Articles on this Page
- 04/21/16--04:15: _Unable to start For...
- 04/21/16--14:29: _Cannot view informa...
- 04/21/16--20:29: _Forefront Identity ...
- 04/21/16--21:47: _How to manage MIM G...
- 04/24/16--11:09: _Sync user account p...
- 04/24/16--23:26: _Disabling Active Di...
- 04/25/16--22:09: _FIM - Manager can't...
- 04/26/16--09:37: _unable to import Ma...
- 04/26/16--22:13: _Forefront Identity ...
- 04/27/16--09:57: _Custom DLL - fails ...
- 04/27/16--11:38: _MIM 2016
- 04/28/16--05:22: _Hot Fixing FIM - Ho...
- 04/28/16--08:41: _Synchronization Rul...
- 04/28/16--21:44: _Why MIM Reporting S...
- 04/28/16--23:15: _Portal error - serv...
- 04/29/16--03:19: _Portal dropdown fie...
- 04/29/16--16:21: _mmsmafim: MIIS.Mana...
- 05/01/16--15:13: _Microsoft announces...
- 05/02/16--05:47: _Mail Attribute - ex...
- 05/03/16--02:56: _Issues with attribu...
- 04/21/16--04:15: Unable to start Forefront Identity manager service
- 04/21/16--20:29: Forefront Identity Manager Service
- 04/21/16--21:47: How to manage MIM Group members not part of OU that MIM connected .
- 04/24/16--11:09: Sync user account password between two diffrent forest without trust
- 04/26/16--09:37: unable to import Management Agent
- 04/27/16--09:57: Custom DLL - fails to load
- 04/27/16--11:38: MIM 2016
- 04/28/16--05:22: Hot Fixing FIM - How to do that?
- 04/28/16--08:41: Synchronization Rule Selection in a Workflow
- 04/28/16--21:44: Why MIM Reporting SQL jobs exist, if MIM Reporting is not deployed?
- 04/28/16--23:15: Portal error - service not available
- 04/29/16--03:19: Portal dropdown field - many values - best solution
- 05/01/16--15:13: Microsoft announces retiring Identity and Access
- 05/02/16--05:47: Mail Attribute - exported change not re-imported
- 05/03/16--02:56: Issues with attribute flow
I am trying to start User Profile Synchronization service but having no luck. It stucks at 'starting' status.
I am running the UPS service as Farm Account.
Farm Account is a member of local Administrator group.
I have tried several approaches but none seems to be working. Provide suggestions.
Please I need help, because I cannot see information about my users in MIM 2016 Portal, however when I query the FIMSynchronizationService database, I can see that the information in the Attributes are inserted.
Could you help me please to know, why I can't see the users in the MIM Portal?
Thank you Guys.
I figured out that my Forefront Identity Manager service is not running.
Is it the reason because of which I am unable to interact with the FIM portal through code.
I'm having an issue with MIM AD Group members get dropped off from MIM sync , when particular user not in same AD containers that MIM is connected . seems to me MIM is not ware of this users not in other OUs!!
Is there any workaround to manage AD Groups members that not a MIM user?
Thanks in advance .
I want to sync user account password between two diffrent forest without trust.
after I searched In internet ,I found some DOC In technet with MIM 2016 Guide in order to run this senario ,I tryed but It dose not work,
I really stuck and dont know how to solve it,
you will be kind enought if you help me.
i have a very basic but fundamental question regarding the MIM sync engine. We have successfully launched MIM company-wide and are very happy with the results. However, we recently did a code review for all our Rules Extensions (Import and Export) and found that there is some kind of inconsistency:
Sometimes we use Export-Flow to do a specific task in one MA and then an Import-Flow for the same task in another MA. Thats something we want to fix asap.
I give you an example:
If we want to disable an Active Directory Account based on the employement-state which is coming from our HR-MA, we have two options:
Option 1: Set "userAccountControl" (CS-Attribute) on the Export-Flow of the AD-MA
In this szenario, we are checking the mventry["employementState"] during export-run and set the csentry["userAccountControl"]-Attribute. Next time the Import from AD-MA would then write the "userAccountControl"-Attribute into the"userAccountControlADMA1"-Attribute in the Metaverse.
