Dear all,

I'm trying to understand how works the approval for the pam roles.

Is there a mail send to the owner? In that case, do we need to synchronize users from the corp domain?

Thanks in advance,

Yannick

I recently wanted to make a good use of an "Inbound and Outbound" synchronization rule because I read that using one "Inbound and Outbound" SR behaves similar to 2 separate Inbound and Outbound rules... didn’t seem like the case for me.

I created a Synchronization Rule (SR) with the following details:

SR name: _Inbound and Outbound

Data Flow Direction: Inbound and Outbound

Apply Rule: To all metaverse resource of this this type...

Metaverse Resource Type: group

External System: Active Directory MA

External System Resource Type: group

Outbound System Scoping Filter: accountName Equal "XYXYXYXY"

Inbound System Scoping Filter: sAMAccountName Equal "XYXYXYXY"

Relationship: accountName = sAMAccountName

I checked the following: “Create Resource In FIM” and “Create Resource in External System”

Added a dummy Outbound Attribute Flow: "Dummy Description" => description

Added some Inbound Attribute Flow: 

1. sAMAccountName => accountName

2. "Dummy DisplayName" => displayName

Then I run Delta Import and Delta Sync on MIM MA to bring the SR to the metavesre.

I created a Group in Active Directory (mytestgroup) and then run Delta Import and used the preview tool to run a Full Synchronization on it.

Here's the interesting part.

Even though mytestgroup doesn't meet the Inbound Filter criteria, it was projected to the metaverse and inbound SR was applied i.e. "Dummy DisplayName" is in the metaverse now.

However, Outbound SR were not applied and I don't have any pending export on Active Directory MA.

I changed the SR to Inbound only hoping that the Inbound Filter will work but no luck.

I eventually found out that converting it to Inbound doesn't uncheck the attribute (Outbound Scope Filter Based). So I went to Advanced View and did that and when I unchecked it, the Inbound Filter worked as expected. By the way, when you create an Inbound SR, this attribute (Outbound Scope Filter Based) is set to False so you don't run into the same problem.

By the way, when I separated the rule into an inbound and an outbound rules the result came as expected… the new group wasn’t projected to the MV because it didn’t meet the filter.

So Why does the Inbound flow apply even if it doesn't match the filter? is it a bug or am I missing something?

Hi,

Its our first time deploying AAD Connect, and we have a few questions:

We have come to this part of the AAD Connect wizard. 'Custom.net' is our internal on-premise AD forest. We don't want this namespace to be known on the Internet.

'Custom.onmicrosoft.com' is our Azure AD name. Why are both listed as 'Not Added' in the wizard?

Looking at our Azure AD domains, this is what it looks like - is this correct?

Hi,

We'd like to keep our internal namespace private (for various reasons)...are we able to setup Federation using the onmicrosoft.com name? If so, how?

thank you

Hi,

Where is the Declarative Rules GUI in AAD Connect that I see screenshots of on the Internet? for e.g. (https://blogs.msdn.microsoft.com/vilath/2016/03/02/changing-the-userprincipalsuffix-with-azure-ad-connect/)

This is what we see, and none of the options listed exposes the Declarative Rules...

Hey guys, I've installed the following setup

win2016 dc with 1 domain example.io

win2012 exchange 2016 in domain example.io

win2016 sharepoint 2016 in domain example.io

win2016 core with sqlserver 2016 (all required features installed)

But when I try to install MIM 2016 towards this env I get an error where the setup rolls back just in the end of the install:

Action 8:36:41: InstallCommonPortal. Deploying solution packs
MSI (s) (88:F4) [08:36:41:764]: Executing op: CustomActionSchedule(Action=InstallCommonPortal,ActionType=1025,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files\Microsoft Forefront Identity Manager\2010\Portal\Microsoft.IdentityManagement.SolutionPackUtility.exe" action=Install mode=ServiceAndPortal log=event SHAREPOINTTIMEOUT=180 SolutionPack=MicrosoftILMPortalCommonDlls.wsp UILevel=5)
MSI (s) (88:14) [08:36:41:764]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI8560.tmp, Entrypoint: CAQuietExec
CAQuietExec:  Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment. 
CAQuietExec:  Executing all administrative timer jobs in preparation for FIM solution pack deployment.
CAQuietExec:  Deploying microsoftilmportalcommondlls.wsp
CAQuietExec:  Adding feature for microsoftilmportalcommondlls.wsp
CAQuietExec:  An exception occurred while running Microsoft.IdentityManagement.SolutionPackUtility.exe: System.InvalidOperationException: Feature with Id '7c43ce5b-a59b-44f5-9e8a-50bd1b696145' is not installed in this farm, and cannot be added to this scope.
CAQuietExec:     at Microsoft.SharePoint.SPFeatureCollection.AddInternalWithName(Guid featureId, Int32 compatibilityLevel, String featureName, Version version, SPFeaturePropertyCollection properties, SPFeatureActivateFlags activateFlags, Boolean force, Boolean fMarkOnly, Boolean fIgnoreMissing, SPFeatureDefinitionScope featdefScope)
CAQuietExec:     at Microsoft.SharePoint.SPFeatureCollection.AddInternal(Guid featureId, Version version, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly, SPFeatureDefinitionScope featdefScope)
CAQuietExec:     at Microsoft.IdentityManagement.SolutionPackUtility.Program.DeploySolutionPack(String solutionPackName, String path, Boolean allowGacDeployment, String baseSiteURL, String siteName, String featureGUID, String scope, String webTemplate, String title, Boolean createWeb)
CAQuietExec:  An error occurred while deploying FIM portal solution packs. 
CAQuietExec:  Error 0xfffffffa: Command line returned an error.
CAQuietExec:  Error 0xfffffffa: CAQuietExec Failed
CustomAction InstallCommonPortal returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
06/28/2016 08:38:31.470 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.470 [7304]: Detailed info about C:\Windows\assembly\tmp\YROOKLR1\Microsoft.ResourceManagement.WorkflowContract.dll

