Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 165 | 166 | (Page 167) | 168 | 169 | .... | 204 | newer

    0 0

    Hi,I tried installing MIM Reporting component, it stopped saying "Installation ended premature".Could anyone help me?

    MSI (s) (A8:E8) [07:46:31:973]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI3405.tmp, Entrypoint: EnableReportingLogging
    SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI3405.tmp-\
    SFXCA: Binding to CLR version v2.0.50727
    Calling custom action Microsoft.IdentityManagement.ServerCustomActions!Microsoft.IdentityManagement.ServerCustomActions.CustomActions.EnableReportingLogging
    Exception thrown by custom action:
    System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.FormatException: Input string was not in a correct format.
       at System.Text.StringBuilder.AppendFormat(IFormatProvider provider, String format, Object args)
       at System.String.Format(IFormatProvider provider, String format, Object args)
       at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.LogOperationException(Session session, String exceptionMessage)
       at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.EnableReportingLogging(Session session)
       --- End of inner exception stack trace ---
       at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
       at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
    CustomAction EnableReportingLogging returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 7:47:10: InstallExecute. Return value 3.
    MSI (s) (A8:78) [07:47:10:254]: Note: 1: 2265 2:  3: -2147287035 
    MSI (s) (A8:78) [07:47:10:254]: User policy value 'DisableRollback' is 0
    MSI (s) (A8:78) [07:47:10:254]: Machine policy value 'DisableRollback' is 0
    MSI (s) (A8:78) [07:47:10:270]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1223572808,LangId=1033,Platform=589824,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: DialogInfo(Type=0,Argument=1033)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: DialogInfo(Type=1,Argument=Microsoft Identity Manager Service and Portal)
    ]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434943.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434944.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434945.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434946.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434947.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434948.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434949.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494a.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494b.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494c.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494d.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494e.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\143494f.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434950.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434951.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434952.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434953.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434954.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434955.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434956.rbf)
    MSI (s) (A8:78) [07:47:10:270]: Executing op: RegisterBackupFile(File=C:\Config.Msi\1434957.rbf)
    MSI (s) (A8:78) [07Action 7:47:10: Rollback. Rolling back action:
    Rollback: EnableReportingLogging

    0 0

    I'm trying to set an MV attribute, displayName, using advanced import flows based on multiple MAs.  I understand that I can simply use precedence on the MAs to define the MV attibute but one value that's being used in the computation, obfuscatedPerson, is only available from one of the MAs so that approach will not work.

    I can use an advanced export flow rule to take the obfuscatedPerson attribute into account but then I end up with a metaverse view that doesn't correctly represent what's being populated in the connector spaces.

    Is there any way to get this to work with an import flow rule?


          Ian Thomas

    0 0

    Lets take an example of group say X keeping 4 members and 2 are deleted and 1 is added in FIM Portal and finally change is synchronized to ECMA Connector Space as shown below

    1) delete ---
    2) delete---
    3) none---
    4) none--
    5) add--

    when I perform export using ECMA , I do not receive the delete as (ValueModificationType.delete). Rather, I get 3 adds (ValueModificationType.add)   -- 2 for none (not changed in FIM Portal ) and 1 for the added one. I am expecting to see the deletes as well so that i can explicitly delete the members from AD.

    I have also tried the possibility of using Capabilities.ExportType = MAExportType.AttributeReplace instead of Capabilities.ExportType = MAExportType.AttributeUpdate;

    Any help would be appreciated. Thanks!! Vinay
    This is the code fragment I am using correctly.

    Capabilities.ExportType = MAExportType.AttributeUpdate;

     public PutExportEntriesResults PutExportEntries(IList<CSEntryChange> csentries)

                PutExportEntriesResults Results = new PutExportEntriesResults();

                foreach (CSEntryChange change in csentries)

       foreach (string AttributeName in change.ChangedAttributeNames)
                        if (AttributeName == "member")
                            if (attributeChange.ModificationType == AttributeModificationType.Replace ||
                                attributeChange.ModificationType == AttributeModificationType.Add)
                                foreach (ValueChange value in attributeChange.ValueChanges)
                                    string DN = value.Value.ToString();
                                    if (value.ModificationType == ValueModificationType.Add)
                                    if (value.ModificationType == ValueModificationType.Delete)


    0 0



    I have developed a new custom activity for FIM and deployed it. In the activity UI, we provide three radio buttons to select different options. The activity UI looks like below:


    For Option 1 selection, the activity receives the string Option 1 and so on for other options. Based on that value, we run different business logic in the activity. However, I am facing issues when I select Options 2 and 3. When I select Option 2 or 3, it gets selected and the value received in the activity during execution is also proper. However, when I open the workflow to check what Option we have selected, then the UI always displays "Option 1" though it is sending values for Option 2 and 3 as expected during execution.


    Any idea what can cause this error on the FIM activity UI?


    0 0

    Is AD connect handling group membership the same for office 365 unified groups?


    0 0

    Hello guys,

    Can someone help me in identifying how and from where to change SSPR site certificate hosted on internet.



    0 0


    I want change DN of user if two condition is meet.

    My condition Company attribute and JobTitle attribute and i want change DN of user is two attribute are meet and want nothing change if conditions doesn't happened.

    Please help me that how can i do this?

