Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 136 | 137 | (Page 138) | 139 | 140 | .... | 204 | newer

    0 0

    This stored procedure is run periodically by a SQL Server Agent job to prevent the database from growing too large and keeping FIM responsive.

    BUT... What the procedure is doing is to delete all attributes on the objects in the database and leaving the main table [fim].[objects] to continue growing. ( The table [fim].[ObjectValueIdentifier] also has this behavour and doesen't get deleted from. )

    In our database, with a total of 24 454 388 objects, 7 707 052 seems to be "deleted" objects. Doing a standard "Disk usage by Top Tables" report, [fim].[objects] and [fim].[ObjectValueIdentifier]  is in top five.

    Is there a reson why old expired objects with no attributes should/must remain in the database?

      / Jörgen


    0 0

    Hi All,

    I am currently exporting a list of users who registered for Password reset into a CSV and recently needed to add the date and time of the registration. Does anyone know the path lookup that can get this value or where it would be stored ?

    The current script looks like this.

    set-variable -name URI -value "http://identity.fimservice.local:5725/resourcemanagementservice' " -option constant
    set-variable -name CSV -value "c:\ps\RegisteredResetPassUsers.csv" -option constant
    clear
    If(@(Get-PSSnapin | Where-Object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {Add-PSSnapin FIMAutomation}

    $Filter = "/Person[AuthNWFRegistered = /Set[ObjectID = '7c866fd3-cf65-46cf-a198-4ea2f84980ec']/ComputedMember]"
    $curObject = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($Filter) -ErrorVariable Err -ErrorAction SilentlyContinue

    [array]$users = $null
    foreach($Object in $curObject)
    {
        $ResetPass = New-Object PSObject
        $UserDisplayName = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "DisplayName"}).Value)
        $ResetPass | Add-Member NoteProperty "Display Name" $UserDisplayName

        $jobTitle = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "jobTitle"}).Value)
        $ResetPass | Add-Member NoteProperty "Job Title" $jobTitle

        $UserEmail = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "email"}).Value)
        $ResetPass | Add-Member NoteProperty "Email" $UserEmail
        $Users += $ResetPass
    }

    $users | export-csv -path $CSV -NoTypeInformation

    Rob

                  


    Rob


    0 0
  • 10/27/15--06:28: FIM SSPR Gates
  • Can someone please guide me 

    I have SSPR configured with SMS OTP gate. The SMS Send - recivew operation is all working good. 

    I need to edit the gate in such a way that SMS OTP that is sent needs to be sent to email as well (Which is pretty much possible with PowerShell script)

    However I need to edit the registration part. When we enable SMS GATE. It asks for Mobile number, I also need to ask Email and send the code to that email which is registered. 

    Thanks in advance.. 


    0 0
  • 10/27/15--06:28: FIM SSPR OTP Gates
  • Can someone please guide me 

    I have SSPR configured with SMS OTP gate. The SMS Send - recivew operation is all working good. 

    I need to edit the gate in such a way that SMS OTP that is sent needs to be sent to email as well (Which is pretty much possible with PowerShell script)

    However I need to edit the registration part. When we enable SMS GATE. It asks for Mobile number, I also need to ask Email and send the code to that email which is registered. 

    Thanks in advance.. 



    0 0

    Hi,

    I have two Forests/Domains which FIM manages with no Trust between them.  In this case, FIM Exports from the Metaverse/Forest A into Forest B.  Its only a one-way operation.

    On export, 2 groups fail export with a CD-Error 50 error.  These groups are Domain Local security groups in Forest A.

    Can anyone plz point me to where I can find a CD-Error 50 explanation or advise on what this means?

    Thanks in advance for the help.


    Thanks for your help! SdeDot


    0 0

    Hi,

    I have need to provision multiple AD accounts in two different active directories, they share trust relationship, but are otherwise unrelated.

    How is password reset achieved to the multiple active directories?

    Thanks,

    Sylvester


    0 0

    Hello All,

    I have created Management Agent in Synchronization Service graphically and all is working fine.

    Now, I wan to create that MA programmatically  with C# and also it's profile.

    How can I do that, I did lot's of R&D, last 2 days, didn't found anything.

    Any help would be greatly appreciated.

    Thanks,

    Naresh


    0 0

    Hi.

    I've been having some issues with configuring FIM Syncronization Service for use with Single forest/domain, and multiple Office365/Azure tenants.

    I've used this as my base and modified slightly some filters and attribute flows (mainly from local AD to Metaverse), and filters on the WAAD so that no user is synced twice or into the wrong WAAD.
    Link to refrence: https://msdn.microsoft.com/en-us/library/dn511002(v=ws.10).aspx

    So to the question (or issue) at hand.
    I can't for the life of me figure out what I need to change to sync into multiple tenants. Some users (for a single tenant) is synced to the metaverse, but the others are not. I understand why they wont work, mostly because of this code in the extention, that is telling the extention to what MA it should connect to. If i change the name, other users will sync.

