MPR Bug Multivaled attributes? (Fim 2010 R2)

May 3, 2016, 5:35 am

≫ Next: Password registration portal won't update info

Observed some strange behavior on MPRs on multivalued attributes today:

One multivalued ref. attribute on person.

One MPR allowing the users to add values to this attribute.

No MPRs allowing anyone to remove values from the attribute.

If the user posts a request to add a value it is permitted, and a request for removing a value is denied. So far everything works as expected.

If the user makes a request that includes both an add operation and a remove operation both is permitted regardless of the lack of a MPR allowing values to be removed.

Anyone else seen this behavior?

/Ole

↧

Password registration portal won't update info

May 3, 2016, 7:12 am

≫ Next: Clearing an attribute when MA Object gets disconnected

≪ Previous: MPR Bug Multivaled attributes? (Fim 2010 R2)

Hello!

I'm trying to change the following text in our password registration portal:

This is my config in MIM portal:

I have saved and submitted the config and restarted the IIS server without success. Please help.

Kind regards,

Anthon

↧

Clearing an attribute when MA Object gets disconnected

May 3, 2016, 8:29 am

≫ Next: Powershell activity output in email notification

≪ Previous: Password registration portal won't update info

I am trying to clear an attribute in the metaverse when objects in a certain MA get disconnected.

Basically, we have some users with managed information for assets, specifically mobile phones. I am importing these managed assets into FIM as its own delimited text MA as the type asset. This import also includes the user name that can be joined with the AD user name, the mobile number for the flow import and a flag indicating it is published or not. When this asset MA object gets joined with an AD MA object because the flag for published is set, it will update the AD user properly with the correct mobile phone. When the asset MA objects gets disconnected either manually or by filter where the flag says it is unpublished, it does not remove the mobile phone. I think this is as designed as there are other MA's that also import and export the mobile attribute. What I would like to do is override this functionality for this one asset MA so that when this asset MA object gets disconnected, it will clear the mobile phone attribute for the next export to all the other MA's.

I have tried to setup a Rules extension to run if the objects in the asset MA get disconnected but it would seem that the deprovision rule is never run. It also seems that you can't update the metaverse objects when the deprovision rule is run either. I am not sure what the best way to do this is. Anybody have any suggestions?

↧

Powershell activity output in email notification

May 3, 2016, 9:09 pm

≫ Next: FIM - How to debug that Email notifications has been sent

≪ Previous: Clearing an attribute when MA Object gets disconnected

Hi,

I'd like FIM to email a notification to someone, with the contents of a previously run powershell script.

is this possible? And how does one go about it?

The powershell script is a basic: Get-ADPrincipalGroupMembership <username> - and am thinking of placing this in a powershell FIM activity? how do I flow the output of this into a multivalued FIM attribute? how do I use the //workflowdata for this?

I would like to send the result of this query to a person - so this would be a normal FIM email notification activity? and how do I use the output of the Get-ADPrincipalGroupMembership <username> in the email message itself?

Thanks,

↧

FIM - How to debug that Email notifications has been sent

May 3, 2016, 10:25 pm

≫ Next: Password reset site issue

≪ Previous: Powershell activity output in email notification

The topic says all. How can I debug that email notifications has been sent? I can only check from the requests that correct mpr has been launched, but that doesn't really tell that has the email notification processed by fim.

And in this time, I need to debug only FIM side, I don't need to debug the whole chain from FIM to email-server and so on.

↧

Password reset site issue

May 4, 2016, 4:51 am

≫ Next: Export UPN,Email into PeopleSoft on HireDate

≪ Previous: FIM - How to debug that Email notifications has been sent

Hi ,

We have migrated to MIM and we are unable to open the one of our password reset site. It throwing the error "The page can not be displayed". Could you please help me with the suggestions and resolutions.

↧

Export UPN,Email into PeopleSoft on HireDate

May 4, 2016, 6:13 am

≫ Next: Attribute Precedence in Metaverse Designer

≪ Previous: Password reset site issue

Hi,

I will get Hire Date from PeopleSoft and I wanna Export UPN, Email Values to PS again on User Hire Date based on below condition.

