MIM error on manual Join

June 16, 2016, 5:38 pm

≫ Next: ECMA 2.0 using Java API or Web Service

≪ Previous: SQL deadlocks after upgrading to MIM 2016

$

0

0

I have installed MIM Sync 4.3.2195.0. It was a fresh install and not an upgrade.

When trying to do a manual join I get the following error:

"Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.DirectoryServices.MetadirectoryServices.UI.PropertySheetBase.MMSErrorMessages.resources" was correctly embedded or linked into assembly "PropertySheetBase" at compile time, or that all the satellite assemblies required are loadable and fully signed."

After clicking OK I can see the error details which are as follows:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentNullException: Value cannot be null.
Parameter name: value
   at System.String.IndexOf(String value, Int32 startIndex, Int32 count, StringComparison comparisonType)
   at System.String.IndexOf(String value, StringComparison comparisonType)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSErrors.AdjustErrorTextForExtensionException(String& sErrorString)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.AccountJoiner.AccountJoinerControl.Join()
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
miisclient
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/miisclient.exe
----------------------------------------
PropertySheetBase
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/PropertySheetBase.DLL
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34251 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34238 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
UiUtils
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/UiUtils.DLL
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34234 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
MmsServerRCW
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MmsServerRCW.DLL
----------------------------------------
System.ServiceProcess
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
----------------------------------------
Operations
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Operations.DLL
----------------------------------------
GroupListView
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/GroupListView.DLL
----------------------------------------
MaExecution
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MaExecution.DLL
----------------------------------------
AccountJoiner
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/AccountJoiner.DLL
----------------------------------------
mmsuihlp
    Assembly Version: 0.0.0.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/mmsuihlp.DLL
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
ObjectLauncher
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectLauncher.DLL
----------------------------------------
ObjectViewers
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectViewers.DLL
----------------------------------------
Preview
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Preview.DLL
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

---

http://www.wapshere.com/missmiis

---

ECMA 2.0 using Java API or Web Service

June 17, 2016, 3:25 am

≫ Next: How do I find out who my Organization is?

≪ Previous: MIM error on manual Join

$

0

0

Is there any way of consuming a Java API or Web Service for using in ECMA 2.0 for integrating FIM 2010 with the end application?

If yes, elaborate please.

---

Regards,
Manuj Khurana

How do I find out who my Organization is?

June 17, 2016, 4:17 am

≫ Next: Error installing MIM Portal under SP2016 / Win2016 / SQL2016

≪ Previous: ECMA 2.0 using Java API or Web Service

$

0

0

I have Windows 10 and for some reason it wont allow me (this is my own personal computer) to do many things like Update my files, or turn my History settings On.  When I go into my Settings in Windows 10 in Red writing it says certain items cannot be changed because of your "Organization".  Well I am completely oblivious to this statement and I would like you to help me figure out who this Organization is that has obviously taken control of my computer.   

                                                                                                                    Please help! Thank you Tina D.

Error installing MIM Portal under SP2016 / Win2016 / SQL2016

June 17, 2016, 4:58 am

≫ Next: FIM 2010 R2 => MIM 2016 Upgrade

≪ Previous: How do I find out who my Organization is?

$

0

0

I am getting a error when trying to install the MIM 2016 Portal on the software you see in the Title.

"The features you have selected have the following prerequisites. Refer to the installation guide for more information. Please update your machine and retry the installation.

- IIS 7.0 or better

- Sharepoint



FIM 2010 R2 => MIM 2016 Upgrade

June 17, 2016, 8:52 am

≫ Next: Calculating lastLogonTimestamp (ADMA) to Boolean value to indicate inactive accounts

≪ Previous: Error installing MIM Portal under SP2016 / Win2016 / SQL2016

$

0

0

Question.

I upgraded the FIM Portal and Sync servers to MIM 2016 successfully.  I do have a third server that is used for SSPR, but that is going to be hosted later using a different vendor so I can't say that I'm interested in upgrading the SSPR server if it isn't required.

So my question is, will the old FIM 2010 SSPR work if I only upgrade the Sync and Portal servers.  I know the FIM DB get modified, so I wonder if that will prevent me from skipping the SSPR upgrade.

