Looking for MIM scalability info? Things like the maximum # of MA's, Sync Rules, etc
Thanks, Stu
Looking for MIM scalability info? Things like the maximum # of MA's, Sync Rules, etc
↧
↧
Shocktober FIM TechNet Guru Competition! We need YOU!
Shocktober is here again, and we are anticipating some surprising and shockingly sensational contributions from YOU, and other kind members of the communiity who spare a little of their time to contribute words of wisdom to TechNet Wiki.
All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.
Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
HOW TO WIN
1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.
2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!
Winning this award in your favoured technology will help us learn the active members in each community.
Feel free to ask any questions below.
More about TechNet Guru Awards
#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and
you could win weekly awards!
Have you got what it takes o become this month's
TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!
↧
AD MA switches Delta Import to Full Import and stop with stopped-server error
Hi all,
I'm having some trouble at a customer running FIM 2010 R2 latest build 3646. If I run an export on AD MA and after that a delta import and a delta sync tha MA starts the delta import and after processing some ojects it stops and displays a stopped-server error. The strange thing is that if I look at the step performed is says "Full Import and Delta Synchronization".
So it look like the MA have switched to another run step by itself? Has anybody else seen this behaviour?
It seems to happen more frequivently if the export steps update a larger number of objects > 500 and not just a few.
Can mention that we had the same error on earlier builds of FIM also, like 3634
Regards
Patrik
↧
FIM/MIM and other LDAP than Active Directory
Hello.
Does FIM or MIM installation/functionality need Active Directory or can it be installed on an enviroment that does contain some other LDAP than Active Directory?
FIM Portal & Service leverages AD authentication and need some AD attributes, but does them have to be AD attributes and AD authentication or are there other possibilities?
What about just Synchronization Service?
Other post that discuss similar subject:
https://social.technet.microsoft.com/Forums/en-US/1d764e11-4ead-474f-900a-a4bbc1a48272/is-it-possible-to-use-the-fim-portal-with-no-ad-available?forum=ilm2
↧
FIM2010R2 v 4.1.3419.0 Event ID's 6301 , 6401 generated on Sync cycle
The server encountered an unexpected error in the synchronization engine:
"BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(3753): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(11786): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sqlstore\csobj.cpp(1815): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sync\expcall.cpp(911): 0x80004005 (Unspecified error)
ERR_: MMS(5316): d:\bt\800\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {B4C4E2D3-AE50-E511-8012-0050569FA105} with 0x80004005 (pass 1 of 5)
Forefront Identity Manager 4.1.3419.0"
________________________________
The management agent controller encountered an unexpected error.
"BAIL: MMS(5316): d:\bt\800\private\source\miis\cntrler\cntrler.cpp(12397): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\cntrler\cntrler.cpp(9315): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\cntrler\cntrler.cpp(8091): 0x80004005 (Unspecified error)
Forefront Identity Manager 4.1.3419.0"
_______________________________
The server encountered an unexpected error in the synchronization engine:
"BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(3753): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(11786): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sqlstore\csobj.cpp(1815): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sync\expcall.cpp(911): 0x80004005 (Unspecified error)
ERR_: MMS(5316): d:\bt\800\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {CFF9C5EB-AE50-E511-8012-0050569FA105} with 0x80004005 (pass 1 of 5)
Forefront Identity Manager 4.1.3419.0"
_______________________________
Followed by a ResMA warning on the export, I see this in the CS object properties:
Error: dn-attributes-failure
Connected data source error code: 8373
Connected data source error: The name reference is invalid.|
would this be related/culprit?
Running on W2K8R2SP2, w/SQL2008R2SP2Thanks Pete
Pete
↧
↧
Issue synchronisation attribut Delta Synchronization
Hi,
I have a weird issue in a synchronisation of an attribute from FIM to AD.
I explain my problem, I manage the attribute userAccountControl from AD to FIM.
I have another boolean attribute which enforce the activation of a user
So we suppose that we have a person on FIM portal with userAccountControl (66050), I force the activation
so I export the value 66048 in AD it's OK for this step.
When I run a Delta Import + Delta Synchron from AD , then an export on FIM MA my userAccountControl is not updated as in AD.
When I run a full preview in AD MA for that identity i see that a change will be made on FIM MA, I commit it and export on FIM MA and the result is correct in FIM (66048)
But when I run a delta synchro in AD MA nothing is done in FIM .
Any idea please !!!
Thanks
↧
//Target on Synchronization rule
Hello,
Is anyone had used something like //Target/Manager/DisplayName in a synchronization rule.