UPN Value one day before HireDate (ie) (HireDate-1)

Mail Value on Hire Date.

will you please explain me how can I do the same.

thanks,

venugopal.

↧

Attribute Precedence in Metaverse Designer

May 5, 2016, 4:07 am

≫ Next: FIM 2010 R2 and self service password reset

≪ Previous: Export UPN,Email into PeopleSoft on HireDate

Hi All,

I have a small but confusing question regarding attribute precedence. I was under the assumption that if we set a particular MA precedent for an attribute which is contributed by say 2 other MA, then for the first time the value in metaverse can be populated by any MA but after that the MA that was set at the top precedence in the metaverse designer only can populate the value.

But what I noticed is, after any of the MA has contributed value for the first time, this MA can still continue to contribute value until the value is populated by the precedent MA. Once it is set, its only then the precedence concept comes into picture.

Can someone guide me if i am wrong?

Thanks,

Veena

↧

FIM 2010 R2 and self service password reset

May 5, 2016, 12:14 pm

≫ Next: MIM 2016 Portal in IE11 and some more questions

≪ Previous: Attribute Precedence in Metaverse Designer

Selfservice password and registration has been working fine for the past year Until today, it stopped working. I'm not able to connect internally.

Only change that happened in the last week are microsoft patches. Are there any known issues with the patches that prevent SSPR from working?

↧

MIM 2016 Portal in IE11 and some more questions

May 6, 2016, 6:27 am

≫ Next: MIM - Object Already Exists in Management Agent

≪ Previous: FIM 2010 R2 and self service password reset

Hi!

I'm interesting in MIM 2016 and have some questions.

I have made an installation using this guides:

https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/microsoft-identity-manager-deploy

I can't create Synchronization Rule on MIM Portal. I'm using IE11(11.0.9600.18283) on Winwows Server 2012 R2 with all updates from Windows Update.

I can't click on dropdown menu to choose something.

Almost the same situation in Chrome and Firefox (latest editions)

MIM version is: Help on webpage is v. 4.3.2195.0 (patch was installed)

.NET is 4.6.2 with all security updates

I tryed to resolve case by using this links, but no success:

https://social.technet.microsoft.com/Forums/en-US/37627da2-b4b3-4da4-b793-1762d7b36b9b/mim-2016-portal-ui-bug-sync-rule-editing-outbound-attribute-flow-page-navigation-control-doesnt?forum=ilm2

https://justidm.wordpress.com/2015/01/07/fim-portal-issues-after-installing-ie11-update-kb3008923-for-win-8-1/

Can anybody say where is the problem?

Thanks!

↧

MIM - Object Already Exists in Management Agent

May 7, 2016, 1:10 pm

≫ Next: May Day! We need YOU as a TechNet FIM Guru!

≪ Previous: MIM 2016 Portal in IE11 and some more questions

We are currently migrating our student account provisioning from ILM to MIM, but I am running into an issue when trying to run a Full Sync on our SQL MA. The only other MA is our AD MA. I'm getting a provisioning error through our MV extension DLL saying that:

Microsoft.MetadirectoryServices.ObjectAlreadyExistsException: An object with DN "CN=Student Name,OU=2023,OU=BR,OU=Secondary Schools,OU=Students,OU=User Accounts,DC=our,DC=domain" already exists in management agent "Student_AD".
   at Microsoft.MetadirectoryServices.Impl.ConnectorImpl.Commit()
   at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in \\fim\c$\MIMRulesExtensions\MVExtension\MVExtension.cs:line 51

Line 51 is: csentry.CommitNewConnector(); from the code below.

 void IMVSynchronization.Provision (MVEntry mventry)
        {
            if ((mventry["employeeType"].Value == "Students") && (mventry["ou"].Value == "SECONDARY SCHOOLS"))
            {
                ConnectedMA StudentAD;
                CSEntry csentry;
                ReferenceValue dn;