    Any suggestion as to how I can rewrite this code to support more MA Connectors?

    ConnectedMA ma = mvEntry.ConnectedMAs["Windows Azure Active Directory"];
                    //Provision a new connector if none exist
    
                    if (ma.Connectors.Count == 0)
                    {
                        try
                        {
                            // Construct the Source Anchor for the new CSEntry
                            String sourceAnchor = mvEntry["sourceAnchor"].StringValue;//RulesCommon.ContructSourceAnchor(mvEntry);
    
                            // Determine the type of object to provision to Office365
                            Office365ObjectType office365ObjectType = GetOffice365ObjectType(mvEntry);
    
                            // Create a new connector.
                            CSEntry cs = ma.Connectors.StartNewConnector(office365ObjectType.ToString());
    
                            // Create the RDN string
                            // String rdn = Microsoft.Online.DirSync.Extension.Utilities.DNEncoding.StringToSafeRdn(sourceAnchor);
    
                            // Set the DN
                            cs.DN = ma.EscapeDNComponent(mvEntry["sourceAnchor"].StringValue);
    
                            // One-Time EAF Attributes
                            cs["SourceAnchor"].StringValue = sourceAnchor;
    
                            // Commit the Connector
                            cs.CommitNewConnector();
                        }
                        catch (ObjectAlreadyExistsException)
                        {
                            // If we hit this exception it means we have tried to create a CSEntry:
                            //   1. With a duplicate RDN
                            //   AND
                            //   2. In the same container as the duplicate
                            // In this case the exception is ignored.
                            // On the next sync run the TargetWebServiceMA should resolve this by joining to the MV object
                        }
                    }

    Thanks

    Harald


    0 0

    Hi,

       We had a requirement to generate unique sequential number for every user created in FIM portal. We have tried with randomNum() function. but it is generating duplicate values. We need to implement some sequential unique number whenever a user is created in FIM portal.

    Please help me out in achieving this.

    Regards

    Prasanthi.


    0 0

      Hi,

      I needed to change the passsword of this user because my domain account was not allowed to run miisclient even

      it was it correct local Groups.

      I was able to log on and do my things but some day later after a restart I can get the service running Again.

      get even 6208,

     

    The server encryption keys could not be accessed.

    User Action

    Verify that the service account has permissions to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service

    If the problem persists, run setup and restore the encryption keys from backup.

    This took me to the program miiskmu, which someone used to fix this problem. That article says that you should "abandon key

    "

    • start the application “miiskmu”
    • Choose the option to abandon your key set.
    • Start the “Directory Sync Configuration” tool and reconfigure your synchronization
    • After this start your services again (the “Forefront Identity Manager Synchronization Service” was already started) and start a manual sync
    • This could lead to the following message in your eventlog:
      Eventid: 6126
      The management agent “TargetWebService” completed run profile “Delta Confirming Import” with a delta import or delta synchronization step type. The rules configuration has changed since the last full import or full synchronization.
    • So with the help of the miisclient I started a full sync, a full confirming import and a export"

     In this prgram (“miiskmu”)there is also an option to "add new key set (reuires service to be stopped)

       and there I can choose "re-encrypt all Microsoft identy integration Service data with new key"

      and I get an option to Assing a domain user to this.

      My question is, can I use this "add new key with re-encrypt" and a domain user.. and be able to start services again and sync, or do I need to "abandon key" and follow that instruction ?

    thans

    .

     


    Erro


    0 0

    Hi Everyone,

    We have 2 search scope:
    1. SearchScope1
    2. SearchScope2

    Both search scope are having usage keyword "GlobalSearchResult" and "Global". I need GlobalSearchResult usuage keyword because I want to hide both New and Delete button.

    SearchScope1 Search Scope Filter:  /CustomObject1
    SearchScope2 Search Scope Filter:  /CustomObject2


    We have given permission to read this search scope through MPR.
    We can see both search scope are displaying in Home Page under Search within drop down menu. 

    Home Page

    Issue Description:
    Suppose I logged in FIM Portal as normal users and I can see both search scope in home page search within drop down menu.
    I selected one search scope say SearchScope1 and clicked on Search button. This is redirecting me to GlobalSearchResultPage.aspx for CustomObject1.
    However in this page I am seeing both search scope i.e. SearchScope1 and SearchScope2.

    GlobalSearchResult Page

    My requirement is just to show one search scope based on what I selected in home page. So in above case, GlobalSearchResultPage.aspx page for CustomObject1 should only show me SearchScope1 search scope under Search witin drop down.


    Search URL for both search scope:

    http://FIMSERVER/IdentityManagement/aspx/common/GlobalSearchResult.aspx?searchtype=c1939a77-4e65-49e5-b876-a31f6aa1e38a&content=%2a
    http://FIMSERVER/IdentityManagement/aspx/common/GlobalSearchResult.aspx?searchtype=1dc89434-a634-4034-8140-5f024c044936&content=%2a

    Any help would be greatly appreciated.