Calculating lastLogonTimestamp (ADMA) to Boolean value to indicate inactive accounts

June 18, 2016, 11:51 am

≫ Next: ECMA 2.0 - Error during full import to web service

≪ Previous: FIM 2010 R2 => MIM 2016 Upgrade

$

0

0

Hello. I'm importing attribute 'lastLogonTimestamp' from AD to CS and converting the value to a date via a code extension to a custom 'lastLogonTimestamp' attribute. But because this is a value which will be updated on thousands of users every day I instead want to calculate a Boolean attribute from the 'lastLogonTimestamp' date before syncing to MV.

I want my custom Boolean MV-attribute 'isActiveAccount' to flag TRUE if 'lastLogonTimestamp' is less than 90 days old, and FALSE if it's more than 90 days old.

The below extension code is what I'm currently using to translate to a date-value (re-used from another good example on syncing in 'pwdLastSet'), but how would I work with it further to instead set TRUE/FALSE on the Boolean MV-attribute 'isActiveAccount' if the date is newer/older than 90 days?

         Case "lastLogonTimestamp"
                If (csentry("lastLogonTimestamp").IsPresent) Then
                    If (csentry("lastLogonTimestamp").Value <> "0") Then
                        Dim dtFileTimeUTC As DateTime = DateTime.FromFileTimeUtc(csentry("lastLogonTimestamp").IntegerValue)
                        mventry("lastLogonTimestamp").Value = dtFileTimeUTC.ToUniversalTime().ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'")
                    Else
                        mventry("lastLogonTimestamp").Delete()
                    End If
                End If

PS: Yes, I know that 'lastLogonTimestamp' is not always thrustworthy, but I'm just going to use it as an indicator for possibly inactive accounts.

Appreciate any input!

ECMA 2.0 - Error during full import to web service

June 8, 2016, 12:04 am

≫ Next: FIM Integration with Axway application that has REST api

≪ Previous: Calculating lastLogonTimestamp (ADMA) to Boolean value to indicate inactive accounts

$

0

0

Hello guys,

I've created a management agent to call 2 webservices(one for get data, another to delete data), I've already created all the functionality but when I did Full Import then in Event Viewer I get this error:

 

The extensible extension returned an unsupported error.
 The stack trace is:
 "System.InvalidOperationException: Could not find endpoint element with name 'HTTP_Port' and contract 'SAPObtencion.SI_OS_ObtenerUsuarios' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this name could be found in the client element.
   at System.ServiceModel.Description.ConfigLoader.LoadChannelBehaviors(ServiceEndpoint serviceEndpoint, String configurationName)
   at System.ServiceModel.ChannelFactory.InitializeEndpoint(String configurationName, EndpointAddress address)
   at System.ServiceModel.ChannelFactory`1..ctor(String endpointConfigurationName, EndpointAddress remoteAddress)
   at System.ServiceModel.ConfigurationEndpointTrait`1.CreateSimplexFactory()
   at System.ServiceModel.ClientBase`1.CreateChannelFactoryRef(EndpointTrait`1 endpointTrait)
   at System.ServiceModel.ClientBase`1.InitializeChannelFactoryRef()
   at FimSync_Ezma.SAPObtencion.SI_OS_ObtenerUsuariosClient..ctor(String endpointConfigurationName)
   at FimSync_Ezma.EzmaExtension.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.1.3419.0"

I've added the reference webservice in the .sln on visual studio and did a build of the solution, obtaining 2 files -->main.dll and main.dll.config (both are on the Extensions folder), so why is not getting the info of the config file?

Could you please help me to find out what I'm missing?

Thank you so much for your response.

FIM Integration with Axway application that has REST api

June 20, 2016, 11:20 pm

≫ Next: Why is my Scope-based Synchronization rule not working?

≪ Previous: ECMA 2.0 - Error during full import to web service

$

0

0

Has anyone in here have done the integration of axway application (which has a REST api) with FIM 2010.

---

Regards,
Manuj Khurana

---

Why is my Scope-based Synchronization rule not working?

June 21, 2016, 1:00 am

≫ Next: Resource SID not flow to FIM portal

≪ Previous: FIM Integration with Axway application that has REST api

$

0

0

Hi,Is there any condition under which a scope based sync rule is not working? Something like existing code in the same Ma of missing attributes. A Policy based sync rule works fine.

