Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 144 | 145 | (Page 146) | 147 | 148 | .... | 204 | newer

    0 0

    Hi all.

    I currently have FIM 2010 R2 in my environment, and long term I want to move our identity management to either a server 2012 R2 or server 2016 server, depending on what is most suitable at the time.  All that we currently have is the sync service - the MIM service / portal etc are not installed, though I want to install them in the future.,

    FIM 2010 R2 is currently installed on a 2008 R2 server.  I tried in a test environment to install MIM 2016 fresh and migrate, but failed.  I decided that our best course of action was simply to do an in-place upgrade of FIM to MIM 2016 without changing services, and then later look at migrating the newly-installed MIM to a newer OS and SQL database version.  The inplace upgrade in my test environment was trivial.

    Unfortunately, I can't find any guidance for doing so.  Before I actually make my recommendation to the business, I want to just get a feeling of how difficult it would be to migrate MIM 2016 from a 2008 R2 server to 2012 R2 (or 2016 if supported).

    Since I plan to install the MIM service and portal, I'm also wondering about the difficulty to migrate those; should I install those on my 2008 R2 server once I've upgraded the sync service, or should I wait until I've migrated MIM to another server and install them there?  I don't know how much effort it takes to migrate the extra services...




    0 0

    So I am facing an issue with Password Registration Portal. If I change authentication mode from Windows to Basic, it will start working.

    What could cause the issue that when Windows authentication is enabled, Password Registration Portal won't work.

    Trying to access the portal, IE prompts credentials 3 times and then displays HTTP Error 401.1 Unauthorized Error page.

    The page says:

    Detailed Error Information:



    Module
       WindowsAuthenticationModule

    Notification
       AuthenticateRequest

    Handler
       PageHandlerFactory-ISAPI-2.0-64

    Error Code
       0x80090305



    Requested URL
       http://register.universum.com:66/default.aspx

    Physical Path
       C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal\default.aspx

    Logon Method
       Not yet determined

    Logon User
       Not yet determined


    0 0

    Hi All,

    There is a error "Extension Could not be loaded" while creating the Full Import of file based  ECMA 2.0.

    When refresh the interface, it shows the Management Agent support "Full Import".

    Unable to create any of the Run Profile of the MA. Kindly suggest and advice.

    Thanks & Regards,

    Anirban Singha


    0 0

    I referenced this article before MIM 2016 came out, but it seems that it may not now be accurate in respect of the new MIM 2016 (? must have a CAL) licencing.

    http://social.technet.microsoft.com/wiki/contents/articles/2487.how-to-license-fim-2010-and-mim-2016.aspx

    I will admit to not having dug too deep into MIM 2016 license option yet - but first glance now implies that SA on server is still the same, but the CAL is now mandatory for all situations?

    Rgds. Nigel.


    Boz


    0 0

    Hi all,

    I have a small problem using the Lotus Domino Connector. I can not get FIM to provision a user (International user, with and ID stored as an attachement) in Domino. Also I can not activate the logs on the connector. I have tried to follow these threads:

    http://social.technet.microsoft.com/wiki/contents/articles/21086.how-to-enable-etw-tracing-for-fim-2010-r2-connectors.aspx
    http://social.technet.microsoft.com/Forums/en-US/dbeeb280-4c2a-492f-9d5a-0c14d340ae0c/lotus-domino-connector-logging?forum=ilm2

    And for the config of the connector itself this one: https://msdn.microsoft.com/en-us/library/hh859750%28v=ws.10%29.aspx

    This is my config:

    - FIM 2010 R2 SP1

    - Lotus domino 8.5.3 HF6

    - Lotus domino client 8.5.3 HF6 install in single mode on the FIM box

    - Lotus Domino Connector build: 1.0.597.910

    I am using the Portal for my sync rules.

    I have activated the verbose logging on the DOMINO Server and I can see a connection made to the server by FIM but no provisionning.

    The connector gives me this error in the stack trace: Notes Error: Access to Data Denied.

    I am using an admin account, who is in the LocalAdmins Group on the domino server (I have check with a Notes admin and everything looks perfectly fine on the DOmino side).

    Also as mentionned I have been trying to activate the logging of the connector but without success. I have seen that I need to use ETW tracing, I have followed the instructions on the tehcnet site, I got the Source Name (connectorLog) however I do not know the ETW GUID (I have tried many GUID's with no success).

    I was wondering if anyone could lend me a hand to activate logging and provision a user. For information an update of the user in the domino directory works fine.

    Also I was wondering if someone had already succeded in making the connector work for provisioning.

    Thanks for your help.

    Sylvan


    0 0

    Dear community,

    we´ve the following situation: Two trusted AD-Forests, with Exchange 2010 in each forest. FIM 2010 R2 is running in Forest B.

    Forest A contains User mailboxes which needs to be cross-forest-moved to (Resource-)Forest B.

    For preparation/provisioning i´ve setup FIM by importing the following MS sample script: https://www.microsoft.com/en-us/download/details.aspx?id=17741

    This is working well, meaning that FIM creates disabled and mail-enabled AD accounts in Forest. Afterward i can use Exchange powershell scripts to move the mailboxes across the forest -> great!

