp
MSI (s) (CC:38) [21:37:15:705]: Using cached product context: machine assigned for product: 39D42BE8AB19D534FB8839931C4C3626
MSI (s) (CC:38) [21:37:15:705]: Using cached product context: machine assigned for product: 39D42BE8AB19D534FB8839931C4C3626
MSI (s) (CC:38) [21:45:51:298]: Product: Forefront Identity Manager Service and Portal -- Error 1316. The specified account already exists.
Action ended 21:45:51: InstallExecute. Return value 3.
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack deployment.
CAQuietExec: Deploying microsoftilmportalcommondlls.wsp
CAQuietExec: Adding feature for microsoftilmportalcommondlls.wsp
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack deployment.
CAQuietExec: Deploying microsoftidentitymanagement.wsp
CAQuietExec: Adding feature for microsoftidentitymanagement.wsp
Action ended 21:48:54: INSTALL. Return value 3.
Action ended 21:48:54: ExecuteAction. Return value 3.
Action start 21:48:54: FatalError.
Action ended 21:57:19: FatalError. Return value 2.
Action ended 21:57:19: INSTALL. Return value 3.
=== Logging stopped: 14.07.2015 21:57:19 ===
MSI (c) (E0:A0) [21:57:19:026]: Product: Forefront Identity Manager Service and Portal -- Configuration failed.
Be real
Still having a few issues with upgrading our FIM dev environment to be a replica of prod. The scripts MS provide for export & import schemas & policies work on the export side but fail on import.
Is there a way to wipe the existing FIM dev environment (i.e. remove all MA's and non standard portal content) but without having to rebuild the whole FIM server?
Thanks,
Mikey
Hi,
In our Sync system, there are two source SQL MAs. The users from two different sources i.e. SQLMA1 and SQLMA2 has to be synchronized to metaverse and from there these users should exported to FIM MA.In detail we have
1. SQLMA1-->Source1
2. SQLMA2-->Source2
3. FIMMA--
4. ADDSMA-->Target.
The flow will be like, the Users will come from Source1, Source2 and will be exported to FIM. From FIM these users have to be provisioned to AD.
SQLMA1-->FIMMA-->ADDSMA
SQLMA2-->FIMMA-->ADDSMA
In this scenario, how can i map the attributes.How will be the metaverse attribute mappings with the source system and target system. For example AccountName and FirstName, how can i map these two attributes in order to achieve.
Thanks
Prasanthi
Hello Everyone,
do you know how i could create a group in the portal when an sql table is created and delete it when its deleted,
+ user membership of course :)
thanks
Hitch Bardawil
Hello!
I have MA for csv file.
When I do Full import and Full Sync to metaverse, in metaverse attribute Manager is clear.
Preview Full Sunc - Attribute Manager - Applied Delete and Final Value is Deleted.
Users have ID.
Manager in csv - ID.
In Csv MA Manager is Reference(DN) attribute.
Why I get clear attribute in metaverse?
Alex
Hi all,
We have a SharePoint 2013 Enterprise farm and I was wondering if I could deploy the FIM portals on this version of SharePoint as the MS documentation speaks only of SharePoint Foundation. Technically I am pretty sure it can be done but I need to know if I would be supported by Microsoft in that scenario.
Thanks
