MIM Reporting Installation failed

July 14, 2016, 11:56 pm

≫ Next: MV attribute set using advanced import flow rule from multiple simultaneous MAs?

≪ Previous: Development and TEST MIM installation on single Active Directory is this possible?

Hi,I tried installing MIM Reporting component, it stopped saying "Installation ended premature".Could anyone help me?

MSI (s) (A8:E8) [07:46:31:973]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI3405.tmp, Entrypoint: EnableReportingLogging
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI3405.tmp-\
SFXCA: Binding to CLR version v2.0.50727
Calling custom action Microsoft.IdentityManagement.ServerCustomActions!Microsoft.IdentityManagement.ServerCustomActions.CustomActions.EnableReportingLogging
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.FormatException: Input string was not in a correct format.
at System.Text.StringBuilder.AppendFormat(IFormatProvider provider, String format, Object args)
at System.String.Format(IFormatProvider provider, String format, Object args)
at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.LogOperationException(Session session, String exceptionMessage)
at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.EnableReportingLogging(Session session)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction EnableReportingLogging returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 7:47:10: InstallExecute. Return value 3.
MSI (s) (A8:78) [07:47:10:254]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (A8:78) [07:47:10:254]: User policy value 'DisableRollback' is 0
MSI (s) (A8:78) [07:47:10:254]: Machine policy value 'DisableRollback' is 0
MSI (s) (A8:78) [07:47:10:270]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1223572808,LangId=1033,Platform=589824,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
MSI (s) (A8:78) [07:47:10:270]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (A8:78) [07:47:10:270]: Executing op: DialogInfo(Type=1,Argument=Microsoft Identity Manager Service and Portal)
]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434943.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434944.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434945.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434946.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434947.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434948.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434949.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494a.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494b.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494c.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494d.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494e.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494f.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434950.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434951.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434952.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434953.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434954.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434955.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434956.rbf)
MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434957.rbf)
MSI (s) (A8:78) [07Action 7:47:10: Rollback. Rolling back action:
Rollback: EnableReportingLogging

↧

MV attribute set using advanced import flow rule from multiple simultaneous MAs?

July 15, 2016, 7:03 am

≫ Next: ECMA for exporting members (Reference type) is not capturing deletes.

≪ Previous: MIM Reporting Installation failed

I'm trying to set an MV attribute, displayName, using advanced import flows based on multiple MAs. I understand that I can simply use precedence on the MAs to define the MV attibute but one value that's being used in the computation, obfuscatedPerson, is only available from one of the MAs so that approach will not work.

I can use an advanced export flow rule to take the obfuscatedPerson attribute into account but then I end up with a metaverse view that doesn't correctly represent what's being populated in the connector spaces.

Is there any way to get this to work with an import flow rule?

Cheers,

Ian Thomas

↧

ECMA for exporting members (Reference type) is not capturing deletes.

July 15, 2016, 2:54 pm

≫ Next: Problem with radio button on FIM Custom activity UI

≪ Previous: MV attribute set using advanced import flow rule from multiple simultaneous MAs?

Lets take an example of group say X keeping 4 members and 2 are deleted and 1 is added in FIM Portal and finally change is synchronized to ECMA Connector Space as shown below

1) delete ---
2) delete---
3) none---
4) none--
5) add--

when I perform export using ECMA , I do not receive the delete as (ValueModificationType.delete). Rather, I get 3 adds (ValueModificationType.add) &nbsp; -- 2 for none (not changed in FIM Portal ) and 1 for the added one. I am expecting to see the deletes as well so that i can explicitly delete the members from AD.

I have also tried the possibility of using Capabilities.ExportType = MAExportType.AttributeReplace instead of Capabilities.ExportType = MAExportType.AttributeUpdate;

Any help would be appreciated. Thanks!! Vinay
This is the code fragment I am using correctly.

Capabilities.ExportType = MAExportType.AttributeUpdate;

public PutExportEntriesResults PutExportEntries(IList<CSEntryChange> csentries)
{

PutExportEntriesResults Results = new PutExportEntriesResults();

foreach (CSEntryChange change in csentries)
{

foreach (string AttributeName in change.ChangedAttributeNames)
{
if (AttributeName == "member")
{

if (attributeChange.ModificationType == AttributeModificationType.Replace ||
attributeChange.ModificationType == AttributeModificationType.Add)
{

foreach (ValueChange value in attributeChange.ValueChanges)
{
string DN = value.Value.ToString();
if (value.ModificationType == ValueModificationType.Add)
lstaddMembers.Add(DN);
if (value.ModificationType == ValueModificationType.Delete)
lstdelMembers.Add(DN);
}

}

↧

Problem with radio button on FIM Custom activity UI

July 16, 2016, 4:47 am

≫ Next: Can I sync office 365 Unified groups with AD Connect?

≪ Previous: ECMA for exporting members (Reference type) is not capturing deletes.

