ADFS/WS-Federation implementation

We are trying to implement ADFS/WS-Federation, between two independent domains to provide SSO for two .Net applications running independently. I have following general questions to get an idea:

1. Do we have to create Trust between two AD domains or WS-Federation can be implemented through web services without Trust implementation
2. Do we have to create all the users in both AD domains so users can login different applications running in both sides?
3. Does WS-Federation support both Form authentication and windows authentication?

JIM.H.

Hi All,

I am trying to change the out of the box validation for Employee Type for Users in the portal with Employee, Non-employee and Contractor. The validation xPath that I have used at the resource attribute binding (through Schema Management)

^(Employee|Non\-employee|Unknown)?$

I have also initially tried  ^(Employee|Non-employee|Unknown)?$  which of course doesn't work as I have not used the escape character.

Unfortunately, none of these are working. So wondering if any one has ay other suggestion. I was also thinking about trying the validation at the configuration XML. Wondering what you guys think about it.

I will appreciate any help.

Thanks.

Ray.

I am deploying FIM 2010 R2 SP1 Reporting on a test environment. However, in the post installation phase, the Start-FIMReportingIncrementalSync.ps1 script is failing with the following error (the Start-FIMReportingInitialSync completed successfully though). Any insight on what's causing this and how to resolve it?

Import-FIMConfig : Failure when making web service call.
SourceObjectID = ff1315de-ed7c-4b0f-90b4-036f8f983faa
Error = The web service client has encountered the following class of error: SystemConstraint
Details: Failed Attributes:
Additional Text Details: The Request contains changes that violate system constraints.
Correlation Identifier: 2fcd66be-c0ba-41ff-8019-8210cb1f21b5
Failure Message:
Request Identifier:
At C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell\Start-FIMReportingIncrementalSync.ps
1:46 char:47
+     $undone = $importObject | Import-FIMConfig <<<<  -uri $uri;
    + CategoryInfo          : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException
    + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

Thanks,
John

Using the Windows Azure Synchronization Service Manager, a consultant mistakenly had us delete the Attribute Flows for both contacts and group objects. The consultant is gone, but I need to re-enter those attribute flows in order to enable those object types to sync. Could anyone provide a list of the default attribute flows for these object types? I could probably re-enter the flows manually, but the attribute names in AD don't always match the metaverse attribute names, and I'd like to have a list to go by.

On another, related topic, I tried running the dirsync config tool again, to see if it would replace or rebuild the missing attribute flows, but I'm getting a user name or password error on the last page of the wizard, and I confirmed that both the cloud and on-premises accounts and passwords are accurate. The event log just notes the creation and password change of the MSOL_* account, but no errors. Any idea what's going on there? Re-running the wizard to rebuild the dirsync config would be preferable to re-entering all of those missing attribute flows.

Thanks,

Mike

Hi,

I'm adding a comments field to the join groups page in FIM, and I managed to get my custom aspx page to display just fine. I downloaded a couple of assemblies from codeplex in order to get access to portal webcalls which I use in my codebehind of the aspx page.

The problem I have now is that when I click on submit, I get an error:

"An error occurred creating the configuration section handler for system.servicemodel/bindings. That assembly does not allow partially trusted callers (web.config line 270)"

I have no idea what this error is all about, and would appreciate any kind of help. AFAIK, the error is originating from the wsHttpContextBinding binding and not from the wsHttpBinding.