I found out that the sync attributes msidmOutboundScopingFilters and the msidmOutboundIsFiltersBased were deleted or not created. So I created them. Now I get value flow and sync through these attributes but the Sync rule is still nof working.

---

GH

Resource SID not flow to FIM portal

June 21, 2016, 1:33 am

≫ Next: MIM 2016 training

≪ Previous: Why is my Scope-based Synchronization rule not working?

$

0

0

hi.

i have a problem.

attribute objectsid is not flowing to fim portal. however when i lookt at user in MV, the objectsid is presen which means that sid is flowing from AD to Metaverse. but it does not flow to FIM portal, because all users in fim portal has no resource sid value.

what can be the problem?

MIM 2016 training

June 21, 2016, 3:20 am

≫ Next: Can't create the Mail File from FIM 2010 with user in Lotus Notes 8.5

≪ Previous: Resource SID not flow to FIM portal

$

0

0

Hi!

At work we are looking for MIM 2016 training for few people that had no experience with FIM/MIM at all, but have good backgroup with AD, SQL and some Exchange.

Can anybody recommend any company that offer training? I don't see any current Microsoft official training.

We found only this company that offer MIM training and they look quite acurate. Anybody can give feedback about them  https://ocglearning.com/courses/mim-foundation/

https://ocglearning.com/courses/mim-advanced/

Training location is not big problem, probably we can get enought budget to bring trainers or travel or do it online

---

-- cesaru77--

Can't create the Mail File from FIM 2010 with user in Lotus Notes 8.5

June 22, 2016, 2:12 am

≫ Next: How to configure FIMSERVICE@domain.com ID to office 365

≪ Previous: MIM 2016 training

$

0

0

Hi,

I have successfully created a "Person" in Lotus Domino with the flag _MMS_UseAdminP = 'true'. However, the .nsf file has not been generated during the creation of person.

After reading the following article:

https://social.technet.microsoft.com/Forums/systemcenter/en-US/9459ba8a-d9b3-420a-8425-7dad12a55f20/create-users-mail-file-form-fim-2010-together-with-user-in-lotus-notes?forum=identitylifecyclemanager

I understand that the creation of Mail File might need to wait for the Admin Process Schedule, here are my questions:

1. How to trigger the admin process immediately?

2. Could anyone provide the madatory fields for the creation of the normal User with Mail File?

I have already set values for the mail related attributes: 

MailServer = "CN=xxx/OU=xxx/O=xxx", MailFile="mail\"+accountname, _MMS_UseAdminP = "true", _MMS_Password, _MMS_IDRegType = 1, _MMS_IDStoreType = 1, anything missing?

3. Why I could not export the user to Lotus Notes if my _MMS_AdminP set to "false" or _MMS_IDStoreType = 2?

Any insight or idea are welcome.

Thanks a lot!!!

How to configure FIMSERVICE@domain.com ID to office 365

June 22, 2016, 3:02 am

≫ Next: FIM Security Group

≪ Previous: Can't create the Mail File from FIM 2010 with user in Lotus Notes 8.5

$

0

0

Hi,

After migrating our on premise exchange mailbox of FIMSERVICE@domain.com, the email triggering for any new Login or Email has stopped. How to resolve this?

FIM Security Group

June 22, 2016, 2:03 pm

≫ Next: FIM/MIM Question - using Metadirectory for applications or queries?

≪ Previous: How to configure FIMSERVICE@domain.com ID to office 365

$

0

0

Assume there are two security groups - "Sec_Grp_A" and "Sec_Grp_B". I have made, Sec_Grp_A as owner of Sec_Grp_B. Now, the people who are part of Sec_Grp_A should be able to manage Sec_Grp_A (that's my assumption). Is it correct?

In my case, the members of Sec_Grp_A are not able to see Sec_Grp_B under their "My Security Groups" or "My SG Memberships". Can you please help me understand why? I see only individual owners can see. How I can make "Sec_Grp_B" visible to the members part of "Sec_Grp_A".

Appreciate your help. Thanks.

---

Aritro Chattopadhyay

FIM/MIM Question - using Metadirectory for applications or queries?