Hi,

I have developed a new custom activity for FIM and deployed it. In the activity UI, we provide three radio buttons to select different options. The activity UI looks like below:

For Option 1 selection, the activity receives the string Option 1 and so on for other options. Based on that value, we run different business logic in the activity. However, I am facing issues when I select Options 2 and 3. When I select Option 2 or 3, it gets selected and the value received in the activity during execution is also proper. However, when I open the workflow to check what Option we have selected, then the UI always displays "Option 1" though it is sending values for Option 2 and 3 as expected during execution.

Any idea what can cause this error on the FIM activity UI?

↧

Can I sync office 365 Unified groups with AD Connect?

July 18, 2016, 1:19 am

≫ Next: FIM SSPR site certifcate change

≪ Previous: Problem with radio button on FIM Custom activity UI

Is AD connect handling group membership the same for office 365 unified groups?

↧

FIM SSPR site certifcate change

July 18, 2016, 1:54 am

≫ Next: Multiple Condition in IIF and do nothing if value is false

≪ Previous: Can I sync office 365 Unified groups with AD Connect?

Hello guys,

Can someone help me in identifying how and from where to change SSPR site certificate hosted on internet.

Regards,

Suman

↧

Multiple Condition in IIF and do nothing if value is false

July 18, 2016, 4:46 am

≫ Next: FIM Sync Service "extension-dll-exception" error

≪ Previous: FIM SSPR site certifcate change

Hello,

I want change DN of user if two condition is meet.

My condition Company attribute and JobTitle attribute and i want change DN of user is two attribute are meet and want nothing change if conditions doesn't happened.

Please help me that how can i do this?

↧

FIM Sync Service "extension-dll-exception" error

July 18, 2016, 6:51 am

≫ Next: MIM Hybrid Reporting questions

≪ Previous: Multiple Condition in IIF and do nothing if value is false

Could someone please help me out with this error below:

Recently, when I run a FIM Full Sync and/or Delta Sync, I've started getting this error, and I can't get new users in FIM to feed over to Active Directory, nothing has been changed in the sync ruled mentioned:

↧

MIM Hybrid Reporting questions

July 18, 2016, 8:57 pm

≫ Next: FIM 2010 - Portal Groups - Invalid Members

≪ Previous: FIM Sync Service "extension-dll-exception" error

Hi,

Looking at this article: https://technet.microsoft.com/en-us/library/mt148517(v=ws.11).aspx, it talks about installing a Reporting Agent on MIM, got a few questions:

Which MIM server do you install the Reporting Agent on? MIM Sync or MIM Service?
Must all the MIM data go to Azure? Is there a way to send it to another target system, like for example a Private Cloud SIEM system? What options do we really have?
The article also mentions creating custom reports in Azure - where is a guide on how to create these custom reports?
Is the actual Metaverse data (i.e. user metadata) replicated by this Reporting Agent?
Can we also report on Groups?
The FIM/MIM reporting solution based on System Centre shipped with 7 reports - are these available in Azure?

Thank you,

↧

FIM 2010 - Portal Groups - Invalid Members

July 19, 2016, 12:07 am

≫ Next: MIM synch engine Group Sync members in a CSV

≪ Previous: MIM Hybrid Reporting questions

Non-admin users see Invalid Members on some security groups in the portal but Admin-user doesn't see. What is the problem?

What should I check?

↧

MIM synch engine Group Sync members in a CSV

July 19, 2016, 6:24 am

≫ Next: Dynamic Approval in FIM 2010

≪ Previous: FIM 2010 - Portal Groups - Invalid Members

Hey Everyone,

i'm having this issue with a gorp sync i've been asked to implement

so basically we're synching distribution groups from notes to AD, those notes groups contain some users that were entered manually by employees (because stupid notes allows you to do that). obviously those users entered manually are not added to the AD groups because they don't exist.

so i was asked if i could add those users to the groups if they provided me with a csv file of those contacts.

i know that group membership is complex and very basic in the sync engine could you help me figure out if it's doable or is the only to have those users as contacts in notes ?

thanks !

Hitch Bardawil

↧

Dynamic Approval in FIM 2010

July 19, 2016, 7:31 am

≫ Next: Using Xpath Syntax in the text boxes on the FIM custom activity UI

≪ Previous: MIM synch engine Group Sync members in a CSV

Hello,

Our requirement is to select one approver from a drop-down list while requesting to which the request's approval should go. Is this achievable via FIM request MPR?

Regards,
Manuj Khurana

↧

Using Xpath Syntax in the text boxes on the FIM custom activity UI

July 20, 2016, 7:49 am

≫ Next: MIM Exchange 2013 Provisioning Details and Performance

≪ Previous: Dynamic Approval in FIM 2010

Hi,

I have seen certain activities in FIM that allow us to specify Xpath queries in the text boxes on the UI as below:

How do we resolve the Xpath query in the first text box? Should we resolve it in our custom activity or FIM workflow will resolve and send the value to our activity?