I added the downloaded assemblies (Microsoft.ResourceManagement.Client and Microsoft.ResourceManagement.ObjectModel) to the <SafeControl> list and I have setup all the endpoints etc correctly as far as I can tell. The web.config file in full is shown below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><configuration><configSections><sectionGroup name="SharePoint"><section name="SafeControls" type="Microsoft.SharePoint.ApplicationRuntime.SafeControlsConfigurationHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><section name="RuntimeFilter" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartLimits" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartCache" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartWorkItem" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartControls" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="SafeMode" type="Microsoft.SharePoint.ApplicationRuntime.SafeModeConfigurationHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><section name="MergedActions" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="PeoplePickerWildcards" type="System.Configuration.NameValueSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /></sectionGroup><sectionGroup name="System.Workflow.ComponentModel.WorkflowCompiler" type="System.Workflow.ComponentModel.Compiler.WorkflowCompilerConfigurationSectionGroup, System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"><section name="authorizedTypes" type="System.Workflow.ComponentModel.Compiler.AuthorizedTypesSectionHandler, System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></sectionGroup><section name="resourceManagementClient" type="Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection, Microsoft.ResourceManagement, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"><sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"><section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /><sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"><section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" /><section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /><section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /><section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /></sectionGroup></sectionGroup></sectionGroup></configSections><SharePoint><SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false"><PageParserPaths></PageParserPaths></SafeMode><WebPartLimits MaxZoneParts="50" PropertySize="1048576" /><WebPartCache Storage="CacheObject" /><WebPartControls DatasheetControlGuid="65BCBEE4-7728-41a0-97BE-14E1CAE36AAE" /><SafeControls><SafeControl Assembly="System.Web, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="System.Web, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.HtmlControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="SqlDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="AccessDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="XmlDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="ObjectDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebPartPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.ApplicationPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.SoapServer" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Meetings" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebPartPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.ApplicationPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.SoapServer" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Meetings" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint.Search, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Search.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" />
<!-- New Assemblies to be trusted --><SafeControl Src="~/bin" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.ResourceManagement.Client" Namespace="Microsoft.ResourceManagement.Client" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.ResourceManagement.ObjectModel" Namespace="Microsoft.ResourceManagement.ObjectModel" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><!-- End new assemblies sections -->
<SafeControl Assembly="Microsoft.SharePoint.Search, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Search.Internal.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Src="~/_controltemplates/*" IncludeSubFolders="True" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="Microsoft.IdentityManagement.WebUI.Controls" TypeName="*" Safe="True" /><SafeControl Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Web.UI" TypeName="*" Safe="True" /></SafeControls><PeoplePickerWildcards><clear /><add key="AspNetSqlMembershipProvider" value="%" /></PeoplePickerWildcards></SharePoint><system.web><securityPolicy><trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_mediumtrust.config" /><trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config" /></securityPolicy><httpHandlers><remove verb="GET,HEAD,POST" path="*" /><add verb="GET,HEAD,POST" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add verb="OPTIONS,PROPFIND,PUT,LOCK,UNLOCK,MOVE,COPY,GETLIB,PROPPATCH,MKCOL,DELETE,(GETSOURCE),(HEADSOURCE),(POSTSOURCE)" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></httpHandlers><customErrors mode="On" /><httpRuntime maxRequestLength="51200" /><authentication mode="Windows" /><identity impersonate="true" /><authorization><allow users="*" /></authorization><httpModules><clear /><add name="ILMError" type="Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add name="SPRequest" type="Microsoft.SharePoint.ApplicationRuntime.SPRequestModule, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="OutputCache" type="System.Web.Caching.OutputCacheModule" /><add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" /><add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" /><add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" /><add name="RoleManager" type="System.Web.Security.RoleManagerModule" /><!-- <add name="Session" type="System.Web.SessionState.SessionStateModule"/> --><add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></httpModules><globalization fileEncoding="utf-8" /><compilation batch="false" debug="false"><assemblies><add assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add assembly="Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add assembly="Microsoft.ResourceManagement, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></assemblies><expressionBuilders><remove expressionPrefix="Resources" /><add expressionPrefix="Resources" type="Microsoft.SharePoint.SPResourceExpressionBuilder, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add expressionPrefix="SPHtmlEncodedResources" type="Microsoft.SharePoint.SPHtmlEncodedResourceExpressionBuilder, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add expressionPrefix="SPSimpleFormattingEncodedResources" type="Microsoft.SharePoint.SPSimpleFormattingEncodedResourceExpressionBuilder, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /></expressionBuilders></compilation><pages enableSessionState="false" enableViewState="true" enableViewStateMac="true" validateRequest="false" pageParserFilterType="Microsoft.SharePoint.ApplicationRuntime.SPPageParserFilter, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" asyncTimeout="7"><namespaces><remove namespace="System.Web.UI.WebControls.WebParts" /></namespaces><tagMapping><add tagType="System.Web.UI.WebControls.SqlDataSource, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" mappedTagType="Microsoft.SharePoint.WebControls.SPSqlDataSource, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /></tagMapping><controls><add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add tagPrefix="IdentityManagement" namespace="Microsoft.IdentityManagement.WebUI.Controls" assembly="Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add tagPrefix="IdentityManagement" namespace="Microsoft.IdentityManagement.WebUI.Controls" assembly="Microsoft.IdentityManagement.WFExtensionInterfaces, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></controls></pages><siteMap