06/28/2016 08:38:31.470 [7304]: File attributes: 00000080

06/28/2016 08:38:31.501 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.501 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.501 [7304]: Security info:

06/28/2016 08:38:31.501 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.501 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.501 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.501 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.501 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.501 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.501 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.501 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.501 [7304]: Detailed info about C:\Windows\assembly\tmp\OTTJ0E76\Microsoft.ResourceManagement.dll

06/28/2016 08:38:31.501 [7304]: File attributes: 00000080

06/28/2016 08:38:31.532 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.548 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.548 [7304]: Security info:

06/28/2016 08:38:31.548 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.548 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.548 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.548 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.548 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.548 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.548 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.548 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.548 [7304]: Detailed info about C:\Windows\assembly\tmp\5V9PLL46\Microsoft.IdentityManagement.Logging.dll

06/28/2016 08:38:31.548 [7304]: File attributes: 00000080

06/28/2016 08:38:31.579 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.579 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.579 [7304]: Security info:

06/28/2016 08:38:31.579 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.579 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.579 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.579 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.579 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.579 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.579 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.579 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.579 [7304]: Detailed info about C:\Windows\assembly\tmp\T7R8PJ65\Microsoft.IdentityManagement.CredentialManagement.Portal.Gates.dll

06/28/2016 08:38:31.579 [7304]: File attributes: 00000080

06/28/2016 08:38:31.626 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.626 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.626 [7304]: Security info:

06/28/2016 08:38:31.626 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.626 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.626 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.626 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.626 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.626 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.626 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.626 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.626 [7304]: Detailed info about C:\Windows\assembly\tmp\TVZQMV04\Microsoft.ResourceManagement.WorkflowContract.dll

06/28/2016 08:38:31.626 [7304]: File attributes: 00000080

06/28/2016 08:38:31.657 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.657 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.657 [7304]: Security info:

06/28/2016 08:38:31.657 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.657 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.657 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.657 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.657 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.657 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.657 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.657 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.657 [7304]: Detailed info about C:\Windows\assembly\tmp\TYI7LELF\Microsoft.ResourceManagement.dll

06/28/2016 08:38:31.657 [7304]: File attributes: 00000080

06/28/2016 08:38:31.689 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.689 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.689 [7304]: Security info:

06/28/2016 08:38:31.689 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.689 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.689 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.689 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.689 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.689 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.689 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.689 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.689 [7304]: Detailed info about C:\Windows\assembly\tmp\Z5RE5Q8L\Microsoft.IdentityManagement.Logging.dll

06/28/2016 08:38:31.689 [7304]: File attributes: 00000080

06/28/2016 08:38:31.814 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.814 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.814 [7304]: Security info:

06/28/2016 08:38:31.814 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.814 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.814 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.814 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.814 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.814 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.814 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.814 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.814 [7304]: Detailed info about C:\Windows\assembly\tmp\0K1K6OGJ\Microsoft.IdentityManagement.SmsServiceProviderContract.dll

06/28/2016 08:38:31.814 [7304]: File attributes: 00000080

06/28/2016 08:38:31.845 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.845 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.845 [7304]: Security info:

06/28/2016 08:38:31.845 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.845 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.845 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.845 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.845 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.845 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.845 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.845 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.845 [7304]: Detailed info about C:\Windows\assembly\tmp\P7KM7MVM\Microsoft.IdentityManagement.SmsServiceProviderManager.dll

