How to install the SQL Server Full-Text Search component?

July 27, 2015, 10:30 am

≫ Next: Security Update for Microsoft Sharepoint Foundation 2010 (KB3054847)

≪ Previous: FIM portal not opening

$

0

0

Hi All, I have installed SharePoint Foundation 2013 on my Windows 2012 standard server, as a prerequisite to installing FIMs.

Exchange 2013 was previously installed on this server and so some fiddling was required to alter the bindings in IIS after the SharePoint install. Fine moving on....

The SharePoint installed MS SQL Server 2008 R2 and completed.

When I attempt to install FIMs, and point it to the sharepoint instance, it complains that SQL Server Full-Text Search component is not installed.

After several attempts using various methods install, I am unable to figure out how to get that SQL component installed.

Even if I copy over the SQL Server 2008 installation files locally and run setup, the component is not available for install.

Tried also running SharePoint.exe again however the option to add that component was not available.

What am I missing?

Thanks very much

Andy

---

Security Update for Microsoft Sharepoint Foundation 2010 (KB3054847)

July 27, 2015, 1:14 pm

≫ Next: FIM CM 2010 supported browsers IE11

≪ Previous: How to install the SQL Server Full-Text Search component?

$

0

0

We have FIM 2010 R2 SSPR quickstart deployed. However, there has been some customizations on top of what was installed.

There is KB3054847 pending from MS update. Is it safe to install this one? Are there any known issues?

Thanks!

FIM CM 2010 supported browsers IE11

July 28, 2015, 1:31 am

≫ Next: FIM Portal: Unable to process your request

≪ Previous: Security Update for Microsoft Sharepoint Foundation 2010 (KB3054847)

$

0

0

I have general question regarding supported browsers in FIM CM 2010.

The FIM CM 2010 instilled on Server 2008 enterprise, i would like to know if FIM CM 2010 support internet explorer IE11?

and if i need to install HF for supported IE11 on FIM CM 2010.

Thanks !!!

OLGN 

FIM Portal: Unable to process your request

July 28, 2015, 7:21 am

≫ Next: Import-FIMConfig Exception

≪ Previous: FIM CM 2010 supported browsers IE11

$

0

0

Just installed the FIM portal, I am able to access the portal and use it locally without issue, if I access from a remote server I can view the front page fine but if I click users then click search I get:

Unable to process your request.  
   Please contact your help desk or system administrator. 


If I access remotely, click administration, schema, bindings, all that loads fine. When I click to view page two of bindings I get the same error. Seems certain actions are causing an error but I have no idea where I begin to debug such a thing.

Portal currently only has my user account and the built-in sync, I've not set-up a FIM portal MA yet. Portal, service and sspr portals are on server 1, the sync server and sql are on server 2. 

Any suggestions would be great. Thanks.

Import-FIMConfig Exception

July 29, 2015, 2:46 am

≫ Next: Migration of users/groups to Azure active directory from multiple forest

≪ Previous: FIM Portal: Unable to process your request

$

0

0

Hi Folks,

I am trying to import a single Workflow from Dev to UAT env. Below is the code snippet I used to export the WF into a xml file.

$WorkflowsInFIM = Export-FIMConfig -Uri $URI –OnlyBaseResources -CustomConfig "/WorkflowDefinition[DisplayName='ABC']"     

$WorkflowsInFIM | ConvertFrom-FIMResource -file E:\WorkSpaces\MyFolder\Sample.xml

Now when I try importing it, using the CommitChanges.ps1(From the TechNet blog), I get the below exception

Import-FIMConfig : The input object cannot be bound to any parameters for the command either because the 
command does not take pipeline input or the input and its properties do not match any of the parameters that 
take pipeline input.
At line:15 char:29
+ $undoneImports = $imports | Import-FIMConfig
+                             ~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Resou...el.ExportObject:PSObject) [Import-FIMConfig], 
    ParameterBindingException
    + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ResourceManagement.Automation.ImportConfig

Can someone guide me here. Also is this the correct way to export and import a single Workflow from one env. to another or is there any other approach. Please guide.

