Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 130 | 131 | (Page 132) | 133 | 134 | .... | 204 | newer

    0 0

    Hi All,

    We have FIM 2010 R2 SP1  [Version 4.1.3451.0]. Does it supportsSQL Server 2012 SP2?

    We could find it support SQL 2012 from below blog. But we are looking for information on whetherSQL 2012SP2 versionis supported or not?

    Can anyone help with this details? 

    Thanks in advance!

    Aswathy Raj

    0 0

    I want to modify a Current Membership Section in a Group Editing RCDC. I want to replace a UocListView with a UocIdentityPicker. The only problem is that I want to show members right when somebody opens a group in a Fim portal.

    Is that possible to do?

    0 0

    Hi all

    I have several FIM Sync engine installations and currently using Sørens Codeless provisioning FIM.MRE.dll to provision users from one Source AD to another destination AD.

    In the destination AD, all the users are Lync enabled based on the presense of an attribute in their userobject. If this attribute is not present the user will not get Lync enabled.

    This is what I am trying to achieve:

    • When the users gets deleted/remove from the OU in Source AD, FIM should automaticly run a powershell script to disable the user from Lync
    • Then the user should be deleted from the Destination AD
    • Then the user should be deleted from CS og MV

    Does anyone have any clue how to make this powershell script trigger based on the fact that the user is disconnected from the Source AD?

    And as I described, I'am not using FIM service in this installation.

    BR Andre


    0 0

    During attribute mapping When Advanced option selected it is being handle by rule extension. 
    Now if you select left side attribute and at that time you can select multiple right side attribute. ( CTRL + SHIFT).

    What is use of that ? 

    0 0

    I have a FIM 2010 R2 environment for galsync between 2 Exchange 2010 forests.
    Everything was going well until 3 days ago, when the FIM decided to create 6 contacts wrong in my active directory.
    The FIM read the objects from "" and create the contacts in "" instead of creating the contacts in the another domain/MA (
    Anyone have any ideia on how i do to discover what went wrong at FIM?
    I need to discover why FIM decided to create the contact at the source domain/MA and not to the target domain/MA

    0 0

    All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

    Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

    This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!


    1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

    2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

    3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

    If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

    Winning this award in your favoured technology will help us learn the active members in each community.

    Feel free to ask any questions below.

    More about TechNet Guru Awards

    Thanks in advance!
    Pete Laker

    Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

    Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

    0 0

    Hi all.
    A little history, a few weeks ago I created a new sync rule on the FIM portal(we'll call it SR-WD) that imported some data from a file, this data was set at a lower precedence than the other MAs (mainly the old file import, we'll call SR-PSE). Last week I change the precedence on SR-WD to be higher than SR-PSE, everything was fine until the new sync rules where taken into the MV. Now I'm getting errors of "sync-rule-required-attr-not-found" with little to no imformation (no stack trace).

    I'm only getting 5000 errors, due to the default error limit (I've increased this as a test).

    As I'm working blind I double checked a few things and noticed one of my SR attribute flows was wrong on the new SR-WD (custom expression), or at least it looked wrong to me. So I removed the attribute flow to no avail. I have now removed the new SR completly.

    After this I've done the normal, full import and full sync to no avail. I can see that related (good) attributes are still present on person objects but without a MA contributer.

    I have generated a full sync XML file which shows the error but not which attribute it's looking for and not finding.

    Any ideas on where I start looking now?

    This is the error I get when trying to disconnect the MA (SR-PSE) from my person object.

    I've checked the sync rule in the MV and found the SR-PSE sync rule and it still has an attribute flow that's no longer in the FIM portal (I removed it). Why wouldn't the sync rules sync?

    0 0

    I'm currently testing my upgraded MIM infrastructure. This infrastructure is a lab that had FIM 2010 in it and is now running MIM 2016. I've got most of my customizations working again with little to no issues. The MIM Sync service was installed according to these steps: Perhaps there's an issue in that process...

    The AD MA refuses to export when "Provision for" "Exchange 2010" is on... When I choose "No Provisioning", the AD MA exports without issues. I tried starting a remote powershell sessions from the Sync server to the Exchange RPS URI and that succeeds...

    Errors in the event log:

    The management agent controller encountered an unexpected error.

    "ERR_: MMS(8228): ..\libutils.cpp(10186): Failed to start run because of undiagnosed MA error

    Forefront Identity Manager 4.3.1935.0"


    The management agent "AD_LAB" failed on run profile "E." because of an unspecified management agent error.

    Additional Information


    Any Thoughts?

    UPDATE: there's also an appcrash for mmsscrpt.exe

    Event Name: APPCRASH

    Response: Not available

    Cab Id: 0

    Problem signature:

    P1: mmsscrpt.exe

    P2: 4.3.1935.0

    0 0


    I have a ECMA 2 MA and I'm trying to export complete objects to a target system when an object is updated.

    I have set the MACapabilities to MAExportType.ObjectReplace so that I can access all attributes on the user, not only the change one(s). But I can't seem to get it to work. When I run:







    The only attributes I can access is the changed ones. Does anyone have a clue on this? Is there a bug with the capabilities?



    0 0

    Hello everyone,

    My question is similar to an existing one, Minimum set of database role memberships for FIM Sync Service and FIM Service accounts, but considering that question got zero answers, I'll be more specific with mine.

    Does anyone have experience lowering the FIM Sync service account database permission role from db_owner to ddl_admin (for the FIMSynchronizationService database, of course)?

    Reason I ask is that I'm in an environment where the policy generally prohibits this type of configuration.  In the DBA's own words:

    "DBO is inherently risky as it allows operations such as dropping/deleting the DB, also backing the DB up, potentially to somewhere other than the DB server."