    But i need to configure additional MAs for GAL-Synchronization as not all mailboxes are being moved to Forest B.

    Once i start to create a MA for GAL Sync i do receive the following error messages (at stage"Configure GAL"):

    Synchronization Service Manager is unable to import schema file.

    Attribute legacyExchangeDN differs inly in case with an existing attribute in server schema.

    The same for attributes msExchMasterAccountSid, displayName and. objectSid. For "publicDelegates" it´s different: ... has different indexable property with an existing attribute ....

    I´m not a FIM specialist and tried different things like editing the XML file, changed the case and everything, but i can´t get it running.

    Any hints?? I really appreciate as this is important for us to get it up and running.

    Thanks,
    Lars


    0 0

    The customer has let us know that they seem to have a gap in their FIM User Report. They see data up to 9.12.2015 and from 5.1.2016 to date. No updates (which there were several) are visible in the Report.

    On investigation 2 critical events were discovered.

    On 9th December 2015, the SQL support team "upgraded/patched" AND REBOOTED the MSSQL server.

    On 5th January 2016, the SQL support team "upgraded/patched" AND REBOOTED the DataWarehouse server.

    In FIM the Incremental reporting job completed successfully all through December 2015 but Failed on 5th Jan. 2016 as the DW services were not running. For some reason these 3 services are (were) Manual:

    System Center Data Access Service, System Center Management Configuration and System Center Management

    I guess the rebooting of the SQL Server on 9.12.2015 smashed all the DataWarehouse jobs leaving them in an unknown state until yesterday when I managed to..

    Start the 3 DW services, Restarted the MPSync and DWMaintenance jobs and waited 24 hours for them to complete, Run the ETL-Load ps script and now I see data in the reports from 5.1.2016 onwards :-)

    BUT!  I have no clue where the data changes sent by FIM 3 times a day from 9.12.2015 to 5.1.2016 are. It seems to be "in transit". FIM has sent it somewhere but the DataWarehouse jobs that I recently restarted seem unable to move it into the DataMart DB for reports to access it.

    Is there a way I can examine where these changes are? There seems a blockage somewhere. BUT WHERE? Can FIM possibly resend the data increments from 9.12.2015 to 5.1.2016?

    FIM Reporting relies on a whole load of processes on a whole load of servers, so many possible points of failure it is almost beyond belief that anything gets reported.


     


    0 0

    Hi

    Is there any way besides making the FIM action account member of Domain Admins to have it update properties on Domain Admin accounts?
    I would like to use FIM to synchronize information like name and phone numbers from the user regular  accounts to their admin accounts. But as they are Domain Admins I always get access denied.

    I tried to specifically add write permission on some of the attributes to FIM on one of the DA's and then FIM could update the info, but after a while the permission was gone again?

    Thanks

    Peter


    0 0
  • 01/19/16--07:01: GALSync and Office365
  • Hi

    I would like to implement MIM GALSync across three Exchange Organizations. One of them uses Office365 (AzureAD and ADDS are synchronized using AzureAD Connect). But they don’t have an Exchange Server on-premises anymore. From my perspective the only way to establish proper GALSync is to deploy Exchange 2013 CAS Server on-prem to be able to provision mail-enabled contacts. Is there a more elegant way?

    Another question. What would be the best way for GALSync if an Organization has Cloud-only Identities (No Sync between AzureAD and ADDS)?

    Thanks for any suggestions best regards

    Pirmin


    0 0

    Hi,

    Is the combination possible? Can I upgrade in place to MIM 2016 if i'm using SAP R/3 MA?


    GH


    0 0
  • 01/19/16--18:27: MIM SSPR vs Azure SSPR
  • Hi,

    Got a few questions around MIM and Azure AD SSPR.

    So MIM has the following SSPR options:

    1. Question and Answer Gate
    2. OTP Email Gate
    3. OTP SMS Gate
    4. Azure MFA using OTP SMS gate (is this the same OTP SMS Gate as above in item 3?)
    5. Azure MFA using Phone Gate

    I also see that Azure AD has its own SSPR, so:

    1. Do the same options (as per 1-5 above) exist in Azure AD as in MIM?
    2. When should we use the Azure AD SSPR vs the MIM SSPR?

    Additionally, MIM can also 'unlock' an AD account during a Password Reset operation - can this be done with Azure AD SSPR?

    Lastly, MIM allows different Gates to be used for Extranet vs Intranet users - does Azure AD SSPR cater for this too?

    Actually - what are the differences between MIM SSPR and Azure AD SSPR?

    Thank you,

    SK





    0 0

    Hello MSDN,

    Good day. We are trying to sync the user account and password from one Window Server AD to Window Server AD. We tested ADMT but it is ungraceful in long term synchronization. May we ask for your advise if what are the Microsoft supported tools that can sync user AD accounts and passwords from one AD to another AD in a separate forest? is MIM capable of syncing AD to AD?

    Any advise would be highly appreciated.