Thanks in Advance.

---

Veena

Migration of users/groups to Azure active directory from multiple forest

July 29, 2015, 7:11 am

≫ Next: Web Service Configuration Tool

≪ Previous: Import-FIMConfig Exception

$

0

0

Hi,

We have one requirement to integrate/move  users/groups from  multi-forest, multi-domain AD environment to Azure Active directory and manage the password of users. I knew that FIM provides the AAD connector to move the user/groups object  to AAD. Request you please suggest me for the below.

1. Where we need to deployee FIM - On premise or on cloud? 

2. Whats are the others main things we need to consider  for solution.

3 What about the FIM SSPR. Does it support the password reset on AAD.

4. is there any document for it?

Thanks

Harry

   

Web Service Configuration Tool

July 29, 2015, 12:44 pm

≫ Next: Lotus notes management agent

≪ Previous: Migration of users/groups to Azure active directory from multiple forest

$

0

0

Hi,

I am trying to configure the web service configuration tool to connect do Cisco CUCM AXL, but the web service address cannot find Web service discovery information in the address of the server.

Dont know if it is the best way to do the SOAP integration  with FIM.

Help.

Lotus notes management agent

July 30, 2015, 1:22 am

≫ Next: FIM Troubleshooting: Error 80230904 occurs when Sync Service Manager tries to create GAL MA and connect to another forest

≪ Previous: Web Service Configuration Tool

$

0

0

Hello, 

I would use the MS lotus notes management agent, and I have a question about Certifier. 

Is it possible to use many certifier file for the management agent, or should I have a management agent per certifier organization ? 

Thanks for help 

Regards

---

FIM Troubleshooting: Error 80230904 occurs when Sync Service Manager tries to create GAL MA and connect to another forest

July 30, 2015, 5:21 am

≫ Next: Custom Workflow not running

≪ Previous: Lotus notes management agent

$

0

0

Hi All,

I am testing GAL sync between 3 forests. With 2 forests, everything is fine. When I try to add the third GAL sync management agent, Synchronization Service Manager fails to connect to the forest and shows error alert with number 80230904.

I suspect the reason of failure is in the new forest which FIM tries to connect. What does this error number mean? Besides showing this number, nothing is recorded in logs. I am failing to find any info on this error.

FIM 2012 R2 SP1 version: 4.1.3646.0, works on Windows 2008 R2 machine, the first and second forests are of level 2012 R2, and the third new one (failing) is of level 2008 R2.

Regards
Dmitry

Custom Workflow not running

July 30, 2015, 7:01 am

≫ Next: MIM or AAD Connect?

≪ Previous: FIM Troubleshooting: Error 80230904 occurs when Sync Service Manager tries to create GAL MA and connect to another forest

$

0

0

I am following these two articles to create a workflow that will create Accoutname for a user using firstname and lastname when user is created in FIM portal.

https://msdn.microsoft.com/en-us/library/windows/desktop/ff859524(v=vs.100).aspx and 

http://www.fimspecialist.com/fim-portal/custom-workflow-examples/generate-unique-attribute-workflow-using-enumerate-resources-activity/

I was able to successfully build the solution and created the workflow in FIM attached to an MPR-> administration:administrator and read and update users.

When i create a user . two requests are generated.

One is post processing error . Details are 

<RequestStatusDetail xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" 

DetailLevel="Information" EntryTime="2015-07-

30T13:01:04.7015693Z">Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ManagementPolicyRule
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, 

Boolean applyAuthorizationPolicy)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessPutWorkItem(UpdateRequestWorkItem 

updateWorkItem)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem 

workItem)</RequestStatusDetail>
------------------------------------------------------------

However user is created. and then another request is generated to update account name by the user itself not administrator

For second request , Denied.

