Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Become the August 2015 FIM Guru!!! Here's how!

0
0

Just add your TechNet Wiki article to this list:

  

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. This includes a dedicated blog post in the Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, an announcement on your forum, and other acknowledgement from the community. 

Winners will be voted on by five judges. The judges consist of 3 Microsoft MVPs and TechNet Wiki Community Council members and 2 Microsoft Employee SMEs (Subject Matter Experts -usually the people making the technologies). The judges will be looking for articles that are thorough, technically accurate, visually clear (images might help, but aren't necessary), and well written.

 

How to Enter

1) Create a new TechNet article YOU CAN COPY YOUR CONTRIBUTION FROM MSDN/TECHNET FORUMS OVER TO TECHNET WIKI (IN AUGUST) TO QUALIFY FOR THESE AWARDS. You can also create a new article not related to your forums contributions. 

A) Log into TechNet/MSDN with your Microsoft credentials

B) Add your content as an article to TechNet Wiki: http://social.technet.microsoft.com/wiki/contents/articles/add.aspx%20  

If you are copying and pasting your MSDN/TechNet forum solutions over to TechNet Wiki, please give some introduction to the problem, make sure your steps are clear, and then link to the original forum post. You can also paste in your blog posts (rather than forum content).

2) Tell us about it To add a link to your article:

A) Log into TechNet with your Microsoft credentials

B) Click the "Edit" tab on the list of August Guru articles, and copy in the URL  to your TechNet Wiki article into the appropriate section, along with your name and link to your profile!

 

We're looking forward to seeing your article!

Thanks!


Ed Price, Azure & Power BI Customer Program Manager (Blog,Small Basic, Wiki Ninjas, Wiki)

Answer an interesting question? Create a wiki article about it!


SSPR and Google Authenticator

0
0

Hi,

I got a question from a customer the other day about the possibility to use Google Authenticator in SSPR for the OTP part after answering the security questions.

Does anyone knows if this is possible?

Regards

Patrik

FIM 2010 R2 Reset pasword Error 3000

0
0

Hello,

We are having trouble getting users to change their passwords.

The access to portal works good, the user received the email with the security code, but we the user tries to complete the password reset the following error appears:

“An error has occurred.  Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)”

We already review IIS Authentication Settings and the configuration is as shows the image

We followed the instruccions about Troubleshooting on this issue described on this website

https://jorgequestforknowledge.wordpress.com/2015/03/08/resolving-the-pwunrecoverableerror-error-with-fim-self-service-password-reset-sspr/

We fixed some configurations, but the issue persists.

Some aditional events we have on Event Viewer are described below:

Event ID 5605

Log Name:      Application

Source:        Microsoft-Windows-WMI

Date:          21-Aug-15 4:12:23 PM

Event ID:      5605

Task Category: None

Level:         Warning

Keywords:      Classic

User:          N/A

Description:

The root\WebAdministration namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy and run the script or application again.

Event ID 3

Log Name:      Forefront Identity Manager

Source:        Microsoft.CredentialManagement.ResetPortal

Date:          21-Aug-15 2:53:04 PM

Event ID:      3

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Description:

The error page was displayed to the user.

Details:

Title: Error

Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)

Source:

Attributes:

Details: System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError

   at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()

   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)

   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)

   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

CorrelationId:

RequestId:

ErrorCode: 3000

CaughtTime: 08/21/2015 14:53:04

Web Portal: FIM Password Reset Portal

Session Id: 5olobg55mqnzz5q3v2bzzxrp

IP Address: xx.xx.xx.xx

Event ID 2

Log Name:      Forefront Identity Manager Management Agent

Source:        ForefrontIdentityManager.ManagementAgent

Date:          21-Aug-15 3:28:15 PM

Event ID:      2

Task Category: None

Level:         Warning

Keywords:      Classic

User:          N/A

Description:

The Synchronization State Machine is now in this state: StoppingState.stopping  Thread #2

We will appreciate any advice about this issue.

Best regards,

Manuel


Manuel´s Microsoft Forums Threads


New MIM FIMSync SPN

0
0

Hi,

Just noticed on https://technet.microsoft.com/en-us/library/mt219038.aspx, that MIM will require a new SPN:

setspn -S FIMSync/mimservername.domain.local Domain\MIMSync

Could someone please clarify why this is needed in MIM (and wasnt in FIM)?

Thanks,

SK

Request Status: PostProcessing

0
0
Hello

I found on my FimService a lot of request in status PostProcessing which was generated 1 day ago or more.

Those requests should execute Action Workflows and I don't found any execution on workflow instances (Administration => all Resources => Workflow instances).

Is There any way to track if it's doing anything?


Faulting module name: clr.dll, version: 4.0.30319.34209

0
0

Hi All,

After Migrating from ILM 2007 to FIM 2010 R2 SP1, the synchronization service stopped automatically when the sync run and on re-start the service it work fine again. The service stopped randomly and not frequently.

