Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Does FIM 2010 R2 SP1 support SQL Server 2012 SP2 ?


RCDC - Using UocIdentityPicker instead of UocListView

0
0

I want to modify a Current Membership Section in a Group Editing RCDC. I want to replace a UocListView with a UocIdentityPicker. The only problem is that I want to show members right when somebody opens a group in a Fim portal.

Is that possible to do?

Disable Lync when useraccount gets deleted from source AD MA

0
0

Hi all

I have several FIM Sync engine installations and currently using Sørens Codeless provisioning FIM.MRE.dll to provision users from one Source AD to another destination AD.

In the destination AD, all the users are Lync enabled based on the presense of an attribute in their userobject. If this attribute is not present the user will not get Lync enabled.

This is what I am trying to achieve:

  • When the users gets deleted/remove from the OU in Source AD, FIM should automaticly run a powershell script to disable the user from Lync
  • Then the user should be deleted from the Destination AD
  • Then the user should be deleted from CS og MV

Does anyone have any clue how to make this powershell script trigger based on the fact that the user is disconnected from the Source AD?

And as I described, I'am not using FIM service in this installation.

BR Andre


Andre

Attribute Mapping with Advanced option allow mutiple attribute to select. What is meaning of that selection ?

0
0

During attribute mapping When Advanced option selected it is being handle by rule extension. 
Now if you select left side attribute and at that time you can select multiple right side attribute. ( CTRL + SHIFT).

What is use of that ? 

FIM 2010 R2 + Galsync + Contact created at the wrong MA/Domain

0
0
Hello,
I have a FIM 2010 R2 environment for galsync between 2 Exchange 2010 forests.
Everything was going well until 3 days ago, when the FIM decided to create 6 contacts wrong in my active directory.
The FIM read the objects from "domain1.com" and create the contacts in "domain1.com" instead of creating the contacts in the another domain/MA (domain2.com).
Anyone have any ideia on how i do to discover what went wrong at FIM?
I need to discover why FIM decided to create the contact at the source domain/MA and not to the target domain/MA

Want to be the Microsoft TechNet FIM Guru for September?

0
0

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker


#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

sync-rule-required-attr-not-found after runing a bad sync rule, unable to remove.

0
0

Hi all.
A little history, a few weeks ago I created a new sync rule on the FIM portal(we'll call it SR-WD) that imported some data from a file, this data was set at a lower precedence than the other MAs (mainly the old file import, we'll call SR-PSE). Last week I change the precedence on SR-WD to be higher than SR-PSE, everything was fine until the new sync rules where taken into the MV. Now I'm getting errors of "sync-rule-required-attr-not-found" with little to no imformation (no stack trace).

I'm only getting 5000 errors, due to the default error limit (I've increased this as a test).

As I'm working blind I double checked a few things and noticed one of my SR attribute flows was wrong on the new SR-WD (custom expression), or at least it looked wrong to me. So I removed the attribute flow to no avail. I have now removed the new SR completly.

After this I've done the normal, full import and full sync to no avail. I can see that related (good) attributes are still present on person objects but without a MA contributer.

I have generated a full sync XML file which shows the error but not which attribute it's looking for and not finding.

Any ideas on where I start looking now?



This is the error I get when trying to disconnect the MA (SR-PSE) from my person object.


I've checked the sync rule in the MV and found the SR-PSE sync rule and it still has an attribute flow that's no longer in the FIM portal (I removed it). Why wouldn't the sync rules sync?

MIM 2016: no-start-ma on AD MA export with Provision for Exchange 2010

0
0

I'm currently testing my upgraded MIM infrastructure. This infrastructure is a lab that had FIM 2010 in it and is now running MIM 2016. I've got most of my customizations working again with little to no issues. The MIM Sync service was installed according to these steps: http://setspn.blogspot.be/2015/08/fim-2010-not-r2-upgrade-to-mim-2016.html Perhaps there's an issue in that process...

The AD MA refuses to export when "Provision for" "Exchange 2010" is on... When I choose "No Provisioning", the AD MA exports without issues. I tried starting a remote powershell sessions from the Sync server to the Exchange RPS URI and that succeeds...

