Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 154 | 155 | (Page 156) | 157 | 158 | .... | 204 | newer

    0 0


    I'm using the FIM webservices to create Persons. I'm also able to set their properties (ex:phone).

    The Person type has a custom field that is being sucessfully manipulated via the FIM Portal but when I try to set that custom field the FIM webservice I get the erro:Message: Fault Reason: Policy prohibits the request from completing.

    I'm a developer and I'm not sure what I need to tell the FIM Admin guy what should be enabled/disabled. Any MPR?

    Thanks for your help,


    0 0

    Hi All,

    I am connecting to web service through ECMA 2.0 and got the no-start-ma issue. Also find the eventlog for the MA. When i connect from normal C# code for the same webservice it was working fine.  When I run  full import on my ECMA2.0 its shows this error. 

    EVENT 1:


    The extensible extension returned an unsupported error.
     The stack trace is:

     "Microsoft.MetadirectoryServices.TerminateRunException: Web Exception : Unable to connect to the remote server - HTTP Status :  (-1)
       at MobileIron_MA.EzmaExtension.OpenImportConnection(KeyedCollection`2 configParameters, Schema types, OpenImportConnectionRunStep importRunStep)
    Forefront Identity Manager 4.1.3496.0"

    EVENT 2:


    The management agent controller encountered an unexpected error.

     "BAIL: MMS(8328): d:\bt\16961\private\source\miis\ma\extensible\extensionmanager.cpp(620): 0x80230731 (unable to get error text)
    BAIL: MMS(8328): d:\bt\16961\private\source\miis\ma\extensible\extensionmanager.cpp(1463): 0x80230731 (unable to get error text)
    BAIL: MMS(8328): d:\bt\16961\private\source\miis\ma\extensible\import.cpp(404): 0x80231348 (unable to get error text)
    BAIL: MMS(8328): d:\bt\16961\private\source\miis\cntrler\cntrler.cpp(2817): 0x80231348 (unable to get error text)
    ERR_: MMS(8328): d:\bt\16961\private\source\miis\shared\utils\libutils.cpp(10174): Failed to start run because of undiagnosed MA error

    EVENT 3:

    The management agent "WebService MA" step execution completed on run profile "Full Import (Stage Only)" but the watermark was not saved.
     Additional Information
     Discovery Errors       : "0"
     Synchronization Errors : "0"
     Metaverse Retry Errors : "0"
     Export Errors          : "0"
     Warnings               : "0"




    0 0

    Hi everybody,

    actually I´m forcing a very huge problem for me and my customer. Here is a short explanation what configuration we have:

    -MIM 2016 with Password Registration and Reset Portal on Server1

    -Password Reset Portal for extranet on Server2

    We are trying to publish the Password-Reset Site for the extranet through an Reverse-Proxy called NginX. The reverse proxy is slightly difficult to understand so here is another example:

    Our customer has the following site published:

    after the .com the service application is hosted like this:

    actually what this reverse proxy internal does is, translate this into an interal url


    BUT the Password Reset service is just available at this site


    I hope everything is clear until this point.

    So, to make the Password Reset working, the application must be available through this url


    Actually I can provide this through an virtual directory in IIS but then no Scripts and no CSS are working, because of a absolute and not relative paths in the sourcecode I think.

    So my question is: is it possible to install the MIM Password Reset into an directory shifted one to the right?

    So not into C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Portal

    but into

    C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Portal\pwdservice

    I know, this is a very specific request and hope that someone can help me! Anthony I am counting on you as the developer :-)

    Thank you very much in advance!


    0 0
  • 04/13/16--07:03: FIM Sync keeps refreshing
  • I've installed and configured a few FIM Sync Service environments in the past and every so often I find the Sync Service, seemingly randomly, starts to "tick", or refresh, at a frequent interval. Restarting the service/server does not stop this - it just seems to continue doing it forever. It makes navigating through run history difficult as every time it refreshes, the operations tab reverts to the top.