I am not a .Net expert and suspecting some issue with my .net Framework.

Current .Net version is 4.5.2

Event Log

Faulting application name: miiserver.exe, version: 4.1.3627.0, time stamp: 0xXXXXXX
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0xXXXXXX
Exception code: 0xc0000005
Fault offset: 0x00000000005e2d30
Faulting process id: 0x1080
Faulting application start time: 0xXXXXXXXX
Faulting application path: C:\FIMTest\2010\Synchronization Service\Bin\miiserver.exe

Kindly advice and what is the root cause of it and how to get this fix.

Thanks in Advance,
Raja Village Sync

FIMService databas: error stopped-databasediskfull

0
0

Hi, 

I have some issues with FIMService database. I mean, i just have just few users on the fim portal and the size of datas present in the data is too high arround 23Gb. Can i know if some one have any idea about how it can be ? Maybe its a part of logs on the fIMService database which causes the damage. So where are them located ? 

Thanks a lot 

MIM2016 Installing FIM PowerShell Module - Export-FIMConfig : The term 'Export-FIMConfig' is not recognized as the name of a cmdlet

0
0

So I am trying to install Fim PowerSell Module for MIM2016. I downloaded the package from sourceforge and so one. When I run Create-FimServiceAccountAsFimPerson ps-script, powersell says:

Export-FIMConfig : The term 'Export-FIMConfig' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name
, or if a path was included, verify that the path is correct and try again.

What I am missing? It creates FimServiceAccount correctly.


Forgot user name

0
0

Hello,

 I forgot my user name but i remember my password. What should I do?

Does FIM Galsync require a target container in every connected Active Directory forest?

0
0

Hi everyone,

Hoping someone can help with my basic understanding of FIM Galsync.

The background is that we currently use FIM 2010 R2 Galsync along with  FIM 2010 R2 + WAAD connector to produce a consolitdated Office 365 GAL, referencing several Active Directory forests. This solution was implemented almost 3 years ago by an external consultant.

As each new Active Directory forest comes onboard, we deploy an on-premises Exchange 2013 Management server (or utilize an existing one if the forest has Exchange deployed) and add a new MAs to the Galsync and Dirsync servers.

To date as we create the new Galsync MAs we create and specify a Galsync target container, and this results in over 120K contact objects being provisioned in the new forest.

I'm wondering whether we actually need this Galsync target container in all the connected Active Directory forests, given that the synchronization to Office 365 is only done from the Galsync target container within the forest where FIM Dirsync server is installed.

I understand the need for the Galsync target container if all the Active Directory forest had on-prem email implementations, as Galsync would then maintain "repliability" if users moved between forests. However in this case where Galsync is deployed purely for Office 365 purposes I can't see the need.

My research found a document "Microsoft Identity Integration Server 2003 - Global Address List (GAL) Synchronization" which despite its age has a great technical description of Galsync. It mentions that provisioning of contacts can be disabled by the simple expedient of not defining a Galsync target container within the Active Directory forest in question.

Can anyone advise whether I can indeed disable provisioning of Galsync contacts within downstream Active Directory forests in this particular scenario? To be honest the Galsync contacts seem superfluous except in the forest where the FIM Dirsync server is homed.

SQL Service LogOn account change - FIM 2010

0
0

FIM Portal/ SQL database are on the same server and FIM Sync /SQL database are on the same server. My SQL team is requiring the SQL service logon account to be changed. What impact will changing the SQL service logon account be if any?

Thanks,

Steve

MIM 2016 Upgrade Error Issue - SQL Connector - Failed Connection - Column List -reording 0x80040e07

0
0

Completed our FIM to MIM 2016 upgrade (almost) 

The SQL MA (looks at a sql view - pretty basic) is giving me an error when I do a Full Import

no-start-ma failed connection error: column list reording 0x80040e07

Bit more background: 

During this upgrade / migration to MIM 2016 I moved servers to upgrade the OS from 2008 r2 to 2012 R2 for the FIM Server.

The databases (and DB Server) for the view and for the FIM Databases stayed the same. I did not make any changes to the view.

Any idea where to start?

Thanks;

Jonathan


Is It Possible to manage multiple system group and user/group relation using FIM Sync Engine ?

0
0

Here I explain simple case .

Object is something like this.

StudentName = "Test" , Branch = "IT", YearOfAdmission = "2015" ,System =  [Oracle = "Permission1, Permission2" , AD = "Permission1,Permission3" , SQL = "Permission2,Permission4" ] 

This user has can have access  to more than one system. 

Any help would be appreciable .

Error in custom activity: Could not load file or assembly 'Microsoft.IdentityManagement.WFExtensionInterfaces'

0
0

I had to roll back an update which was causing trouble, and rever to FIM version 4.1.3510.0.