Errors in the event log:

The management agent controller encountered an unexpected error.

"ERR_: MMS(8228): ..\libutils.cpp(10186): Failed to start run because of undiagnosed MA error

Forefront Identity Manager 4.3.1935.0"

And

The management agent "AD_LAB" failed on run profile "E." because of an unspecified management agent error.

Additional Information

%3

Any Thoughts?

UPDATE: there's also an appcrash for mmsscrpt.exe

Event Name: APPCRASH

Response: Not available

Cab Id: 0

Problem signature:

P1: mmsscrpt.exe

P2: 4.3.1935.0


http://setspn.blogspot.com



ECMA 2 not giving me all attributes in PutExportEntries with capabilities set to MAExportType.ObjectReplace

0
0

Hi,

I have a ECMA 2 MA and I'm trying to export complete objects to a target system when an object is updated.

I have set the MACapabilities to MAExportType.ObjectReplace so that I can access all attributes on the user, not only the change one(s). But I can't seem to get it to work. When I run:

foreach

(CSEntryChangecsentryChangeincsentries)

            {

foreach

(stringattribNameincsentryChange.ChangedAttributeNames)

                    {

The only attributes I can access is the changed ones. Does anyone have a clue on this? Is there a bug with the capabilities?

Regards

Patrik

FIM Sync service account and db_owner database role

0
0

Hello everyone,

My question is similar to an existing one, Minimum set of database role memberships for FIM Sync Service and FIM Service accounts, but considering that question got zero answers, I'll be more specific with mine.

Does anyone have experience lowering the FIM Sync service account database permission role from db_owner to ddl_admin (for the FIMSynchronizationService database, of course)?

Reason I ask is that I'm in an environment where the policy generally prohibits this type of configuration.  In the DBA's own words:

"DBO is inherently risky as it allows operations such as dropping/deleting the DB, also backing the DB up, potentially to somewhere other than the DB server."

Thanks!

Newbie - Source AD forest single OU one way sync Users & Groups to multiple forests

0
0

I have built my MIM 2016 platform based upon TechNet documentation in a dev lab and have my specified accounts from my source forest in the Metaverse.  I'm new to MIM and looking for any related documentation to make this first project easier. In the lab I have my source forest for which I have created an ADMA & MIMMA. For each of my 3 remote Forests that I want to sync \ export  to I have created a ADMA.

I'm looking for any guidance on getting the Target ADMA's to export and write Users & Groups to the remote forest.

Thanks, Stu

Functions supported by FIM Function evaluator Workflow activity

0
0

I was having a problem using the Length function in a FIM Workflow activity and got the following answer:

Length isn't a function supported by the FIM Function evaluator Workflow activity. (Which is frustrating).

I find this be very true. It just leads me to wonder what other functions are not support and if there is any reference for this. I would rather not find out through trial and error.

Thanks, J.Greene


FIM Sync DB Maintenance

0
0

Hi,

In a little over 3 months our FIM Sync database has grown to over 30GB.

At the SQL database level, there do not appear to be any default jobs to archive/purge data. Is there anything in FIM Sync itself - other than clearing the Run Profile history?

Do FIM SQL backups do anything?

I assume the FIM Sync database is just expected to grow over time?

Thanks,

SK

Unable to Install MIM 2016 SyncServices

0
0

Hi,

When installing MIM Synchronization Service I keep getting this error:

Product: Microsoft Identity Manager Synchronization Service -- Error 25009.The Microsoft Identity Manager Synchronization Service setup wizard cannot configure the specified database. <hr=0x80131700>

- Setup-User is admin on MIM Server and SA on remote SQL Instance. Any Idea?
- It's a new MIM Installation & SQL native Client is installed
- The definied SA has no SQL Login and the DB does not exist on the SQL Instance

best regards

Pirmin

Search account name and unlock disabled user

0
0

Hi

Forgive me I am looking at a way to script searching for a user in fim and changing the singlevalueattribute account locked false to account unlocked true.

I have trawled the internet to no avail :(

Ideas?