Option 2: Set "userAccountControlADMA1" (Metaverse-Attribute) on the Import-Flow of the HR-MA
This time, we set the Metaverse-Attribute "userAccountControlADMA1" based on the csentry["employementState"] inside the import-run of our HR-MA. This would simply export the new "userAccountControl"-Value to the AD-MA on the next export-run.
From what i understand, both are options that should work fine. However, what is the best practice option here?Check the Metaverse on Export to AD-MA or set the Metaverse-Attribute on Import from HR-MA?
Many of you should have done this in either one of those ways. What are your experiences and suggestions?
Or am i not getting something fundamental here? :)
I have created policies that managers can add users to groups. The problem is that this is working only when the group's join restriction is owner. If the join restriction is set to None, then the manager gets access denied error and can't add user to a
What could be the problem?
I am try to import galsync Management agent in my lab machine unable to do it getting this error
"Object Reference Not Set To An Instance Of An Object"
I've taken the default GALSync source code from the FIM server and copied it to my PC as described in the blog below. I've renamed the project and assembly to ContosoGAlsync.
I've then open the project solution using Visual Studio 2012 and added references for:
I've then compiled my project on my local PC and then copied ContosoGalSync.dll to my FIM server. I've then added the rules extension to the GALSyncMA for ContosoGalSync.dll and within the Synchronization service options.When I run my GALSync MA, I'm now hitting an error:
The required rules extension ContosoGalSync.dll could not be loaded. Verify that the rules extension is located in the extensions directory. User Action Verify that the rules extension is located in the Extensions directory. If the extension is present, confirm that the version of the .NET framework that can run the extension is installed on the server and that a supportedRuntimes entry in the configuration files specifies that version. The synchronization engine will not be able to load an extension that is built with a newer version of the .NET framework than the version of the .NET runtime it is hosting.
Should I be able to take the default GALSync code, recompile it using VS 2012 and then re-run the GALSync MA without any issues?
Im trying to deploy MIM 2016 Add-ins and extensions via sccm 2012. The command I am trying is
msiexec /i "Add-ins and extensions.msi" /quiet ACCEPT_EULA=1 ADDLOCAL=PasswordClient RMS_LOCATION=coavmim02.xxxxxx.intranet REGISTRATION_PORTAL_URL=http://passwordregistration.xxxxxx.intranet
Can someone tell me whats wrong with my command? Trying to install without MIM Add-in for Outlook.
Is there any best practises or something how to Hot Fix FIM? What backups should I take, what account should I use and so on?
I'm trying to get a grasp of using MPRs, Workflows, Sets to manage users from the FIM portal, instead my current method of using rules extensions. When trying to define a workflow, using a sync rule action, the drop down to select the sync rule only shows the inbound sync rules. Why not the outbound ones. That's the one I need to select.
I didn't see any settings in the portal that looked to control this. Is there a configuration value somewhere that needs to be changed?
Have just deployed MIM Sync and MIM Service/Portal. Definitely did not deploy MIM Reporting.
Why does the MIM installer deploy these jobs if they are not required?
I have setup MIM on SharePoint 2013 with a domain account eg dom\AccntA. After installation when I try to open the portal, I get an error "service not available". I changed web.config to show me a bit more of a meaningfull error:
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[NullReferenceException: Object reference not set to an instance of an object.]
Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key) +266
Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key) +25
Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource) +43
Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e) +46
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1069.1
but it still doesn't mean a thing to me.
Eventviewer shows an ASP.NET error:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 4/29/2016 2:27:24 PM
Event time (UTC): 4/29/2016 4:57:24 AM
Event ID: ffba74342d674de691794a14a92f76cf
Event sequence: 8
Event occurrence: 2
Event detail code: 0
Application domain: /LM/W3SVC/39381490/ROOT-1-131063786362477129
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\82cdc9554c-50b9-4a20-bede-f2cd6a8ae01c\
Machine name: <PORTAL SERVERNAME>
Process ID: 1848
Process name: w3wp.exe
Account name: domain\SVC_SharePoint
Exception type: NullReferenceException
Exception message: Object reference not set to an instance of an object.