Stack Trace is as following

Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ManagementPolicyRule ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure DoEvaluateRequestInner, Line 1319, Message: Permission denied:<ai><Name>AccountName</Name></ai>
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader()
   at Microsoft.ResourceManagement.Data.DataAccess.EvaluateRequest(RequestType request, RequestEvaluationOptions options)
   --- End of inner exception stack trace ---

any help is appreciated.

---

AdiKumar

MIM or AAD Connect?

July 30, 2015, 7:39 pm

≫ Next: FIM2010: Writing Advanced Attribute Flows

≪ Previous: Custom Workflow not running

$

0

0

Hi everyone,

We have a scenario where I'm having trouble nailing a high level design so wanted to post here, see if I can get some answers and also share.

Scenario:

- only working with identities from Microsoft AD and Azure AD

- Account self service features and other identity sources are of low importance 

- New'ish Resource Forest

- Several user forests from which users will most likely be migrated to the resource forest at some future date (typical merger scenario)

- Requirement for shadow accounts in resource domain for Lync and possibly Exchange at a later date

- 2 new Azure tenants (geographical/political reasons), probably two more at a later date

- User UPN's dont match email address and not viable at this time to change the UPN within AD

- Requirement to do Password hash to Azure

Originally we were envisaging FIM in the resource domain to bring the identities together and create the shadow accounts.

We would also use inbound rules to transform the email address to UPN.

Then use 2 x AADSync installs to sync users to the tenants (UPN eu.company.com to tenant 1 and UPN na.company.com to tenant 2). 

I have learnt that FIM doesn't do password hash to Azure, a must have for us, so initially I was thinking I'd have to wait for MIM but am now asking myself if I actually need MIM for this scenario.

Can AAD Connect do what I want ... transform email to UPN, password hash to Azure and create shadow accounts in the resource domain?

Thanks,

Aengus

FIM2010: Writing Advanced Attribute Flows

July 31, 2015, 2:14 am

≫ Next: stopped-entry-export-error can't provision any accounts to AD

≪ Previous: MIM or AAD Connect?

$

0

0

 

FIM Community Information Center Article

 

Wiki Page: FIM2010: Writing Advanced Attribute Flows

 

Go to the FIM Community Information Center

 

 

stopped-entry-export-error can't provision any accounts to AD

July 31, 2015, 6:33 am

≫ Next: Create group in FIM with powershell script

≪ Previous: FIM2010: Writing Advanced Attribute Flows

$

0

0

Hello,

 I'm using FIM 2010 R2 (4.1.3419.0) and Exchange 2010, I've recently hit an issue whereby the AD MA stops running due to "Stopped-entry-export-error". My environment was working fine, AD accounts and Exchange mailboxes were being provisioned OK (confirmed working for the past 6 months). I've only come upon this error since we installed around 25 Windows updates on our DC, Exchange server and FIM synchronization server.

 There is no associated error in the Synchronization service Application for the user object(s) which cause an error (as you'll see it's blank in the picture). AD MA delta imports and syncs work fine, but exports always fail with different user accounts (so I don't think it's an issue with the accounts being synced). Looking at the Windows logs shows errors as below:


Application log (typical error for a user):

There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=jp um 
receptionist,OU=staff,OU=Accounts,DC=contoso,DC=local. Type: Microsoft.MetadirectoryServices.ExtensionException Message: **** ERROR **** Property 
expression "jp um receptionist" isn't valid. Valid values are: Strings formed with characters from A to Z (uppercase or lowercase), digits from 0 to 
9, !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } or ~. One or more periods may be embedded in an alias, but each period should be preceded and followed by at least one of the other characters. Unicode characters from U+00A1 to U+00FF are also valid in an alias, but they will be mapped to a best-fit US-ASCII string in the e-mail address, which is generated from such an alias. Property Name: Alias **** END ERROR **** Stack Trace: at  Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String new DN, String failedDeltaEntryXml, String errorMessage)
　