Thanks

Darren


darren hitchen


"HTTP Error 503 The service is unavailable" error after restoring backup

0
0

I've restored a backup on a test machine, to check if I can reproduce a problem I recently had after an update.

The installation went fine, but if I try to access the portal I just get "HTTP Error 503. The service is unavailable."

Checking the event log, I see some errors like this:

Workflow host activation failed for workflow definition id : dc9515e6-8883-4101-96f4-23e19b66cb9f, version key: 197. Exception: Object reference not set to an instance of an object.   at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition workflowDefinition, Boolean suspendWorkflowStartupAndTimerOperations)
   at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()

The service seems to be otherwise working, e.g. I can query objects with PowerShell cmdlets.

Any idea what the problem could be?


Paolo Tedesco - http://cern.ch/idm

Workflow notification activity

0
0
I am writing a workflow to send email notification to an external email address stored in FIM under the variable ExternalEmail. While I am doing a Lookup for the Recipients, when I am selecting "Target" as Workflow Parameter, I do not see ExternalEmail among the Parameter Attributes. Basically, I want to setup something like [//Target/ExternalEmail] as the Recipient. How can I achieve that? 

WorkflowDataExchangeException: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing

0
0

Hi 

I use a custom workflow to create account names in the portal... at some stage the workflow stopped working producing the below error in the portal requests...

Microsoft.ResourceManagement.WorkflowDataExchangeException: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
   at Microsoft.ResourceManagement.Workflow.Activities.ReadResourceActivity.ProcessRequestResponse(Object sender, QueueEventArgs e)
   at System.Workflow.ComponentModel.ActivityExecutorDelegateInfo`1.ActivityExecutorDelegateOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

Permission denied suggests an MPR but im not entirely sure which one.
The workflow runs under the context of the built in admin account as evidenced by the code snippet from the cs file below...

  const string FIMADMIN_GUID = "7fb2b853-24f0-4498-9534-4e10589723c4";

Any guidance appreciated.

FIM PowerShell Management Agent - the object reference not set to an instance of an object

0
0

Hi There

I've been running into the following problem when trying to import from my Management Agent, based on Soren Granfeldt's PowerShell MA. In FIM it says "stopped-extensible-extension-error". 

The log contains the following text (and some more which I figured wasn't important for my issue):

07.09.2015 06:11:08: Invoking import script: d:\daten\xml-agent\import.ps1
07.09.2015 06:11:08: Should impersonate: False
07.09.2015 06:11:10: Page token returned: ''
07.09.2015 06:11:10: Custom data returned: ''
07.09.2015 06:11:10: Object(s) in pipeline: 2
07.09.2015 06:11:10: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
07.09.2015 06:11:10: Leave InvokeImportEntryWorker->GetImportEntries

Der Objektverweis wurde nicht auf eine Objektinstanz festelegt is German for "the object reference not set to an instance of an object"

This is  my import-script:

param
(
	$Username = "",
	$Password = ""
)

[xml]$content = Get-Content -Encoding UTF8 -Path "D:\daten\XML-Agent\Export.xml"
$mitarbeiter = $content.SelectNodes("/Header/MITARBEITER_LISTE/item")


foreach ( $item in $mitarbeiter ){
    $name = $item.NAME
    $vorname = $item.VORNAME
    $persnr = $item.PERSONALNR


    $obj = @{}
    $obj.Add("id", "$persnr")
    $obj.Add("sn", "$name")
    $obj.Add("givenName", "$vorname")
	$obj.Add("objectClass","user")
    $obj
}

This is my schema-script:

$obj = New-Object -Type PSCustomObject
$obj | Add-Member -Type NoteProperty -Name "Anchor-id|String" -Value "123456"
$obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "person"
$obj | Add-Member -Type NoteProperty -Name "givenName|String" -Value "Peter"
$obj | Add-Member -Type NoteProperty -Name "sn|String" -Value "Muster"
$obj

I will appreciate any advice to solve my problem.
Thanks


taking my pc back

0
0
I have been removed as admin owner I have no control of my own pc how can I get back my pc so I can reboot
Viewing all 4767 articles
Browse latest View live




Latest Images