    Does anyone know what causes this and more importantly how to stop it?

    0 0

    I have a set in FIM that has datatime criteria. When I view the members in FIM, I can see the users. When I use the export-config powershell command, it is not retrieving users. It is working fine if it is not a temporal set. How can I export users belonging to a temporal set in FIM.

    $users = export-fimconfig -uri $URI `
                                      –onlyBaseResources `
                                      -customconfig "/Person[(ObjectID=/Set[ObjectID = '$SetId']/ComputedMember)]" | Convert-FimExportToPSObject

    0 0


    is there a way to provision an attribute on account creation only - like a "fire and forget"-Attribute? I already did some research but within "MapAttributesForExport" there is obviously no method to get the ModificationType, thus I am stuck. Any help is much appreciated.



    0 0

    Hi , im getting blow error when I trying ADMA export .  in preview AD outbout syn rule

    this my DN string .


    I have values in MV for Company and accountName attributes and President give is FIMAM .

    also I have modify below attributes export flow from  63 CHR

    Title-> Titleto 'Left(Title,63) -> Title

    'company -> company' to 'Left(company,63) -> company.

    Still no luck .. I was wondering how do we troubleshot this type of issues ?

    0 0


    Recently i changed the list of approvers.

    The problem is when people choose an approver, fim remebers the name by default. So next time the approver is automatically selected.

    However, when i change the approvers set, the old approver is still selected by default. This means people select an approver who isn't in the approvers set,and create a request that can't be approved. I found out it is possible to enter any resolved name without causing errors..

    Is there a way to check if a valid approver is selected before submitting the request? So i can prevent users from selecting invalid approvers?


    0 0


    I have a SharePoint connector which is successfully provisioning users which I want to extend to groups, but on an export I'm getting the following error:

    An error was encountered saving MemberGroup

    Any ideas? Has anyone done an export of groups and can share what attributes they populated?



    0 0


    Brief detail about the issue is when FIM trying to delete SMB we are receiving below error. MPR of this delete has WF
    which only changes value of Recycle bin attribute to True from false error details are shown below. Can somebody help to find what is wrong with this.

    Error processing your request: The operation was rejected because of access control policies.

    Reason: The server workflow rejected the operation.




    Details: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes() at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString() at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly) at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime) at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, CultureInfo locale, Guid requestor, String[] attributeNames, Boolean includeInlineRights) at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, String[] attributeNames) at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.Read(Guid objectId, CultureInfo locale, Nullable`1 requestor, Nullable`1 resourceTime, String[] requestedAttributes, Boolean includeRights) at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessOutputRequest(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)

    Thanks ,Venky

    0 0


    First of all, thanks for the Generic LDAP Connector. It's a great product.

    We are using it to integrate to an LDAP v3 compliant LDAP catalog.

    However, we are having some issues flowing attributes. Apparently, the connector present a "primary" object class of "inetOrgPerson" to MIM2016 (see attached image). The object in the catalog also has the object class "person".

    We need to flow lastName -> sn, but the flow is naturally not done as the object type is "wrong". The object is presented to MIM as inetOrgPerson, and not person which is the object that has the sn attribute in the catalog.

    However, the object in the catalog actually has the class person, as well as inetOrgPerson.

    Any suggestions? How is this supposed to work?


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    0 0

    Hello All,

     I was refreshing schema of file based connector, but getting a synchronization error "Unable to update management agent. Access denied". However when i am creating a new file based connector using the same domain account it is allowing me to create. kindly suggest.




    0 0
  • 04/20/16--01:03: Nested IIF statements
  • I have a (not very elegant) idea for setting a MV attribute based on the presence of a string in the DN of a user that is being imported.
    I got the following from another post, can't remember where. This is a work-around for not having a function that searches for a string within another string. Basically, if the DN contains "sales department", flow "Sales Department" to an attribute.