Application Service Log (Forefront Identity Manager) - Error (happens every 30 minutes, this has been happening for 2 weeks, since the updates were installed):

Microsoft.ResourceManagement.Service: System.InvalidOperationException: Operation is not valid due to the current state of the object.
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0 (Boolean findUnreadItems) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object 
state)


Here's the relevant section from my Microsoft.ResourceManagement.Service.exe.config file

<appsettings>
< add key="mailServer" value="https://email.contoso.com/ews/exchange.asmx" />
<add key="isExchange" value="1" />
<add key="SendAsAddress" value="svc-fim@contoso.com" />
<add key="synchronizationServerName" value="SvrFIM01" />
</appsettings>

If I browse to https://email.contoso.com/ews/exchange.asmx I'm PROMPTED for Windows logon credentials (the EWS virtual is configured for anonymous and windows authentication).Upon entering the FIM service account details, the appropriate xml page appears (no certificate warnings or errors are generated). I can logon the FIM service mailbox and send emails.

The error may be down to a PowerShell problem, as I couldn't initiate a remote PowerShell session from my FIM service account to the Exchange server using:

$session=new-pssession -configurationName Microsoft.Exchange -connectionuri https://email.comtoso.com/PowerShell

To get around this, I've added the fim service account to Organization management (it was already a recipient management user) and added it the local administrators group on the FIM server, I then restart the fim synchronization and fim service. The remote Power Shell connection works fine, but the AD MA export still does not.

There are some warnings in the Application logs about not being able to connect to the Exchange web services, however I think these are red herrings as they've been going on for over a year (during which time FIM has been working fine)
https://social.technet.microsoft.com/Forums/forefront/en-US/993a34dd-2c38-431a-8e36-c5be1bb2cf7f/fim-warning-cannot-access-exchange-web-service?forum=ilm2

I would appreciate some help in resolving this as it's currently got me stumped.The only thing I can try is removing the security patches and giving the fim service account administrative and exchange organization management permissions on the server and rebooting all boxes.

Thanks in advance
  

Create group in FIM with powershell script

July 31, 2015, 7:50 am

≫ Next: Application group member to metaverse

≪ Previous: stopped-entry-export-error can't provision any accounts to AD

$

0

0

Hello,

i'm trying to automate group creation in FIM by using a powershell script.

as i found this page on technet i'm trying to use already build functions from there but for some reasons things are not working as i was expecting to.

"ResolveObject" is the functions that doesn't seems to work, or i'm totally wrong about what it suppose to do.

i was expecting that this function should identify an object in FIM in order to use its ObjectID (for example on group creation - to identofy group owner object) - eider it doesn't suppose to do this or it has some mistake in it.

Can anyone please help me understand or fix this function,
Thanks,
Marius

function ResolveObject
{
    PARAM([string] $ObjectType, [string]$AttributeName, [string]$AttributeValue)
    END
    {
        $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
        $importObject.TargetObjectIdentifier = $TargetIdentifier
        $importObject.ObjectType = $ObjectType
        $importObject.State = 3 # Resolve
        $importObject.SourceObjectIdentifier = [System.String]::Format("urn:uuid:{0}", [System.Guid]::NewGuid().ToString())
        $importObject.AnchorPairs = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.JoinPair
        $importObject.AnchorPairs[0].AttributeName = $AttributeName
        $importObject.AnchorPairs[0].AttributeValue = $AttributeValue
        $importObject
    }
}

Application group member to metaverse

July 31, 2015, 9:14 am

≫ Next: Oracle Management Agent not delete object in Connector Space

≪ Previous: Create group in FIM with powershell script

$

0

0

Hi

I have 3 MA :

• FIM
• AD
• Application #1

Im trying to add Application's #1 group membership to FIM thru a delimited text file. Basicly, the file look like : 

User / Group

user1 group3
user1 group2
user1 group6
user2 group4
user2 group5
user3 group7

My understanding is that the user's need be referenced object to be add has group members. Referenced object need to be in the same connector space has my Application #1 connector but I can't because users are from AD

• Users are from the AD. They have the same account name in the application. 
• Group need to be imported from Application #1 delimited textfile

Im trying to figure out a way to link all my applications access to a user. How would you do this ?