                StudentAD = mventry.ConnectedMAs["Student_AD"];

                //Sets DN to "CN=[cn],OU=[division],OU=[location],OU=Secondary Schools,OU=Students,OU=UserAccounts,DC=our,DC=domain"
                dn = StudentAD.EscapeDNComponent("CN=" + mventry["cn"].Value).Concat("OU=" + mventry["division"].Value).Concat("OU=" + mventry["location"].Value).Concat("OU=SECONDARY SCHOOLS,OU=Students,OU=User Accounts,DC=our,DC=domain");

                if (StudentAD.Connectors.Count == 0)
                {
                    csentry = StudentAD.Connectors.StartNewConnector("user");
                    csentry.DN = dn;
                    csentry.CommitNewConnector();
                }

                else if (StudentAD.Connectors.Count == 1)
                {
                    csentry = StudentAD.Connectors.ByIndex[0];
                    csentry.DN = dn;
                }

                else
                {
                    string ExceptionMessage;
                    ExceptionMessage = "Multiple Connectors on Management Agent";
                    throw new UnexpectedDataException(ExceptionMessage);
                }
            }
        }

I'm certainly no expert, but it seems to me like it's getting into the wrong if statement, when it should see the connector in the Student_AD MA and try to connect with that.

I've adapted this code from our MV extension for ILM (which was written in VB) and it looks the same to me, just not sure what's going wrong. Here's the original code:

 If mventry("o").Value = "Students" And mventry("description").Value = "SECONDARY SCHOOLS" Then
                Dim stuMA As ConnectedMA
                Dim csentry As CSEntry
                Dim dn As ReferenceValue
                stuMA = mventry.ConnectedMAs("Admin_AD")
                ' Construct the distinguished name
                dn = stuMA.EscapeDNComponent("CN=" + _
        mventry("cn").Value).Concat("ou=" + _
        mventry("division").Value).Concat("ou=Users").Concat("ou=" + _
        mventry("l").Value).Concat("ou=" + _
        mventry("description").Value).Concat("dc=student,dc=our,dc=domain")
                If stuMA.Connectors.Count = 0 Then
                    csentry = stuMA.Connectors.StartNewConnector("user")
                    csentry.DN = dn
                    csentry.CommitNewConnector()
                ElseIf stuMA.Connectors.Count = 1 Then
                    ' Get the first connector and assign a new DN.
                    csentry = stuMA.Connectors.ByIndex(0)
                    csentry.DN = dn

Anyone have any advice?

↧

May Day! We need YOU as a TechNet FIM Guru!

May 8, 2016, 2:27 pm

≫ Next: Powershell for Identity Manager

≪ Previous: MIM - Object Already Exists in Management Agent

May is under way!

And the Guru early birds are showing the way!

Could this be the month that we see the best ever TechNet article in the WORLD!!?

You could be thinking it right now words of wisdom that enrich people's lives!

Technical truths and wise words of widgets and wizardry!

So many upper eyes within Microsoft adjudicate this competition, yet so few stumble on this small community and realise the potential of getting their name known in such circles!

Some of our biggest community voices and many MVPs have passed through these halls, on their way to fame and fortune.

Come and see who is making waves in all your favourite technologies.

Maybe it will be you!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

April's articles are off with the Judges. We hope to have enough votes by mid-month. They're all busy people.

Below are March's mighty winners! The full list of winners and contenders is here.

BizTalk Technical Guru – March 2016

Gold Award Winner

Johns-305

BizTalk Server: Detecting a Missing Message or Orchestration, V2

LG: "It is very deep investigation and advanced implementation. It is very helpful in real-life scenarios."
Sandro Pereira: "Good article and another great Solutions, I really prefer to avoid convoys if I can."

Silver Award Winner

Eldert Grootenboer

Using static port with dynamic behaviour

Sandro Pereira: "Once again great job Eldert! Excelent tip, well explain and in clearly way. Excellent addition to the TechNet Wiki!"
LG: "The article is somehow unclear."