    IIF(NotEquals(ReplaceString(dn,"Sales department",""),dn),"Sales department","Other department")

    That works fine. There are obviously a few departments, so I want to nest the IIF statements.
    I would expect this to work:

    IIF(NotEquals(ReplaceString(dn,"sales department",""),dn)),"sales department",IIF(NotEquals(ReplaceString(dn,"accounts department",""),dn)),"accounts department","another department"

    But it doesn't. When inputting the flow definition, I get "The function IIF is not correctly formatted".
    Is there a limitation to nesting of IIF statements in custom expressions?

    The other way I can think of to do this is to add a bit of compiled code that references an array of "allowed departments" from a text file.

    Many thanks!

    0 0
  • 04/20/16--02:41: Function Evaluator Activity
  • I've got a requirement to add a Function Evaluator Activity in a workflow to set a value of attribute which is binded to another resource type apart from User. But when I try searching in the dropdown post selecting Concatenate Value I'm not able to see the attribute being created for another object type. Can anyone please suggest how can I add attribute which I can see and use in the workflow activity i.e. Function Evaluator.

    Manuj Khurana

    0 0
  • 04/20/16--06:28: MIM Hardware Requirements
  • Hi,

    Can anyone point me to the hardware requirements for MIM? I'm only able to find it for FIM and not sure if they've changed.

    Specifically, I'm looking to see what the SQL hardware requirements are and if a virtual is OK or if we need to order a new server.

    Thanks for any help.


    0 0

    I need to get the status of a request which has been made by a user to join a specific group. I am a beginner at FIM. Came across an approach where one can query the FIM portal using XPATH queries, through  a FIMclient which can be downloaded at  codeplex. But I have no idea how to use that. I am trying to create a console application and have referenced the 'Microsoft.ResourceManagement.dll'. Code builds without errors but there is no response from FIM portal.i am not sure if I am missing out some prerequisites on using this library....Please Help!!!  

    0 0

    Hello all,

    I am creating a page where i am displaying whether the user is subscribed for a group or not and then providing appropriate options to subscribe or unsubscribe a group on Forefront Identity Manager . The point where I am stuck is how to know whether the already made request is in pending status or not. I want to show 'pending' tag for the above mentioned scenario. Is there any C# method or code to achieve this. If not please provide an approach on how to implement it.

    0 0

    Hello All,

    I want to query Forefront Identity Manager and using Lithnet.ResourceManagement library to communicate with FIM portal.

    I am installing this package through nuget package Manager. On successful installation it also adds "Microsoft.ResourceManagement" assembly by itself. On building the solution, a version conflicting error appears with respect to "Microsoft.ResourceManagement". Unable to get a workaround for this issue. Please provide suggestions.



    0 0

    Hit this oddity when hooking up a customers AD to MIM 2016.

    Some of the User Accounts have embedded CRLF in either their streetAddress or description attributes.

    When exported to the FIM/MIM MA the Description or StreetAddress attribute of MIM loses a character. It is hard to see just which one.

    On a sync from AD I get this (outbound to MIMMA)

    Modify Description  OldValue: ABC123<XYZ   New Value: ABC123<>XYZ

    Modify StreetAddress Old Value: addressline1<addressline2 New Value: addressline1<>addressline2

    I try to represent the screen representation of the unprintable char with the < and > chars above.

    I guess these characters are preserved if I was to export that data string to a DataBase, but something fishy is going on in MIM.

    How do I prevent MIM from stripping a CR or LF ????

    I managed to clean all the telephoneNumbers containing just a single blank which caused an export-not-imported error, but I didn't expect an internal trim.

    In the old days, before AD, LDAP v3 street attributes were $ delimited address line so no need for line feeds. I know this is not such a big deal except for the vast amount of unnecessary processing and data transfer.

    0 0

    Hello all,

    I am unable to add the service references in my console application which are basically WCF endpoints for interacting with Forefront Identity Manager. Unable to figure out the reason.Provide suggestions.

older | 1 | .... | 154 | 155 | (Page 156) | 157 | 158 | .... | 204 | newer