I have a CSV file on export and I want to export some manger's informations without calculating them on WFs
Any suggestions
Thanks
↧
Password Sync between two domains
Hi,
I have requirement in one of my project where I want to sync user's password between two domains. I want to sync user's current password so PCNS is not an option here as it only syncs updated password. I can use MIM 2016 as well if it provides that feature.
Thanks
↧
FIM 2010 R2 - Pkgd Office365 MA - Contact Object Data Not Flowing
Hey all, I've been running this MA for many years. We recently had a new project to merge in an external organization's address book and I've noticed that metadata fields do not flow on contacts. Can anyone confirm or correct me on this?
Syncing:
DisplayName, name data, targetAddress, proxyAddresses, alias
Not Syncing:
Company, Department, TelephoneNumber, Title
↧
↧
MIM 2016 Data source object type person not visible in FIM Service MA
Hi all,
I've got a fresh installation of the MIM Synchronization Service and der MIM Service and Portal.
I've created a FIM Service MA in the Synchronization Service according to the documentation in TechNet.
https://technet.microsoft.com/en-us/library/mt219040.aspx
On the Selected Object Types page I've selected ExpectedRuleEntry, DetectedRuleEntry, SynchronizationRule, Person and Group. (The Synchronization Filter Resource in the Portal does also contain These object types, otherwise they would not show up in the MA.)
On the Configure Object Type Mappings page I don't have the Person or Group object available in the "data source object type" drop down list.
As you can see on the Screenshot I can successfully run a Full Import on the MA and receive the two Person objects from the Installation (my Installation account and the Service account itself.)
Any ideas why I don't see the Person object in the "Data source object type" drop down list? I don't see it on the MV side as well.
I've performed a Schema update severall times.
Thanks
Chris
↧
SQL deadlock (post processing error) on deletion of user object in FIMService - multiple workflows being triggered
Version : FIM 2010 R2 SP1 (4.1.3508)
Hi,
we're having trouble with a SQL deadlock occurring (postprocessingerror) when attempting to delete some identities from the FIM portal using the standard "ExpirationWorkflow". We have a temporal based set which works based on a calculated deletion date being in the past (so once the deletion date is in the past, the identity falls into a set which triggers the "out of the box" expiration workflow).
This works for the majority of identities but a small percentage intermittently fail with a SQL deadlock and I think this is because I can see the portal is attempting to run more than one workflow against the object when it is being deleted.
For example for identities that have been successfully deleted it appears that the "Applied Policy" is listing a transition out workflow at the same time as the deletion is taking place. I'm guessing that this is causing an update AND a deletion against the same identity in quick succession which may be the root cause of the deadlock.
I can't however work out why the transition out workflow is being triggered, the transition set is a criteria based set based on two boolean attributes being set to "True" but neither of them are being changed at the time of deletion. I'm wondering whether the deletion itself is being interpreted by the FIM service as being "removed" from the set.
Does anyone know of a way of preventing the "update" workflow from being triggered at the same time as the deletion of the identity ?
↧
Unable to change text for email template
I am trying to change the text for an email template. I have gone under the Workflow Activities tab, expanded the EMail Notification, Selected the Edit button and clicked the Email Template name. It brings up the Template Type (notification), the subject and the body (HTML). Editing the text appears to work but it doesnt actually save the changes. Im not sure if its the way Im accessing the email template, if its a rights issue or something else.
Any help is appreciated.
LK
↧
FIM Portal - IE Passthrough authentication issue
Hey all,
So I have been working with Microsoft on an issue I have in my DEV and QA Fim Portal instances, and we cannot seem to find the issue.
On the FIM Portal Server DEV, I can login to the FIM Portal and IE passes the credentials through with no issue.
From Production I can hit the FIM Portal (DEV) and it passes the credentials and logs in fine
From any machine in DEV, when I try to login to fim portal, IE isn't passing the credentials and causing a security pop-up.
We have done tracing and looked at share point, IIS, and everything seems to be configured properly, but for some reason SharePoint is getting blank credentials, like a RUN-AS when trying to get to the FIM Portal.
I have verified my SPNs to make sure they are also correct and they match prod.
On the FIM Service Machine, the FIM admin does not have an issue passing the authentication, but any other account does get the security pop-up, asking for credentials, because IE is not passing any creds.
Once I manually enter credentials it gets me in fine.
Has anyone ever seen this?
Thanks
Russ
Russell Lema
↧
↧
Using FIM or MIM Synchronization Service for password reset: initialisation problem
We have determined that we can do this by flowing to the unicodePwd attribute in a suitably configured
Active Directory Domain Services Management Agent.
We know too that we can set an initial password using a Metaverse Extension.
Our problem: we have a mature AD and do not wish to change any passwords on existing accounts when we initialise
our system.