Bronze Award Winner

Lex Hegt

BizTalk Tracking Cheat Sheet

LG: "It is really unknown feature, discovered by author. Kudos!"
Sandro Pereira: "Binding files are now more easy to understand thanks to you Lex. Great article."

Forefront Identity Manager Technical Guru – March 2016

Gold Award Winner

Jeff Ingalls

FIM2010/MIM2016: How to Bulk Export Connector and Disconnector Status from an AD Domain

PG: "A nice piece of "FIM/MIM bit", quick practical solution for a practical problem. Keep up the good work!"
AM: "Great article!"

Guru Award Microsoft Azure Technical Guru – March 2016

Emiliano Musso	Create Azure Database and use it via C#	JH: "Good introduction on creating, managing and connecting to good old Azure SQL DB." TN: "Good article helping developer working with Azure programmatically"
Samir Farhat	Azure IaaS V2 (ARM) Design Series : Azure Subscriptions	JH: "Everyone working with Azure uses a subscription, but do not think about seem more deply. Good overview of Azure subscriptions." TN: "A good read, nice work"
Kia Zhi Tang (Ryen Tang)	Microsoft Azure: Deploying Site to Site VPN Connection with Citrix NetScaler CloudBridge	TN: "This article is extremely helpful and provides real-world scenario. " JH: "Nice overview about using the Citrix NetScaler VPX to connect your private cloud to Azure."

Miscellaneous Technical Guru – March 2016

SYEDSHANU	EASY KIDS LEARN using MVC and AngularJS	Peter Laker: "Great article Syed, some good work this month!" Richard Mueller: "Lots of code and detailed steps. Good use of Wiki guidelines."
Santhakumar Munuswamy	Getting Started With Agent SmartWatch Apps	Peter Laker: "Very interesting! Just the kind of thing we love. I'm gonna go try!" Richard Mueller: "Great images. Good detailed steps. Perhaps this could use a TOC."
Carmelo La Monica	nternet-of-things-part-3-our-first-application.aspx	Peter Laker: "Great introduction Carmelo, thanks for sharing!" Richard Mueller: "Great images and detailed steps."

Small Basic Technical Guru – March 2016

	Yvan Leduc	How to produce a complete music chord using SoundPlay.Music in Small Basic	DEVA: "Great Music app Yvan :)" Michiel Van Hoorn: "Great, music!"
	Nonki Takahashi	Small Basic: Program	DEVA: "Great Stuff Nonki :)" Michiel Van Hoorn: "Thanks Nonki!"

SQL BI and Power BI Technical Guru – March 2016

	Greg Deckler	DAX the Language	RB: "Good article" PT: "Both entries this month are fantastic, concise articles on useful DAX applications… and since you submitted both, I don't have to pick a winner! They BOTH win! Greg, thank you for this contribution to the TechNet Wiki. "
	Greg Deckler	Aggregating Duration/Time in DAX	RB: "Another very good article" PT: "Both entries this month are fantastic, concise articles on useful DAX applications… and since you submitted both, I don't have to pick a winner! They BOTH win! Greg, thank you for this contribution to the TechNet Wiki."

SQL Server General and Database Engine Technical Guru – March 2016

	Chervine	Query Unstructured Data from SQL Server using Polybase	Peter Laker: "An awesome article Chervine, beautifully laid out and illustrated too." AN: "Very nice article!"
	FLauffer	SQL Server Storage: Checking Volumes Block Sizes	Peter Laker: "Short but concise! Good comment from Shanky re code snippets, would improve it more." AN: "Thanks for the tip!"

Transact-SQL Technical Guru – March 2016

Gold Award Winner

Diegoctn

How to recover views and procedures dropped by mistake>

Richard Mueller: "Great information that can be useful. Good example to demonstrate. Would be good to explain how the code works. Also, avoid first person and try not to write as if it is a blog post."
CA: "A good start!"