Could it have something to do with the domain\SVC_SharePoint referenced or the fact that it is Microsoft .NET Framework Version:4.0.30319 and ASP.NET Version:4.6.1069.1?
I need to do a dropdown menu which should contain at least 100 (company names) values. What is best way to do that? It should be quite easily upgradeble and should also give a good user experience.
Or should I think a whole new resource for that?
I have deployed a MIM 2016 Sync-Service server with SQL 2014 on a seperate server. I am trying to make a test Management Agent, following the link below, but
mmsmafim: MIIS.ManagementAgent.ManagedMACredentialFailureException: Failed to connect to the specified database with the given credentials.
at MIIS.ManagementAgent.RavenMA.InitializeConnection(XmlNode connectionInformationNode, XmlNode encryptedAttributeNode, Boolean runInitialization)
at MIIS.ManagementAgent.RavenMA.UIInitialize(String pszInitString, Int32& pfValid, String& ppszResult)
However, the credentials I use (the account running the FIM windows service) is correct, it has dbowner rights on the created database in SQL. Can login to either the MIM or the SQL Server with the account, etc. What am I missing? No time skew on the servers.
https://technet.microsoft.com/en-us/library/mt219040.aspx (Configure MIM Sync to Synchronize from Active Directory to MIM Service)
Looking at this article: https://www.linkedin.com/pulse/microsoft-announces-retiring-identity-access-richard-blackham
A number of my clients have decided to stop their current FIM/MIM projects and re-evaluate other IDM vendors and products.
So based on this, I assume there will be no subsequent MIM product release?
Any new IT people should not bother learning MIM?
Any existing FIM/MIM IT people should start looking at other specialisations/vendors as their job is on the line?
This is rather sad...
what are your thoughts on this announcement?
I have 2 Exchange 2010 forests, let's say contoso and widgets. I'm using the Out of the box GALSync MAs with some code adjustments. I have a requirement to set the AD mail attribute in each forest to something other than the primary SMTP and I have written some code to manipulate the mail attribute upon import into the MV as below.
The code checks whether a user is in scope for processing and then returns an appropriate @contoso.com address from the proxyAddresses before setting the mail target. This works fine for importing addresses into the MV, I can see the correct address is modified in the MV and the logs show the mail attribute as being of type @contoso.com.
searchedaddress = SearchForContosoAddresses(csentry("proxyAddresses").Values.ToStringArray, "@contoso.com")
Select Case csentry.ObjectType
'Check user is in scope for processing
If (Len(searchedaddress) > 1 And CheckUserScope(csentry("sAMAccountName").Value)) Then
'set the mail attribute
Log("Setting AD mail atrribute for user " & csentry("sAMAccountName").Value.ToString & " as " & searchedaddress)
'set the AD mail attribute
mventry(MAIL).Value = searchedaddress
'Use default values
mventry(MAIL).Value = csentry(MAIL).Value
Upon export, there are no errors, but I hit an error on import whereby the change is not imported. In the target AD the mail attribute is not set correctly.
Please advise how I can get the mail attribute to set correctly. I can't use the suggestion below as I don't want to set the primary SMTP.
Thanks in advance
We are having synchronization issues of an attribute value for few records in our FIM 2010 R2 environment.
X in Connector space(CS) is mapped to Y of Metaverse(MV) via rules extension.
The record which has issue is already joined to MV without the value Y as X is not present in CS.
Now we have new value for X coming from source.The new value comes to CS on FI as an update.
After Delta Synch X doesn't flow to Y in MV and CS record does not have any add/modify but "none" indicating that the update is Synchronized.
No issue in the rule as on Preview -Full Synch the value flows from X to Y.
Full Import and Delta Synch are run in two steps
Why is X not flowing to Y on Delta Synch?