    Thanks in advance!!

    Sujit Kumar


    0 0
  • 10/30/15--08:58: Azure AD Connect
  • Hello everyone

    I have installed an Azure AD Connect (AAD Connect) server, and it is functioning successfully.

    I am starting process to install a second AAD Connect server as a staging server.

    Is there a way to export the configuration from the first server to allow an import on the second server? When installing the staging server the usual wizard starts, and to complete the install need to enter some synchronization information, then could import the MA configurations from the other server. Is there other configuration outside of the MAs needed?

    On the staging server I can run the azureadconnect.exe to get the Import configuration wizard, but on the active server, the azureadconnect.exe cmd to start the wizard with the "Export Settings" (as when run on a legacy Dirsync server) just starts the usual post install wizard.

    Summary: how to export the configuration of an Azure AD Connect server to allow it to be imported on a second staging server.

    Thanks

    Alexis


    QAlexis75


    0 0

    After performing a clean install of MIM 2016 using the directions I found in the Tech Net Library- MT150255. (I am prohibited from sharing the link at this time.)  I have been unable to get the sync service to start. The error message states that the service is either not started (it is) or my account is not part of a required security group. I am logged in as a domain admin.  Has anyone else had this problem? Any help would be greatly appreciated.

    Thanks,

    Dan


    0 0

    I need a tool to sync accounts (including passwords) from OD (open Directory) to AD (Active Directory), can FIM do that? if not do we have any other tool?


    Fadi


    0 0
  • 11/02/15--01:58: Convert IIF from AAD to FIM
  • Hi FIM experts,

    I'm currently working on the mailbox provisioning from FIM to Exchange Online and i would like to convert the following IIF Azure function to a FIM function. I'll import MSOline Users from FIM and want to trigger the mailbox creation if the result of the function is false (cloudSOAExchMailbox)

    CBool(IIF(IsNullOrEmpty([cloudMSExchRecipientDisplayType]),NULL,BitAnd([cloudMSExchRecipientDisplayType],&HFF) = 0))

    Thanks,

    Yannick


    0 0

    Hi FIM experts,

    I'm currently working on the mailbox provisioning from FIM to Exchange Online and i would like to convert the following IIF Azure function to a FIM function. I'll import MSOline Users from FIM and want to trigger the mailbox creation if the result of the function is false (cloudSOAExchMailbox)

    CBool(IIF(IsNullOrEmpty([cloudMSExchRecipientDisplayType]),NULL,BitAnd([cloudMSExchRecipientDisplayType],&HFF) = 0))

    Thanks,

    Yannick



    0 0

    I am a complete novice to FIM but am trying to set up the sync service to do a GAL sync between two AD forests.  The forests have a two way AD trust in place and one is running Exchange 2010 and the other Exchange 2013. I have configured the two MAs and run a staged Import and a Sync on each.  When I run an export though I receive an error saying that the "Required Attribute 'cn' is missing". Despite this the contact is created in the specified OU and does have a cn assigned. The proxyAddresses attribute is also populated as with all of the original users email addresses and the new contact shows up in Exchange as a Cross-Forest Contact. Can anyone suggest why I might be seeing this error, what implications it might have, and how to resolve it?  So far I have seen the error when exporting from the Exchange 2013 domain into the Exchange 2010 one but not the other way around. I am using FIM 2010 R2 version 4.1.3419.0.

    Thanks

    Alan



    0 0

    Hello,

    I have an implementation where the corporate structure is maintained in a database.  There is an MA and set of sync rules defined to import that hierarchical structure into the metaverse.  There is also an MA and sync rules defined to push that structure to BHOLD. 

    Occasionally, the corporate structure changes (the name changes or is moved to a different parent).  Moves are handled properly by the MAs and rules.  However, renames or flat out deletions are not.  Renames are treated as a new entry.  The old entry gets disconnected at the SQL connector space, but the object remains in the metaverse (and AD and BHOLD).  I have the BHOLD MA configure to stage a delete on the next export (I've yet to test that).

    What I'd like to happen is to stage a delete of the metaverse object when the object is delete from the database.  Is there something in the box that will do that, or does that require a rules extension DLL?

    Or, can I not do that at all.  The whole purpose here is to make this a hands off operation.

    Thanks,

    Greg


    0 0
  • 11/03/15--00:46: Exchange support
  • Hi,

    We have FIM 2010 R2, and looking to upgrade our exchange to 2016.

    Does FIM 2010 R2 support exchange 2016 (presumably with a recent patch) or do we need to upgrade to MIM 2016 which I have not been able to find documentation if that supports exchange 2016 either. :(

    Thanks!


    0 0

    Hi Everyone,

    Please let me know if Microsoft provides BHOLD training or somewhere else I can find training.

    FYI, I already tried with Source solutions and they are no longer providing BHOLD training.

    Thanks in Advance.


    If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu


older | 1 | .... | 136 | 137 | (Page 138) | 139 | 140 | .... | 204 | newer