defaultProvider="SPSiteMapProvider" enabled="true"><providers><add name="SPNavigationProvider" type="Microsoft.SharePoint.Navigation.SPNavigationProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="SPSiteMapProvider" type="Microsoft.SharePoint.Navigation.SPSiteMapProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="SPContentMapProvider" type="Microsoft.SharePoint.Navigation.SPContentMapProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="SPXmlContentMapProvider" siteMapFile="_app_bin/layouts.sitemap" type="Microsoft.SharePoint.Navigation.SPXmlContentMapProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="ILM2MapProvider" siteMapFile="~//_layouts//MSILM2//Microsoft.IdentityManagement.sitemap" description="Provider for navigation on Forefront Identity Manager" type="System.Web.XmlSiteMapProvider" /></providers></siteMap><trust level="WSS_Minimal" originUrl="" /><webParts><transformers><add name="TransformableFilterValuesToFilterValuesTransformer" type="Microsoft.SharePoint.WebPartPages.TransformableFilterValuesToFilterValuesTransformer, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="TransformableFilterValuesToParametersTransformer" type="Microsoft.SharePoint.WebPartPages.TransformableFilterValuesToParametersTransformer, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="TransformableFilterValuesToFieldTransformer" type="Microsoft.SharePoint.WebPartPages.TransformableFilterValuesToFieldTransformer, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /></transformers></webParts><machineKey validationKey="CADE491C28E1AC53F7C65CB5ADB0D6AE154150C086DB0B4B" decryptionKey="70A5439B602A16FCDB4940996C96246537665ACE38F9686E" validation="SHA1" /></system.web><runtime><assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.OleDb" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.SoapPT" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.Sts" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.XmlUrl" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.intl" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Library" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Security" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><probing privatePath="bin;_app_bin" /><dependentAssembly><assemblyIdentity name="Microsoft.Identitymanagement.Activities" publicKeyToken="31bf3856ad364e35" culture="neutral" /><bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.3451.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.IdentityManagement.WFExtensionInterfaces" publicKeyToken="31bf3856ad364e35" culture="neutral" /><bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.3451.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.ResourceManagement" publicKeyToken="31bf3856ad364e35" culture="neutral" /><bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.3451.0" /></dependentAssembly></assemblyBinding></runtime><location path="_layouts/images"><system.web><authorization><allow users="*" /></authorization></system.web></location><location path="_layouts/mobile/mbllogin.aspx"><system.web><authorization><allow users="*" /></authorization></system.web></location><System.Workflow.ComponentModel.WorkflowCompiler><authorizedTypes><authorizedType Assembly="System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Workflow.*" TypeName="*" Authorized="True" /><authorizedType Assembly="System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Workflow.*" TypeName="*" Authorized="True" /><authorizedType Assembly="System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Workflow.Runtime" TypeName="CorrelationToken" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Guid" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="DateTime" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Boolean" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Double" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="String" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Collections" TypeName="Hashtable" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Collections" TypeName="ArrayList" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Diagnostics" TypeName="DebuggableAttribute" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Runtime.CompilerServices" TypeName="CompilationRelaxationsAttribute" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Runtime.CompilerServices" TypeName="RuntimeCompatibilityAttribute" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Int32" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="TimeSpan" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Collections.ObjectModel" TypeName="Collection`1" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="SPWorkflowActivationProperties" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="SPWorkflowTaskProperties" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="SPWorkflowHistoryEventType" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint.WorkflowActions, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WorkflowActions" TypeName="*" Authorized="True" /></authorizedTypes></System.Workflow.ComponentModel.WorkflowCompiler><resourceManagementClient resourceManagementServiceBaseAddress="http://FIM:5725" timeoutInMilliseconds="60000" /><system.webServer><httpProtocol><customHeaders><add name="X-UA-Compatible" value="IE=EmulateIE7" /><add name="X-FRAME-Options" value="SameOrigin" /></customHeaders></httpProtocol><validation validateIntegratedModeConfiguration="false" /><modules><add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></modules><handlers><remove name="WebServiceHandlerFactory-Integrated" /><add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></handlers></system.webServer><!-- Add bindings and endpoints --><system.serviceModel><diagnostics><messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" /></diagnostics><bindings><wsHttpBinding><binding name="MetadataExchangeHttpBinding_IMetadataExchange" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="965536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="None"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /></security></binding></wsHttpBinding><wsHttpContextBinding><binding name="ServiceMultipleTokenBinding_Resource" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_ResourceFactory" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_Enumeration" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="165536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_Alternate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_SecurityTokenService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding></wsHttpContextBinding></bindings><client><endpoint address="http://fim:5725/ResourceManagementService/Resource" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Resource" contract="Resource" name="ServiceMultipleTokenBinding_Resource"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/ResourceFactory" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_ResourceFactory" contract="ResourceFactory" name="ServiceMultipleTokenBinding_ResourceFactory"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/Enumeration" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Enumeration" contract="Enumerate" name="ServiceMultipleTokenBinding_Enumeration"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/Alternate" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Alternate" contract="Alternate" name="ServiceMultipleTokenBinding_Alternate"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/MEX" binding="wsHttpBinding" bindingConfiguration="MetadataExchangeHttpBinding_IMetadataExchange" contract="IMEX" name="MetadataExchangeHttpBinding_IMetadataExchange"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5726/ResourceManagementService/SecurityTokenService/Registration" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_SecurityTokenService" contract="ISecurityTokenService" name="ServiceMultipleTokenBinding_SecurityTokenService"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint></client></system.serviceModel></configuration>