Universal Windows Apps Technical Guru – March 2016

Gold Award Winner

Manuel Cota

How to Use Microsoft's Direct Music Producer to create Music for a UWP Video Game

JH: "Music is something that makes good games great ones. Nice introduction to Microsoft's DirectMusic Producer."
BE: "Great article!"

Visual Basic Technical Guru – March 2016

Gold Award Winner

.paul.

VB.Net OOP Areas and Volumes Calculator

Carmelo La Monica: "Very useful article and very good vb net code. Congrats !"
Richard Mueller: "Nicely done, with good use of Wiki guidelines and images."

Visual C# Technical Guru – March 2016

Sibeesh Venu	Caching In Web API	Carmelo La Monica: "Fantastic topics, very detailed in all parts." AP: "Great article!"
Emiliano Musso	Create Azure Database and use it via C#	Carmelo La Monica: "Great work and very useful. Congrats for your sample." AP: "Nice sample Emiliano"
Sibeesh Venu	Chart Widgets With Server Side Data In MVC Using Angular JS And Web API	Carmelo La Monica: "Very good sample, images and code, very detailed." AP: "Very nice article!"

Wiki and Portals Technical Guru – March 2016

	Richard Mueller	Wiki: Glossary of Acronyms Specific to Microsoft	Peter Laker: "A very useful list, thank you Richard!" AN: "Great article!"
	Ed Price – MSFT	Excel Portal	Peter Laker: "A great jumping in point, worth a bookmark! Thanks Ed!" AN: "Thanks Edwardo!"

Windows PowerShell Technical Guru – March 2016

Gold Award Winner

VGSandz

Windows Auto Logon with PowerShell

Jan Egil Ring: "Thanks VGS"
Alan Carlos: "Nice article! Congrats!"
Richard Mueller: "Good use of Wiki guidelines. Good code examples. We can use some links to references."

Windows Server Technical Guru – March 2016

	Nathanaël Stassart	Build a SharePoint Server 2016 Reference Image (Sysprep)	JM: "This is a thorough, well presented and excellent article on SharePoint server deployment. Thanks for your contribution" Mark Parris: "Good Reference article." Alan Carlos: "Wow! Great article!" Richard Mueller: "Very detailed steps and recommendations. The images help. Grammar needs work."
	Kia Zhi Tang (Ryen Tang)	Nano Server: Deploying ASP.NET 5 site on Internet Information Services (IIS) Web Server	JM: "This article on deploying an ASP.NET site on IIS in Nano server is excellent! Thanks for your contribution" Mark Parris: "Nice Nano Server article, the library of information is growing." Alan Carlos: "" Richard Mueller: "Detailed steps with PowerShell code. Good use of Wiki guidelines, but the "See Also" should be links to other Wiki articles."

A huge thank you to EVERYONE who contributed an article to March's competition.

Good Luck May Gurus!

Pete Laker

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

↧

Powershell for Identity Manager

May 8, 2016, 2:52 pm

≫ Next: Attribute Flow Mapping

≪ Previous: May Day! We need YOU as a TechNet FIM Guru!

Hi,

Just wanted to share information about my 2 new powershell modules for FIM/MIM. Short blogpost about what is included and a github repro here:

BlogPost

GitHub repro

/Cheers

Tore

↧

Attribute Flow Mapping

May 9, 2016, 12:20 am

≫ Next: FM 2010 - multiple AD management agents for the same domain

≪ Previous: Powershell for Identity Manager

Hello,

I read some documents about attribute flow and synchronization rules, but i don't understand,

1- at first we must map attribute in creation of management agent

2- then we must map attribute in synchronization rule!!!

what is difference between two mapping?

please explain about the relation between attribute flow mapping in MA and Sync rules

Thanks

↧

FM 2010 - multiple AD management agents for the same domain

May 9, 2016, 12:31 am

≫ Next: Unable to open FIM Sync Manager Console

≪ Previous: Attribute Flow Mapping

Hi,

I know it's not supported to have multiple AD MAs pointing at the same domain, but I'm not sure why. I have scenario where I need to run some AD and GALSync tests and currently have multiple AD MAs pointing at the same domain, along with multiple GALSync MAs pointing at the same domain.