THANKS

---

Oracle Management Agent not delete object in Connector Space

July 31, 2015, 2:20 pm

≫ Next: Forefront Identity Management Sharepoint Profile Store Connector error: Value cannot be null. Parameter name: strAccountName

≪ Previous: Application group member to metaverse

$

0

0

Hi all,

I have an issue with the Oracle Database Management Agent, when i run a Full Import not detect deleted objects in the data source. When i search in the connector space the objects exists and are marked like connectors. 

The management agent connect to an oracle view. 

Someone has had the same error? any idea about the error?

Regards

---

MCP-ASP.NET With C#, MCTS SQLServer 2005 I&M

Forefront Identity Management Sharepoint Profile Store Connector error: Value cannot be null. Parameter name: strAccountName

July 31, 2015, 3:13 pm

≫ Next: Custom user information view and additional fields from other sources

≪ Previous: Oracle Management Agent not delete object in Connector Space

$

0

0

I am using Forefront Identity Manager 2010 R2.  We have installed the Microsoft SharePoint Profile Store connector and have setup up attribute flow to my SharePoint Server.  We have disconnected and disabled the Native FIM Sharepoint Profile Connector that is deployed by SharePoint (This is my SharePoint DEV environment).

I followed this Documentation: https://msdn.microsoft.com/en-us/library/Dn511003%28v=WS.10%29.aspx

I used input from: http://goodworkaround.com/node/70

I am pushing all the standard attributes such with no Custom Attributes on the SharePoint side.

Data flow is one direction from my FIM Installation to Sharepoint. We do not have any flows from SharePoint to FIM.

I have exported several thousand user objects to SharePoint with Success, photographs included.  User profiles are working and successful.

After a few days of letting the synchronization bake, I am finding that Updates to user objects are failing on Export to SharePoint with the following error (taken from the MA error message):

Export retry FAILED for Entry[ObjectType: user, Anchor: DOMAIN_USER1234__fa631765-12b1-4da1-879-2dcfd6a7afae]..
 Error: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Value cannot be null.
Parameter name: strAccountName
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.IdentityManagement.Connector.Sharepoint.SharePointProfileImportExportService.ProfileImportExportService.UpdateWithProfileChangeData(Int64 importExportId, ProfileChangeData[] profileChangeData)
   at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointServiceProvider.UpdateWithProfileChangeData(Int64 importExportId, ProfileChangeData[] profileChangeData)
   at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointConnector.PutExportEntries(IList`1 csEntries)

I have verified that the AccountName is not blank as this error suggests.

The XML of the update request (As pulled from a network trace):

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <soap:Body>
        <UpdateWithProfileChangeData xmlns="http://microsoft.com/webservices/SharePointPortalServer/ProfileImportExportService">
            <importExportId>104</importExportId>
            <profileChangeData>
                <ProfileChangeData>
                    <ProfileIdentifier />
                    <DistinguishedName>DOMAIN_USER12345__8ce5dfd2-0b49-40fb-8b56-7a2b740256cb</DistinguishedName>
                    <ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
                    <ObjectClass>user</ObjectClass>
                    <PropertyChanges>
                        <PropertyChangeData>
                            <Name>LastName</Name>
                            <ChangeType>Modify</ChangeType>
                            <Values>
                                <anyType xsi:type="xsd:string">Smith</anyType>
                            </Values>
                        </PropertyChangeData>
                        <PropertyChangeData>
                            <Name>WorkEmail</Name>
                            <ChangeType>Modify</ChangeType>
                            <Values>
                                <anyType xsi:type="xsd:string">SSMith@domain.com</anyType>
                            </Values>
                        </PropertyChangeData>
                    </PropertyChanges>
                    <ChangeType>Modify</ChangeType>
                </ProfileChangeData>
            </profileChangeData>
        </UpdateWithProfileChangeData>
    </soap:Body>
</soap:Envelope>