Thanks in advance

Hi,

I am configuring a demo using FIM 2010 R2 SP1 (sync, service and portal) running on Server 2012 and SQL 2012.

Additionally I need to integrate the BHOLD SP1 suite into the solution.

As SP2 for Sharepoint Foundation 2010 is not released yet I need to use Sharepoint Foundation 2013 on Server 2012.

There is enough information online available to set up FIM with SP2013 (big thanks to all writers out there!).

BUT: will BHOLD SP1 run against/integrate with Sharepoint Foundation 2013? I cannot find any hints towards support for this scenario.

NOTE: as this is a demo I do not require 'official support' but just an indication if it will work. I am on a tight schedule otherwise I would just try that alley myself and see where it leads.

Kind regards,

Danny Alvares Senior Technology Consultant

While installing FIM Synchronization Service I got the below error,

Error 25009. The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified Database.OLEDB Provider Information:

Description='ログインできませんでした。このログインは信頼されていないドメインからのログインなので、Windows認証では使用できません。'

Failure Code = 0x80004005

Minor Number = 18452<hr=0x80230406>

Hello

I created new user in FIMPortal, when i'm trying export user to Active Directory (FIM Service Managemenet Agent - Profile "EXPORT"), I'm getting below error:

failed-modification-via-web-servicesDetail:

Fault Reason: The endpoint could not dispatch the request.\r\n\r\nFault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Exception: Other 
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&gt; System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.GetDomainConfigurationIdentifiersFromDomain(String domainName)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.AddDomainConfigurationFromDomain(CreateRequestParameter domainNameParameter, RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
   --- End of inner exception stack trace ---</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource><AdditionalTextDetails>Request could not be dispatched.</AdditionalTextDetails></DispatchRequestAdministratorDetails><CorrelationId>7e5764e5-06e6-4dde-8a05-ea483ad7e627</CorrelationId></DispatchRequestFailures>

Hello,

I have created a SQL MA, AD MA and the FIM MA.
I am now managing users within the AD MA; provisioned from data within the SQL MA.
I have configured the data source of the SQL MA to have rows with object type 'group'.