The main issue I'm aware of is that it's not supported and you could be in for a world of pain if you have 2 independent MAs syncing to the same object which could cause unpredictable results. Having said that, if you deliberately select non overlapping OUs, so that each object is exclusively managed by 1 MA, I think this is less of an issue.

I'm wondering if there are any other issues with having multiple MAs for the same domain?

Thanks

↧

Unable to open FIM Sync Manager Console

May 12, 2016, 4:00 am

≫ Next: FIM Password and Authentication Extensions 2010 R2 supported on Windows 10?

≪ Previous: FM 2010 - multiple AD management agents for the same domain

Hi,

I am facing a strange issue wherein all of sudden I am not able to open the FIM Sync Manager console. FIM Sync service is append running and my ID has all the required groups. When I checked event viewer I had seen the below event logged.

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{835BEE60-8731-4159-8BFF-941301D76D05}

and APPID

{835BEE60-8731-4159-8BFF-941301D76D05}

to the user DOMAIN\ACCOUNTNAME SID (S-1-5-21-1380806297-2286519638-3397210491-001234) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

I followed the below link and sorted out the error that was being logged.

https://support.microsoft.com/en-us/kb/899965

But still I am unable to open the Sync Manager Console. I see that the service account with which FIM Sync Service is running has a "when changed" date of the date since when we are facing this issue. But I am not sure what has changed. And worst part is now nothing gets logged in event viewer.

Can someone help me list out the chances of what wrong could have happened here.

Thanks,

Veena

↧

FIM Password and Authentication Extensions 2010 R2 supported on Windows 10?

May 12, 2016, 6:58 am

≫ Next: What does this MIMWAL documentation extract mean in plain English... not all of us have english as first language!

≪ Previous: Unable to open FIM Sync Manager Console

Are the FIM Password and Authentication Extensions from 2010 R2 supported on Windows 10? I can't find any info one way or the other.

↧

What does this MIMWAL documentation extract mean in plain English... not all of us have english as first language!

May 13, 2016, 1:51 am

≫ Next: MIM 2016 - Synching userAccountControl from AD to Metaverse - Full Sync needed

≪ Previous: FIM Password and Authentication Extensions 2010 R2 supported on Windows 10?

MIMWAL has some useful looking functions. I am curious about the functions: ParameterValueAdded and ParameterValueRemoved

The documentattion for ParameterValueAdded states: "Returns the added values of a multi-valued request parameter of an arbitrary request".

The example given in the wiki is: ParameterValueAdded([//Request/RequestParameter], "ExplicitMember")

What is an arbitrary request??

What I hope to do is to use this function within an action workflow triggered by an MPR monitoring adds to a multi-value attribute, FormSelectedADgroups in my case. So my action WF has the WAL Update Resources activity, and I want to call this function to act on my data.

What should the value expression be in my case?

↧

MIM 2016 - Synching userAccountControl from AD to Metaverse - Full Sync needed

May 13, 2016, 1:58 am

≫ Next: AD group membership sync issue

≪ Previous: What does this MIMWAL documentation extract mean in plain English... not all of us have english as first language!

The problem is that when synching userAccountControl number from AD to Metaverse it needs a full sync. Have anyone else noticed this kind of behavior?

I have checked that the value is updated in the connector space.

↧

AD group membership sync issue

May 13, 2016, 8:16 am

≫ Next: Password Registeration Portal - Communication Error

≪ Previous: MIM 2016 - Synching userAccountControl from AD to Metaverse - Full Sync needed

is there a limit to the size of the group membership that can be synced to the portal? I have an OU with 3 groups only on group membership is synced the other 2 have 12 thousand users and 3 thousand users. they do not sync and when I run the routing I have to delete users the portal actually send a delete update back and deletes the users out of AD

↧

Latest Images