    Thanks,

    Glenn Sebastian



    0 0

    Hi all,

    I have a small problem using the Lotus Domino Connector. I can not get FIM to provision a user (International user, with and ID stored as an attachement) in Domino. Also I can not activate the logs on the connector. I have tried to follow these threads:

    http://social.technet.microsoft.com/wiki/contents/articles/21086.how-to-enable-etw-tracing-for-fim-2010-r2-connectors.aspx
    http://social.technet.microsoft.com/Forums/en-US/dbeeb280-4c2a-492f-9d5a-0c14d340ae0c/lotus-domino-connector-logging?forum=ilm2

    And for the config of the connector itself this one: https://msdn.microsoft.com/en-us/library/hh859750%28v=ws.10%29.aspx

    This is my config:

    - FIM 2010 R2 SP1

    - Lotus domino 8.5.3 HF6

    - Lotus domino client 8.5.3 HF6 install in single mode on the FIM box

    - Lotus Domino Connector build: 1.0.597.910

    I am using the Portal for my sync rules.

    I have activated the verbose logging on the DOMINO Server and I can see a connection made to the server by FIM but no provisionning.

    The connector gives me this error in the stack trace: Notes Error: Access to Data Denied.

    I am using an admin account, who is in the LocalAdmins Group on the domino server (I have check with a Notes admin and everything looks perfectly fine on the DOmino side).

    Also as mentionned I have been trying to activate the logging of the connector but without success. I have seen that I need to use ETW tracing, I have followed the instructions on the tehcnet site, I got the Source Name (connectorLog) however I do not know the ETW GUID (I have tried many GUID's with no success).

    I was wondering if anyone could lend me a hand to activate logging and provision a user. For information an update of the user in the domino directory works fine.

    Also I was wondering if someone had already succeded in making the connector work for provisioning.

    Thanks for your help.

    Sylvan



    0 0

    Hi All,

    I like to achieve the GAL Synchronization between two office 365 Tenant using FIM 2010R2

    My Environment :On Premise AD , Azure AD , 2 Office 365 Tenant

    User Synchronization happens using DIRSYNC between On Premise AD and Azure AD. And I have 2 OU as SITE A and SITE B. SITE A users have separate Office 365 Tenant and SITE B users have separate Office 365 Tenant. Now I need to perform GAL Synchronization.

    Please suggest which solution will be feasible.

    Approach 1

    Using FIM AAD Connector , SITE A user will be provisioned as contact in Azure AD SITE B and SITE B users will be provisioned as Contact in Azure AD SITE A.

    Approach 2 : Using FIM- GAL MA I will create a contact in On premise AD itself on both OU and then only contact will synchronize  to Azure AD.

    Thanks in Advance

    Regards,

    Sridhar


    Sridhar


    0 0

    Currently we're using the FIM Portal's Synchronization Rules to provision users in AD and we're facing a problem with the DN because the attribute contains "DisplayName" instead of a unique value. We have flows for the initial flow and not initial (to handle if user's surname changes). Is there a way to add something more to the current DN without breaking anything? The issue now is that since there are couple of users with same names, the synchronization fails because of the duplicate DN already existing in AD...


    0 0

    Hello All,

    Configuring GalSync / FreeBusy and facing lot of issues.

    Requirement: We need to galsync, freebusy and delegation of mailboxes between the 2 AD forests by using AD Forest trust.

    We have forest A and Forest B. Installed FIM2010 R2 and SQL 2008 R2 STD. in forest A. We have created 2 MA agents for Forest A and Forest B.

    We did Full Import Stage and Full Sync happened. Now when we tried Delta Import, Delta Sync and Export, its changed the Primary Email address at Forest B.

    Can anyone shed some light on this issue as I am troubleshooting but not getting any articles to this kind of errors to resolve.

    Any help really appreciated

    Regards

    Anand S


    Thanks & Regards Anand Sunka MCSA+CCNA+MCTS


    0 0

    Hello!

    I have 2 forests A and B in 2-way trust.

    I need add manager from forest A for user from forest B.

    From ADUC I can't do it. I can do it only with Foreign Security Principals but in Preperties of user I see only account name.


    Alex


    0 0

    Hi,

     I've setup FIM 2010 R2 to provision AD accounts and Exchange 2010 mailboxes based on inputs from a CSV file (they're actually CSVDE exports from another domain). Account provisioning and deprovisioning works fine. I'm also using self service password resets. I need to revisit my setup to ensure that the architecture is highly available. Achieving true HA within FIM 2010 was always difficult (I'm thinking the FIM Synchronization service here). I'm considering moving to using MIM 2016, but have a few questions (as I've found getting information to be difficult):

    - Can MIM 2016 provision AD accounts and Exchange 2010 mailboxes based on a CSV input file?
    - Can MIM be configured for true HA?
    - Does MIM come with SSPR functionality?

    Thanks

    A

     


    IT Support/Everything


    0 0

    Hi,

    Are there any requirements with regards to MIM 2016 deployment / features and AD Forest/Domain Functional Levels?

    Thanks,

    SK



    0 0

    How to feed value for " userSharedFolder" attribute for multiple users from provided file?

older | 1 | .... | 144 | 145 | (Page 146) | 147 | 148 | .... | 204 | newer