In my case, I am getting the string whatever I provide in the text box as is. Kindly let me know if I need to make any configuration for the workflow to get the value resolved.

↧

MIM Exchange 2013 Provisioning Details and Performance

July 20, 2016, 12:54 pm

≫ Next: Custom Search Scope

≪ Previous: Using Xpath Syntax in the text boxes on the FIM custom activity UI

Hey all,

I'm trying to make some intelligent decisions about the way to implement Exchange mailbox provisioning and deprovisioning. From what I've read, there are no out of the box methods to deprovision a mailbox. That's fine, I can deal with that using set transitions and MPRs and such.

From a provision standpoint, I see where I have two options. Use a set transistion and MPRs and such, or use the ADMA facilities.

My concern centers around the performance of these methods. In my testing of provisioning mailboxes, the portion of the PowerShell script that establishes and imports the session takes a good 5 seconds to load. The actual "work" happens very quickly. That 5 seconds isn't a big deal for one or two ro 10 or even may 100 mailboxes. But, a part of my IDM work is for schools. When school sessions start, I need to create upwards for 3000+ accounts. At 5 seconds an account, that totals up to over 4 hours. Not my idea of efficiency.

So, will the ADMA method be faster? I couldn't find anything on the details of what PowerShell scripts are sent out. My hope is that the ADMA only opens the session once, then executes all the enable-mailbox/new-mailbox commands within the same session (avoiding the repeated 5 second delay in opening the importing the session.

I'm fairly certain the MPR/Set transition implementation is going to be slow, simply because of import session load times.

Thanks,

Greg

↧

Custom Search Scope

July 21, 2016, 3:33 am

≫ Next: Error syncing according to MIM 2016 guide

≪ Previous: MIM Exchange 2013 Provisioning Details and Performance

Hello All,

We have two custom search scope to get registered and unregistered users for SSPR , But they are not working as expected.

Registered user is showing no users and unregistered user is showing total users(registered+unregistered).

Kindly suggest.

Regards,
Suman

↧

Error syncing according to MIM 2016 guide

July 21, 2016, 6:18 am

≫ Next: Get-PAMUser is not working...?

≪ Previous: Custom Search Scope

Hey guys, I'm trying to sync my AD / MIM agents according to https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/install-mim-sync-ad-service but it tries to sync my "a_eka" user which is a admin user that I used for install and to login at the portal with.

It then creates 2 user objects in the metaverse after syncing AD and when I try to Export to MIM again it fails with a ValueUniquenessViolation error on ObjectSID, I'm guessing there's some kind of mismatch?

↧

Get-PAMUser is not working...?

July 22, 2016, 2:59 am

≫ Next: How to count the connectors in a mv entry ?

≪ Previous: Error syncing according to MIM 2016 guide

I'm getting nothing. No error. Simply nothing / $NULL. My MIM is updated to the latest build. I'm running it in Windows Azure. Other PAM commandlets works as expected.

Get-PAMUser -PrivDisplayName DEMO.guys
Get-PAMUser -SourceDomain demo.lan -SourceAccountName guys
Get-PAMUser -Filter *

↧

How to count the connectors in a mv entry ?

July 22, 2016, 5:26 am

≫ Next: Downloading Software

≪ Previous: Get-PAMUser is not working...?

Hi,

I'm having a problem with my MVExtantion rule when I try to assign a new AD password to a new AD entry.

To explain myself:

When a new entry is created in the MV, it counts the number if connectors with AD:

if (0 == Connectors)
{<code that creates the AD CS entry>
}

the problem is that the MA that calls the MVExtention is called 2 times before an export to AD is made, and I think that the AD connector isn't created until the export, so the condition passes the second time.

Is that anyway to search the CS to see if the entry is already there?

Something like "Utils.FindMVEntries" but that searches the CS ?

I hope it was possible to understand my problem,

Thanks in advance for all your help,

Marc

↧

Downloading Software

July 23, 2016, 7:31 am

≫ Next: MIM PAM Questions

≪ Previous: How to count the connectors in a mv entry ?

I just signed up for the Enterprise Mobility Suite through the Office365 Portal and I want to deploy the Advance Threat Anaylitics but I can not find where to download the software, including the Gateway.

I would also like to use the Forefront Identity Manager 2016 but the same here can not find the downloads though they say I should have access to them.

Does anyone know where I can download them? They are not in my VLSC

↧

MIM PAM Questions

July 24, 2016, 11:34 pm

≫ Next: Permissions for a custom search scope

≪ Previous: Downloading Software

Hi,

Just started reading about PAM and am looking to find some detailed information as the information online is very high level: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services

Some basic questions:

1. We have an AD domain with MIM already deployed and working. If we want PAM, I understand we need to deploy another Forest - can we use our existing MIM, or do we need to deploy another MIM instance in the new Forest?

2. Where can I find a PAM deployment guide?

3. Where can I find a MIM PAM configuration guide?

4. Will the 'docs.microsoft.com' PAM website be updated, or is this it?

Thank you,

↧

Latest Images