I have been following the instructions in Microsoft Forefront Identity Manager 2010 R2 Handbook, TechNet 'How do I' articles and general Googling. However I seem to be stumbling when configuring FIM for managing AD Security groups.

I have create some sync rules within FIM Portal and I'm getting errors regarding mandatory fields. I suspect this is because I have not yet configured the FIM Service MA. I have been trying to configure FIM MA and the attribute flows for Group objects but the 'type' attribute is missing... I am away from my environment at the moment but I suspect other attributes are missing too. I do see an attribute 'ObjectType' but I suspect that is not the one I'm after...

I am at this step in the TechNet 'How do I' article: TechNet - How Do I Synchronize Groups from Active Directory Domain Services to FIM - Configuring the Fabrikam FIMMA - Attribute Flow

Tips, ideas, pointers or answers welcome! :)

Thanks
mtwelve

I am attempting to import users from my AD Management Agent into the FIM Metaverse. Some of the users have an employeeType attribute that contains data with parentheses therein. For example: Counsel (Self-Employed)

I am getting an error when I run the 'Export' run profile; failed-creation-via-web-services. Details of the error message are shown below.

Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="<AttributeRepresentationFailure><AttributeType>EmployeeType</AttributeType><AttributeValue>Counsel">http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>EmployeeType</AttributeType><AttributeValue>Counsel (Self-Employed)</AttributeValue><FailureMessage>Exception: ValueViolatesRegularExpression Target(s): Rundio, Louis
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: ValueViolatesRegularExpression
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateObjectAttributes[T](RequestType request, Guid objectIdentifier, String objectTypeName, IEnumerable`1 parameters, OperationType operationType)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateInputRequestCreate(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>ValueViolatesRegularExpression</AttributeFailureCode><AdditionalTextDetails>The specified attribute value does not satisfy the regular expression.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>d22ff147-b62d-431e-b421-37afc73daf73</CorrelationId></RepresentationFailures>

What must I do to successfully import these users whose employeeType attribute contains parentheses?

I am trying to setup an outbound synchronization of my user accounts in FIM to an AD LDS instance. I have setup the AD LDS outbound management agent and a corresponding sync rule. I have setup a management policy, workflow, set (of users) and linked them all together. I have set the existence tests to check if attribute values exist or not. I have also removed the existence tests. Either way makes no difference.

However, when I run the FIM MA with a Full Import, Full Sync, Export, Delta Import, Delta Sync and then a Full Import, Full Sync for the AD LDS Outbound MA nothing happens.

Can someone please provide me with a set of detailed instructions on how to make this work? Or, a definitive souce of known good documentation that defines this task.

Thanks in advance.

H. Miller

José Anderson Santiago Microsoft Community Contributor - MCP - MCDST - MCSA - MCTS - MCITP - MCT / Se a resposta foi útil classifique.

I have configured FIM 2010 R2 with two MAs (FIM and AD).  FIM MA has attribute flows using the MA, AD MA has attribute flows via the Synchronization Rules.

I have created Synch rules for both AD users import and AD users export.  The attributes are more or less the same.

Under the metaverse designer, I have configured equal precedence for attributes.

The initial load was fine, FIM was populated with my AD users.  Changes in AD are replicated to FIM.  However, when I make changes in FIM, the changes are rolled back or overwritten by the metaverse at the next sync.  Basically, I only ever get queued exports to FIM and never any to AD.

I've probably overlooked something very simple but cannot put my finger on it.  Any suggestions welcome.

There do not appear to be any relevant errors in either the FIM or application event logs.

We have win2003DCs  and win2008 DCs .

We plan to update all existing PCNS agents which are installled to all win2003,win2008DC.

Is there any good way to update PCNS agent without any end user negative impact ? 

All,

We are planning to load balance three password registration and reset portals that will be used by network and non-network users. I haven’t found an official guide from Microsoft on how to do this so I wanted to run the scenario by the group to see if anyone could suggest best practices. I used this document for part of my design solution.