06/28/2016 08:38:31.845 [7304]: File attributes: 00000080

06/28/2016 08:38:31.892 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.892 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.892 [7304]: Security info:

06/28/2016 08:38:31.892 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.892 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.892 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.892 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.892 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.892 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.892 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.892 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.892 [7304]: Detailed info about C:\Windows\assembly\tmp\YSOZX1TU\Microsoft.IdentityManagement.PhoneServiceProviderContract.dll

06/28/2016 08:38:31.892 [7304]: File attributes: 00000080

06/28/2016 08:38:31.923 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.923 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.923 [7304]: Security info:

06/28/2016 08:38:31.923 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.923 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.923 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.923 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.923 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.923 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.923 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.923 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.923 [7304]: Detailed info about C:\Windows\assembly\tmp\EA8LWS8X\Microsoft.IdentityManagement.PhoneServiceProviderManager.dll

06/28/2016 08:38:31.923 [7304]: File attributes: 00000080

06/28/2016 08:38:31.954 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:31.954 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:31.954 [7304]: Security info:

06/28/2016 08:38:31.954 [7304]: Owner: S-1-5-18

06/28/2016 08:38:31.954 [7304]: Group: S-1-5-18

06/28/2016 08:38:31.954 [7304]: DACL information: 4 entries:

06/28/2016 08:38:31.954 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:31.954 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:31.954 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:31.954 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

06/28/2016 08:38:31.954 [7304]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

06/28/2016 08:38:31.954 [7304]: Detailed info about C:\Windows\assembly\tmp\YEDSMQMB\Newtonsoft.Json.dll

06/28/2016 08:38:31.954 [7304]: File attributes: 00000080

06/28/2016 08:38:32.064 [7304]: Restart Manager Info: 1 entries

06/28/2016 08:38:32.064 [7304]: App[0]: (7304) Windows Installer (msiserver), type = 3 

06/28/2016 08:38:32.079 [7304]: Security info:

06/28/2016 08:38:32.079 [7304]: Owner: S-1-5-18

06/28/2016 08:38:32.079 [7304]: Group: S-1-5-18

06/28/2016 08:38:32.079 [7304]: DACL information: 4 entries:

06/28/2016 08:38:32.079 [7304]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

06/28/2016 08:38:32.079 [7304]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

06/28/2016 08:38:32.079 [7304]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

06/28/2016 08:38:32.079 [7304]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

Action ended 8:38:32: InstallExecute. Return value 3.
MSI (s) (88:F4) [08:38:32:079]: Note: 1: 2265 2:  3: -2147287035 
MSI (s) (88:F4) [08:38:32:079]: User policy value 'DisableRollback' is 0
MSI (s) (88:F4) [08:38:32:079]: Machine policy value 'DisableRollback' is 0

Does anyone have a slight clue on what I am doing wrong?

I have a criteria based set which should launch an mpr. The mpr launches an workflow which will delete the user.

Now we are facing an issue that sometimes users are not deleted and when we look the set members, there are still users. Also if we "re drop" users to that set, nothing happens. But then, sometimes it works as it should be.

How we can look forward to resolve this issue?

Hi Experts,

i need your help to implement the deprovision of AD account mecanism in FIM Portal.

how can i configure the  relative MPR, the sets and the Workflows ?

Regards.

Hello,

In the documentation for MIM I can read that e-mail support for MIM only includes Exchange until version 2013 SP1. Just to make sure, Exchange Online (which is 2016) is not supported? Anyone any idea if that is going to be on the development roadmap?

Workaround would be to build an Exchange 2013 server on-prem I think? We have 2x Exchange 2016 hybrid servers, so I think if I put a 2013 server next to it, I can get it to be supported?

Oh and i think I can only use this workaround to send and receive e-mail. It looks like it is impossible to provision mailboxes with MIM 2016 when you have Exchange Online? Or can we kick of a script? (Iam totally new to MIM)

Thanks! 

Hi all,

I am using ECMA 2.0 for an external application and exporting a multivalued attribute(profile list). Recently I was getting export-change not-reimported warning. object which gets removed from multivalued attribute is not getting committed. I have executed full import and full synchronize for both FIM MA and ECMA. but no luck.

Could any one advise.

Regards,

Sridhar

Sridhar

Hi,

will BHOLD be developed and supported for a while? Or is it Dead(Sunset)?

Regards

Krtistian

Hello,

Iam totally new to MIM and looking for good books about setting up and implementing MIM 2016. Are there any recommendations? I get the feeling that there are not many books about MIM 2016 cause it is quite new. Could I also use books on FIM 2010? Are there any recommendations on that?

Thanks!

Hello!

I'm trying to configure AD Groups provisioning from MIM to AD.

I have a some problems:

1. Groups from AD are empty in MIM (but attribute member is in sync rule). Also some attributes are not in sync process, for example Description of group.