Things look ok, but workflows with custom activities are ending in PostProcessingError, and I see this in the event log:

"Forefront Identity Management Service is not able to serialize this XOML definition"

Checking further in the event log, I see

"System.Workflow.ComponentModel: System.Workflow.ComponentModel.Serialization.WorkflowMarkupSerializationException: Could not load file or assembly 'Microsoft.IdentityManagement.WFExtensionInterfaces, Version=4.1.3510.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies."

However, if I check in C:\Windows\Assembly, that DLL is actually there, with the proper version.

Any hints?

Thanks in advance,
Paolo 


Paolo Tedesco - http://cern.ch/idm

Is it possible to have filter during Export when only Synchronization service is used ?

0
0

Let me explain scenario.

I am using only Synchronization service. 

Now during import of user object and its roles of user. Role contain information about end system as well. 

So for example. If you look at below table it get during import. Now during Export if AD MA is MAName then export only group for user which has SystemName = System1. 

samAccountNameFirst NameLastName
Test1TestTest
Test2TestTest
Group1
Group2
GroupNameSystemNamesamAccountName
Group1System1Test1
Group2System1Test1
Group1System2Test1

Is This possible ? Any help would be appreciable.


MIM 2016 OS & Browser Support

0
0

Does MIM 2016 support Windows 10?  The Microsoft Identity Manager 2016 TechNet page (https://technet.microsoft.com/en-us/library/mt150253.aspx) doesn't mention it as a supported operation system.  However, this blog posting (http://blogs.technet.com/…/microsoft-identity-manager-2016-…) indicates it does.  I'm looking for an official statement.

In regards to browser support, does the MIM Portal still only support IE, or does it now support Chrome or Microsoft Edge?

Thanks,

Marc


Marc Mac Donell, VP Identity and Access Solutions, Avaleris Inc.
http://www.avaleris.com

Deploying MIM 2016 - no MIMMA account was created in SQL and initial Create MA failes

0
0

I have followed TechNet Deploy MIM and have been successful with the initial build. I installed the MIM 2016 Synchronization Service , the MIM Service & Portal and attempted to Create the MIM MA for the FIM Management Service Agent.   I get errors "Failed to connect to the specified database".  The document states to use the contoso\MIMMA account I created at the beginning of the build along with other service accounts and groups.

I checked the SQL 2014 Standard instance on the same server.  It only has two accounts provisioned for MIM (MIMService & MIMSync)

What MIM accounts are required to have logins & roles in SQL?

Is MIMMA the correct account to use for this function?

Thanks, Stu

MIM 2016 Server Installation Download, Where do I find it?

0
0

I feel stupid having to as this, but:

I have been using the MSDN version of MIM 2016 for my Lab, but now I need to move into production and I can not find where to download the GA release of MIM 2016. I meet the requirements of having MIM 2016 Cals, and Windows Server with SA, but I dont see the server download in my volume license site or anywhere else for that matter.

The MIM site states that:

Microsoft Identity Manager 2016 is licensed on a per-user basis. A Client Access License (CAL) is required for each user whose identity is managed. A Windows Server license with active Software Assurance is required to use Microsoft Identity Manager 2016’s server software as a Windows Server add-on.

So, where do I download or acquire this "add-on"?

Thanks!

BHOLD - General Operational Questions

0
0

I have questions about the day-to-day operations of users, organizations, roles, well all the objects within BHOLD.

My initial BHOLD structure loaded, was represented and operated well in BHOLD.  But, a department hierarchy change occurred and I can't figure out how to make those changes in BHOLD. The core web site doesn't appear to allow for that manipulation.  And, the MA syncs (actually, it's the import) are throwing errors about not being able to import exported changes.

How are changes to the structure of an organization handled in BHOLD?  i.e. if a new department is created, or the department hierarchy changes.  How are those changes accomplished in BHOLD?

How are users that change departments handled? 

Is this what the model generator is for?

I'm still trying to define the value of BHOLD for my clients.

Thanks,

Greg Wilkerson

BHOLD Model Generation - User File - Multiple Org Units

0
0

I've been looking over the specs for generating the model files and have discovered a possible an inconsistency in them.

For users:

The doc (https://msdn.microsoft.com/en-us/library/jj134933(v=ws.10).aspx) specs out the primary key for the Users table to be Employee_ID.  Yet further down, the sections states:

User linked to multiple orgunits

If a user must be linked to more than one orgunit, different records, one per orgunit, must be created for the user in the user file.

If I follow the specs for the primary key, I'll have to create a new Employee_ID for every additional Org Unit the user is in.  This makes no sense to me and makes me wonder if the primary key should be Employee_ID and OU_Key_1.

Any help here? 

Greg

Viewing all 4767 articles
Browse latest View live




Latest Images