    0 0

    I have built my MIM 2016 platform based upon TechNet documentation in a dev lab and have my specified accounts from my source forest in the Metaverse.  I'm new to MIM and looking for any related documentation to make this first project easier. In the lab I have my source forest for which I have created an ADMA & MIMMA. For each of my 3 remote Forests that I want to sync \ export  to I have created a ADMA.

    I'm looking for any guidance on getting the Target ADMA's to export and write Users & Groups to the remote forest.

    Thanks, Stu

    0 0

    I was having a problem using the Length function in a FIM Workflow activity and got the following answer:

    Length isn't a function supported by the FIM Function evaluator Workflow activity. (Which is frustrating).

    I find this be very true. It just leads me to wonder what other functions are not support and if there is any reference for this. I would rather not find out through trial and error.

    Thanks, J.Greene

    0 0
  • 09/02/15--20:07: FIM Sync DB Maintenance
  • Hi,

    In a little over 3 months our FIM Sync database has grown to over 30GB.

    At the SQL database level, there do not appear to be any default jobs to archive/purge data. Is there anything in FIM Sync itself - other than clearing the Run Profile history?

    Do FIM SQL backups do anything?

    I assume the FIM Sync database is just expected to grow over time?



    0 0


    When installing MIM Synchronization Service I keep getting this error:

    Product: Microsoft Identity Manager Synchronization Service -- Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>

    - Setup-User is admin on MIM Server and SA on remote SQL Instance. Any Idea?
    - It's a new MIM Installation & SQL native Client is installed
    - The definied SA has no SQL Login and the DB does not exist on the SQL Instance

    best regards


    0 0


    Forgive me I am looking at a way to script searching for a user in fim and changing the singlevalueattribute account locked false to account unlocked true.

    I have trawled the internet to no avail :(




    darren hitchen

    0 0

    I've restored a backup on a test machine, to check if I can reproduce a problem I recently had after an update.

    The installation went fine, but if I try to access the portal I just get "HTTP Error 503. The service is unavailable."

    Checking the event log, I see some errors like this:

    Workflow host activation failed for workflow definition id : dc9515e6-8883-4101-96f4-23e19b66cb9f, version key: 197. Exception: Object reference not set to an instance of an object.   at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition workflowDefinition, Boolean suspendWorkflowStartupAndTimerOperations)
       at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()

    The service seems to be otherwise working, e.g. I can query objects with PowerShell cmdlets.

    Any idea what the problem could be?

    Paolo Tedesco -

    0 0

    I am writing a workflow to send email notification to an external email address stored in FIM under the variable ExternalEmail. While I am doing a Lookup for the Recipients, when I am selecting "Target" as Workflow Parameter, I do not see ExternalEmail among the Parameter Attributes. Basically, I want to setup something like [//Target/ExternalEmail] as the Recipient. How can I achieve that? 

    0 0


    I use a custom workflow to create account names in the portal... at some stage the workflow stopped working producing the below error in the portal requests...

    Microsoft.ResourceManagement.WorkflowDataExchangeException: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
       at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy)
       at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem)
       at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
       at Microsoft.ResourceManagement.Workflow.Activities.ReadResourceActivity.ProcessRequestResponse(Object sender, QueueEventArgs e)
       at System.Workflow.ComponentModel.ActivityExecutorDelegateInfo`1.ActivityExecutorDelegateOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
       at System.Workflow.Runtime.Scheduler.Run()

    Permission denied suggests an MPR but im not entirely sure which one.
    The workflow runs under the context of the built in admin account as evidenced by the code snippet from the cs file below...

      const string FIMADMIN_GUID = "7fb2b853-24f0-4498-9534-4e10589723c4";

    Any guidance appreciated.

    0 0

    Hi There

    I've been running into the following problem when trying to import from my Management Agent, based on Soren Granfeldt's PowerShell MA. In FIM it says "stopped-extensible-extension-error". 

    The log contains the following text (and some more which I figured wasn't important for my issue):

    07.09.2015 06:11:08: Invoking import script: d:\daten\xml-agent\import.ps1
    07.09.2015 06:11:08: Should impersonate: False
    07.09.2015 06:11:10: Page token returned: ''
    07.09.2015 06:11:10: Custom data returned: ''
    07.09.2015 06:11:10: Object(s) in pipeline: 2
    07.09.2015 06:11:10: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    07.09.2015 06:11:10: Leave InvokeImportEntryWorker->GetImportEntries

    Der Objektverweis wurde nicht auf eine Objektinstanz festelegt is German for "the object reference not set to an instance of an object"

    This is  my import-script:

    	$Username = "",
    	$Password = ""
    [xml]$content = Get-Content -Encoding UTF8 -Path "D:\daten\XML-Agent\Export.xml"
    $mitarbeiter = $content.SelectNodes("/Header/MITARBEITER_LISTE/item")
    foreach ( $item in $mitarbeiter ){
        $name = $item.NAME
        $vorname = $item.VORNAME
        $persnr = $item.PERSONALNR
        $obj = @{}
        $obj.Add("id", "$persnr")
        $obj.Add("sn", "$name")
        $obj.Add("givenName", "$vorname")

    This is my schema-script:

    $obj = New-Object -Type PSCustomObject
    $obj | Add-Member -Type NoteProperty -Name "Anchor-id|String" -Value "123456"
    $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "person"
    $obj | Add-Member -Type NoteProperty -Name "givenName|String" -Value "Peter"
    $obj | Add-Member -Type NoteProperty -Name "sn|String" -Value "Muster"

    I will appreciate any advice to solve my problem.

    0 0
  • 09/06/15--23:20: taking my pc back
  • I have been removed as admin owner I have no control of my own pc how can I get back my pc so I can reboot

older | 1 | .... | 130 | 131 | (Page 132) | 133 | 134 | .... | 204 | newer