Business Case:

Allow end users on the internal network, as well as external remote users not on the network, to register for and reset their network passwords without calling the company help desk.

Standard Set Up:

1. We already have connectivity to FIMService so all needed ports are open between portal machines, FIM Service and FIM Sync.
2. There are three VMs:  server1.acme.com, server2.acme.com, server3.acme.com
3. These machines are available for internal users on the company network as well as external non-network users via reverse proxy
4. IIS 7.5 installed on the password portal servers and SharePoint is not present
5. Password and registration portal installed on each machine
6. Single network adapter and IP  per machine
7. Single password service account (FIMPassword)
8. There are three DNS entries for password registration that point to each server passwordregistration1.acme.com, passwordregistration 2.acme.com, passwordregistration 3.acme.com
9. There are three DNS entries for password reset  that point to each server passwordreset1.acme.com, passwordreset 2.acme.com, passwordreset 3.acme.com
10. We will have a NLB with the main addresses as passwordreset .acme.com and passwordregistration .acme.com in front of the DNS entries
11. We will set SPNS on FIMPassword passwordregistration1-3  and passwordreset1-3 along with the main passwordreset .acme.com and passwordregistration .acme.com addresses
12. We plan to set up IIS to use the appPool per the document instructions

Questions:

1. Based on the game plan above, is this a valid approach to load balance three servers available to both internal and external users?
2. Are there any other settings that we need to update to make the sites accessible to both network and non-network users?
3. Any other recommendations for items we might have missed?

Cheers!

Hi,

I'm developing an ECMA 2.2 and I have set the Anchor attribute to be the objectSid. I have to use powershell (from within the C# MA code) to obtain the objectSid.

The trouble I have now is that I'm unable to translate this objectSid into the right format (to be honest, I don't even know what format it is returned in).

When coding the schema, I code the "ObjectSid" attribute as an AttributeType.Binary

public Schema GetSchema(KeyedCollection<string, ConfigParameter> configParameters)
        {
            Microsoft.MetadirectoryServices.SchemaType userType = Microsoft.MetadirectoryServices.SchemaType.Create("user", false);
            userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("AccountName", AttributeType.String)); // AccountName is the anchor attribute
            userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("Email", AttributeType.String));
            userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("SipAddress", AttributeType.String));
            userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("EmployeeID", AttributeType.String));
            userType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("ObjectSid", AttributeType.Binary));
            Schema schema = Schema.Create();
            schema.Types.Add(userType);
            return schema;
        }

Then I populate the ObjectSid like so:

                    csentry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("ObjectSid", obj.Members["ObjectSid"].Value));

where obj is a powershell object which contains the result of a powershell command execution which gets the objectSid. 

This doesn't work and I get an error in the Server logs:

How should I handle the objectSid conversion here? Totally lost since I thought the objectSid would be returned as a byte[] array but instead it is being returned as a string.

Thanks

I am trying to customize the registration portal so that only four questions appear, but the user is able to select different questions from a drop down. Currently it just lists the 10 questions populated through the FIM workflow.

I also need to customize the screens in the rich client, when users are using the SSPR from the desktop, to include company branding. As well as re-word some of the errors they end-user may see. I was able to get the branding and error messages switched in the web portal.

Please let me know if this is possible and if so how?

We are implementing the FIM Outlook plug-in for Outlook 2007. We would like to disable the ability for a user to use the global address book to manage groups and to only us the FIM plug-in. We believe we can prevent users from managing groups via the GAL via group policy but require the control id of the "Modify Members" button displayed below in the image. Does any one know the control id for this button or how to obtain it or a different approach as our understanding is that we should not allow users to manage distribution list both through the GAL and the FIM plug-in. Thanks for your help!

We use FIM .

I backuped SQL2008R2 DB of FIM and restored test FIM environment.

After restore, I reconfigure test FIM install but , The computer_id in the database does not match error happen and I could not start FIM sync service.

What shoud I do ?

If we use domain account for FIM sync service , we need to create and use AD security group ( domain\FIMadmins ,etc),

and if we use local account for FIM sync service , we need to use FIM server localgroup (FIMhostname\FIMadmins ,etc) ?