June 23, 2016, 12:59 pm

≫ Next: Can I use Azure VMs to test AADConnect?

≪ Previous: FIM Security Group

$

0

0

I'm new to understanding FIM or MIM. 

Looking over the architecture, I'm curious as to what real world scenario is used in terms of utilizing this data.

Say in the synchronization service, the metaverse collects for an identity "John Doe" that from AD, their employee # is 123456. Then from an HRIS database, that John Doe's personal address is 123 Microsoft Rd.

then if we have a tool that queries this information, such as something like a password reset tools that requires verification of that info, do you connect that tool to the FIM/MIM Metaverse directly like like an LDAP query? 

Is Powershell able to query the metaverse database of the aggregated data collected? 

Or would you just have it to an export to a secure database like ADLDS and query it? 

---

Can I use Azure VMs to test AADConnect?

June 23, 2016, 9:08 pm

≫ Next: 'Private Sub User_Provisioning(ByVal mventry As MVEntry)' is not starting

≪ Previous: FIM/MIM Question - using Metadirectory for applications or queries?

$

0

0

Hi,

So, we have an Azure subscription - with Azure AD up and running.

We have also setup a test AD environment as an Azure VM.

Can we deploy the AADConnect toolset, to test things, inside the Azure VM, in order to connect to the Azure AD?

Cheers

SK

'Private Sub User_Provisioning(ByVal mventry As MVEntry)' is not starting

June 24, 2016, 12:41 am

≫ Next: How to deprovision AD account and keep it in the Metavers?

≪ Previous: Can I use Azure VMs to test AADConnect?

$

0

0

Hi,
I'm working on deprovisioning and moving an ADDS account as describe here: http://www.wapshere.com/missmiis/account-deprovisioning-scenarios#Metaverse

The private sub 'Private Sub User_Provisioning(ByVal mventry As MVEntry)' is not starting. I have no better ways of describing it. I placed it under the public sub Provisioning. When I tried to place it in the Provisioning sub I got several #C errors so I stopped right away. Do you have an y Idea why the code is not being called?

 There's no error. No throw. No event in the event viewer.  When running in with Visual Studio in debug mode a break-point is ignored as well.

---

GH

How to deprovision AD account and keep it in the Metavers?

June 24, 2016, 7:18 am

≫ Next: For Exchange 2013, enable ActiveSync based on AD group membership

≪ Previous: 'Private Sub User_Provisioning(ByVal mventry As MVEntry)' is not starting

$

0

0

Hi,

I need to Deprovision AD account and keep them in the Metavers. How do I do that with Extensions? Pleas explain the logic of things:

When / how is the 'Public Function Deprovision(ByVal csentry As CSEntry) As DeprovisionAction Implements IMASynchronization.Deprovision' called? What is triggering it? How?

---

GH

For Exchange 2013, enable ActiveSync based on AD group membership

June 24, 2016, 9:09 am

≫ Next: Required Database Permissions for a SQL Server Management Agent for Export

≪ Previous: How to deprovision AD account and keep it in the Metavers?

$

0

0

Hi,

May I know using FIM 2010, In Exchange 2013 - how to enable/disable ActiveSync based on AD group membership.

Any help/suggestion would be much appreciated.

Thanks in advance.

Regards,
AP

Required Database Permissions for a SQL Server Management Agent for Export

June 24, 2016, 12:42 pm

≫ Next: MIM PAM Role Approval

≪ Previous: For Exchange 2013, enable ActiveSync based on AD group membership

$

0

0

Well, I think the title tells most of the story.

I have a SQL Server MA that needs to write some information back to a table.  That information is used to process and generate additional data (into the same table) that is later imported and flowed through the other MAs. 

When I run the export, I'm getting a "permission-issue" reported back from the MA.  I ran a SQL profiler trace on the database and captured the calls.  It's connection as the management agent account, and that account has select, insert, update and delete rights to that table.  The only error in the trace occurs immediately after the insert statement and is "Cursor is not open".

I made the MA account a db_owner of the database; same error.  There's no way I'd get sysadmin rights to fly, so I didn't even try it.

What am I missing?  I can't find the permissions requirement for the sp_opencursor statement.  But, that's for another forum.

Thanks,

Greg