2. Groups are not provisioned to AD. I get such errors:

a) Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>MembershipLocked</AttributeType><AttributeValue></AttributeValue><FailureMessage>Exception: RequiredValueIsMissing Target(s): 3937D51F-6206-43D5-A3BD-19AA1B1E310D
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: RequiredValueIsMissing
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>RequiredValueIsMissing</AttributeFailureCode><AdditionalTextDetails>An attribute is required to complete the operation.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>af4624a5-9574-47ed-8bce-594a9c86b4ec</CorrelationId></RepresentationFailures>

b) requered attributes are missing: domain,scope, membershipaddworkflow,type,membershiplocked

c) failed-creation-via-web-services

d) exported attribute is only one MVObjectID

3. Also I get errors for users sync. How I can delete my old objects from sync rules? Now my rule is applied to 1 OU(before it was for all domain as a test), objects it this OU are sync'ed in/out.

At this moment users in/out sync to and from AD is working and empty groups are transfered from AD to MIM.

Can anybody help on any problem?

Thanks!

1

I am just starting to play around with FIM Synchronization Service Manager. I have created an MA to connect to AD LDS and import user account information that I would like to use to populate AD DS. I have created MA for AD LDS and AD DS, which appear to work for populating the MV. However, the CS appear to be operating independently - the AD LDS accounts do not get synced to AD DS.

AD LDS MA

• Run Profiles - Full Import (Stage Only), Full Sync, Delta Import (Stage Only), Delta Sync
• Join/Projection Rules - container (No/Yes:person), domainDNS (No/No), organizationalUnit (No/No), user (Yes:person[upn-direct-uid], Yes:person)
• Attribute Flow - DS-user (gn/mn/sn/upn) import to MV-person (gn/mn/sn/uid)
• Importing from OU=Users,DC=S2,DC=Mydomain,DC=com

AD DS MA

• Run Profiles - Full Import (Stage Only), Export
• Join/Projection Rules - container (No/Yes:person), domainDNS (No/No), organizationalUnit (No/No), user (No/No)
• Attribute Flow - MV-person (gn/mn/sn/uid) export to DS-user (gn/mn/sn/upn)
• Exporting to OU=ADUsers,DC=S2,DC=Mydomain,DC=com

I tested as follows:

1. Create new user in AD LDS (FIM Test User)
2. Ran AD LDS MA Full Import (Stage Only) (Staging shows an account in the Add)
3. Ran AD LDS MA Full Sync (Inbound Synchronization shows account in both Projections and Connectors with Flow Updates)
4. Ran AD DS MA Full Import (Stage Only) (Staging shows accounts in Add from existing ADUsers OU, which does not currently contain my FIM Test User)
5. Ran AD DS MA Export (Step 1 and Step 2 show no changes in counter increments)

I was following/modifying one of the Sample Recipes from the book "Active Directory Cookbook". Since the two OU do not match, I am assuming there is a step I am missing where I should be changing the OU on the import from AD LDS. Any help in how to accomplish that step, or correcting missteps made above, would be greatly appreciated.

I received this error while running a Full Sync.  I checked the event logs and it looks like this was caused by my server rebooting.  I see that patches were installed and the system initiated a reboot at 11:00pm and the service appears to have stopped at 11:04pm.  What is throwing my off is the 0x80070057 (The parameter is incorrect.)  I am not sure if this is some sort of incorrect configuration parameter that needs to be changed?  Has anyone seen this?



FIM MA export getting errors failed-creation-via-web-services

Now I get 29 errors every time I run FIM export and that number keeps getting bigger. Can you help me to track down the problem and fix it?

Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>RoleId</AttributeType><AttributeValue></AttributeValue><FailureMessage>Exception: RequiredValueIsMissing Target(s): 47FC04DD-52F7-4AFE-8214-B6E5092276AD
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: RequiredValueIsMissing
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>RequiredValueIsMissing</AttributeFailureCode><AdditionalTextDetails>An attribute is required to complete the operation.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>e46fc1d8-a8fb-42a6-b241-3dc970aa4e8f</CorrelationId></RepresentationFailures>

Hi

Accidentally my ad users delete from Microsoft Identity Manager, so the metaverse data have two attribute that are populate as below:

1- CSObjectID

2-ObjectGUID

all other attribute in metaverse is NULL.

how can i to join ad users to this metaverse data?

Hi,

While integrating Bhold core site in MIM server the installation of Bhold component successfully done.But when I try to open the Url of Bhold core with Port 5151 it shows the below error,

In Event Viewer,

Source System.data Execute non query requires open and the available connection.The current connection state is closed.

I am trying to connect the B1 service with Sql server 2008 DB.

I am not sure where to look into this.

Please help me to resolve this .

Thanks.

GH