The SharePoint server response:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <soap:Body>
        <soap:Fault>
            <faultcode>soap:Server</faultcode>
            <faultstring>Server was unable to process request. ---&gt; Value cannot be null.

Parameter name: strAccountName</faultstring>
            <detail />
        </soap:Fault>
    </soap:Body>
</soap:Envelope>

I can delete the profile in SharePoint and after a full sync the profile will be there with the updated data.

Any thoughts on why SharePoint would be rejecting this update.

Custom user information view and additional fields from other sources

August 1, 2015, 7:51 am

≫ Next: Dynamic Multivalue User Attribute -> Security Groups

≪ Previous: Forefront Identity Management Sharepoint Profile Store Connector error: Value cannot be null. Parameter name: strAccountName

$

0

0

Hello cloud of wisdom :-)

I was wondering if, using FIM 2010 R2 portal, this is possible:

1) Modifying the "User view" where the users can see and modify their attributes to limit what attributes they see and what attributes they are able to modify 

and 

2) If that view code can be modified to include information from other data sources, like information coming from an application that stores some assets information in SQL.

I have been playing around he customization document and settings for the FIM portal but I could not find this.

Thanks in advance!

---

http://xna-para-torpes.blogspot.com Your Spanish site about XNA !

Dynamic Multivalue User Attribute -> Security Groups

August 1, 2015, 9:12 pm

≫ Next: Objects are not provisiong between two Active Directory Forest

≪ Previous: Custom user information view and additional fields from other sources

$

0

0

Hi All and thanks for any advice

We are migrating from Novell IDM and have struck a issue with MS FIM 2010

we have Teachers and Students with Classes stored in multi-valued attributes,

The list changes as subjects and classes get added, changed and deleted, we would like FIM to create the classes as security groups in Active Directory and assign members,

NOTE: the key point is we are trying to avoid creating a rule for every security group, the goal would be to have FIM create the groups that are in the users attribute and assigning/removing members with changes,

example data in FIM

user1 - classcosed = 11MTA01, 11ENG03, 11DES02

user2 - classcosed = 11MTA02, 11ENG03, 11DES02

user3 - classcosed = 9MTA01, 9ENG03, 9DES02

user4 - classcosed = 9MTA02, 9ENG03, 9DES02

Desired Security Groups Result in Active Directory

11MTA01 = user1

11MTA02 = user2

11ENG03 = user1,user2

11DES02 = user1,user2

9MTA01 = user3

9MTA02 = user4

9ENG03 = user3, user4

9DES02 = user3, user4

again thank-you in advance for any ideas

Steve

Objects are not provisiong between two Active Directory Forest

August 3, 2015, 6:54 am

≫ Next: adding an email toDG

≪ Previous: Dynamic Multivalue User Attribute -> Security Groups

$

0

0

Dear All,

I have created FIM 2010 environment for synchronizatoin between two different AD forest and i have done all the configuration which is necessary for it but still users are not provisioning in external AD.

If anyone have got step by step document then please share with me and please help me to check all the steps to do this.

Please see the below mentioned steps in which i have done all the steps and if i skipped anything so please let me know.

1- FIM Active Directory Service Agent.

2- FIM MA agent.

3- Synchronization Rules.

4- Management Policy Rules

5 - Work FLows

- FIM ADMA Full Import and Full Sync is working fine

- FIMMA Full Import is working fine

- FIMMA Export is not sending the data to the external AD metaverse.

Regards,

Shakeel Shahid