We will import our AD structure and parallel information which is stored in a SQL database.
The latter will include an 'initial password' which will not match the usernames actual password in all likelyhood.
Synchronize the two sources and with suitable projection rules join the related objects, with the objective of flowing
any changes from the SQL database to the AD Management Agent. Currently though, when we 'turn on' a flow of the
password every password is reset. Can we avoid this?
Any advice will be gratefully received. Thank you.
↧
Scale out existing FIM 2010 R2 Infrastructure
Hello All,
I have a FIM Lab set up that is all contained in one box. I was wondering how do I go about scaling this out to several boxes.
Sync on its own box
Self service register/reset on its own box
FIM Portal on its own box.
SQL on its own box.
Currently all these roles reside on the same server. How do I go about migrating them to different boxes without starting from scratch.
Any advise/suggestions is greatly appreciated.
↧
FIM DB Connection Info
Hello,
My client's DBA asked me if the "Application Name" attribute of the database connection could be set. They use that information to determine where DB connections are coming from. I looked at the config files and didn't see anything. Is that configurable?
Thanks,
Greg
↧
Possible ways Provision objects to Connector space in FIM.
I have two SQL databases and Management agents for both.
I need to Provision my object (person object to be specific) created in SQL-1 to Connector Space of SQL-2 MA. I have a rule extension .dll which suffice my purpose.
I don't want to use FIM portal to configure Sync rules. Are there any other possible ways to provision my objects to all the different connector spaces of connected External Source.
Thanks in advance :)
↧
↧
ADMA and Connector filter - How should "Bit of equals - 0x1" work?
I declared a connector filter like this:
Flags (attribute) - Bit off equals (operator) - 0x1 (value)
Now when I set flags value to 0, filter works and the object becomes to a disconnector. When I set flags value to 1, filter works and the object becomes to a connector.
But when I set flags value to 3 (when it is a disconnector) it doesn't come to a connector.
Am I missing something or what? I am trying to create a filter which looks only the first bit of the attribute and doesn't care about the rest.
↧
FIM Custom new attribute causing issue
Hi All,
I am going through a wierd issue in FIM. I created a new Sting attribute in FIM Portal and binded it to Group Object. I added this attribute in Filter Permissions and all Permission related MPR. So when a group is created from AD and flowing to FIM Portal we are setting this new attributes value to "ABC" by default in an Action Workflow. For some reason this attribute is causing issues and the value is not populated to this attribute. In Search Requests its a PostProcessingError. The error states
EXCEPTION DATA\r\n\r\nMESSAGE: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.ThrowHelper.ThrowKeyNotFoundException()
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes()
at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString()
at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly)
at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime)
at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Boolean& endOfSequence)
at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, CultureInfo locale, Guid requestor, String[] attributeNames, Boolean includeInlineRights)
at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, String[] attributeNames)
at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.Read(Guid objectId, CultureInfo locale, Nullable`1 requestor, Nullable`1 resourceTime, String[] requestedAttributes, Boolean includeRights)
at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessOutputRequest(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy)
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem)
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)\r\n\r\n**METHOD:Void ProcessRequestResponse(System.Object, System.Workflow.ComponentModel.QueueEventArgs)\r\n\r\n**METHOD:Boolean Run(System.Workflow.ComponentModel.IWorkflowCoreRuntime)\r\n\r\n**METHOD:Void
Run()\r\n\r\n
Does anyone have any clue what I am missing here?
Any help would be appreciated.
Thanks!
Veena
↧
Delta Import for Multi-value attribute issue [need-full-object]
Hi, I need to do Delta Import on a multivalue attribute of an object. So my delta configuration in FIM sync is using "Attribute level change type synchronization", my delta view is returning "Modify_Attribute".
It is working fine when a value is removed from the existing multivalue attribute and when a value is added to an existing multivalue attribute.
However, when the object is not yet imported in the CS, and I do delta import, I have the error "need-full-object". Which to me, it does make sense since i am intending to modify an attribute of non-existing object in the connector space.
My solution is to adjust my delta view that for newly added records, i will return "Add" as DeltaOperation, and for newly deleted records, i will return "Modify_Attribute". So far it is working but it doesn't feel right to me since 2 or more new values also will be seen as Add, which in fact it is just a modify and I'm not sure if there is a performance impact.
For me, FIM should automatically detect that this object does not exist yet in the CS and then perform Add operation. Otherwise, i will stick to my existing solution or revise my delta view to determine which "Add" is truly "Add" or "Modify_Attribute". Are there any better solution to this, or perhaps hot fixes from any latest versions?
Thanks! Hoping experts would help me.
↧
More Pages to Explore .....