    0 0

    Could someone please help me out with this error below:

    Recently, when I run a FIM Full Sync and/or Delta Sync, I've started getting this error, and I can't get new users in FIM to feed over to Active Directory, nothing has been changed in the sync ruled mentioned:

    0 0


    Looking at this article:, it talks about installing a Reporting Agent on MIM, got a few questions:

    1. Which MIM server do you install the Reporting Agent on? MIM Sync or MIM Service?
    2. Must all the MIM data go to Azure? Is there a way to send it to another target system, like for example a Private Cloud SIEM system? What options do we really have?
    3. The article also mentions creating custom reports in Azure - where is a guide on how to create these custom reports?
    4. Is the actual Metaverse data (i.e. user metadata) replicated by this Reporting Agent?
    5. Can we also report on Groups?
    6. The FIM/MIM reporting solution based on System Centre shipped with 7 reports - are these available in Azure?

    Thank you,


    0 0

    Non-admin users see Invalid Members on some security groups in the portal but Admin-user doesn't see. What is the problem?

    What should I check?

    0 0

    Hey Everyone,

    i'm having this issue with a gorp sync i've been asked to implement

    so basically we're synching distribution groups from notes to AD, those notes groups contain some users that were entered manually by employees (because stupid notes allows you to do that). obviously those users entered manually are not added to the AD groups because they don't exist.

    so i was asked if i could add those users to the groups if they provided me with a csv file of those contacts. 

    i know that group membership is complex and very basic in the sync engine could you help me figure out if it's doable or is the only to have those users as contacts in notes ?

    thanks !

    Hitch Bardawil

    0 0
  • 07/19/16--07:31: Dynamic Approval in FIM 2010
  • Hello,

    Our requirement is to select one approver from a drop-down list while requesting to which the request's approval should go. Is this achievable via FIM request MPR? 

    Manuj Khurana

    0 0


    I have seen certain activities in FIM that allow us to specify Xpath queries in the text boxes on the UI as below:


    How do we resolve the Xpath query in the first text box? Should we resolve it in our custom activity or FIM workflow will resolve and send the value to our activity?

    In my case, I am getting the string whatever I provide in the text box as is. Kindly let me know if I need to make any configuration for the workflow to get the value resolved.

    0 0

    Hey all,

    I'm trying to make some intelligent decisions about the way to implement Exchange mailbox provisioning and deprovisioning.  From what I've read, there are no out of the box methods to deprovision a mailbox.  That's fine, I can deal with that using set transitions and MPRs and such. 

    From a provision standpoint, I see where I have two options.  Use a set transistion and MPRs and such, or use the ADMA facilities. 

    My concern centers around the performance of these methods.  In my testing of provisioning mailboxes, the portion of the PowerShell script that establishes and imports the session takes a good 5 seconds to load.  The actual "work" happens very quickly.  That 5 seconds isn't a big deal for one or two ro 10 or even may 100 mailboxes.  But, a part of my IDM work is for schools.  When school sessions start, I need to create upwards for 3000+ accounts.  At 5 seconds an account, that totals up to over 4 hours. Not my idea of efficiency.

    So, will the ADMA method be faster?  I couldn't find anything on the details of what PowerShell scripts are sent out.  My hope is that the ADMA only opens the session once, then executes all the enable-mailbox/new-mailbox commands within the same session (avoiding the repeated 5 second delay in opening the importing the session.

    I'm fairly certain the MPR/Set transition implementation is going to be slow, simply because of import session load times.



    0 0
  • 07/21/16--03:33: Custom Search Scope
  • Hello All,

    We have two custom search scope to get registered and unregistered users for SSPR , But they are not working as expected.

    Registered user is showing no users and unregistered user is showing total users(registered+unregistered).

    Kindly suggest.


    0 0

    Hey guys, I'm trying to sync my AD / MIM agents according to but it tries to sync my "a_eka" user which is a admin user that I used for install and to login at the portal with.

    It then creates 2 user objects in the metaverse after syncing AD and when I try to Export to MIM again it fails with a ValueUniquenessViolation error on ObjectSID, I'm guessing there's some kind of mismatch?

    0 0

    I'm getting nothing. No error. Simply nothing / $NULL. My MIM is updated to the latest build. I'm running it in Windows Azure. Other PAM commandlets works as expected.

    Get-PAMUser -PrivDisplayName DEMO.guys
    Get-PAMUser -SourceDomain demo.lan -SourceAccountName guys
    Get-PAMUser -Filter *


    0 0


    I'm having a problem with my MVExtantion rule when I try to assign a new AD password to a new AD entry.

    To explain myself:

    When a new entry is created in the MV, it counts the number if connectors with AD:

    if (0 == Connectors)
    {<code that creates the AD CS entry>

    the problem is that the MA that calls the MVExtention is called 2 times before an export to AD is made, and I think that the AD connector isn't created until the export, so the condition passes the second time.

    Is that anyway to search the CS to see if the entry is already there?

    Something like "Utils.FindMVEntries" but that searches the CS ?

    I hope it was possible to understand my problem,

    Thanks in advance for all your help,


    0 0
  • 07/23/16--07:31: Downloading Software
  • I just signed up for the Enterprise Mobility Suite through the Office365 Portal and I want to deploy the Advance Threat Anaylitics but I can not find where to download the software, including the Gateway. 

    I would also like to use the Forefront Identity Manager 2016 but the same here can not find the downloads though they say I should have access to them.

    Does anyone know where I can download them?  They are not in my VLSC

    0 0
  • 07/24/16--23:34: MIM PAM Questions
  • Hi,

    Just started reading about PAM and am looking to find some detailed information as the information online is very high level:

    Some basic questions:

    1. We have an AD domain with MIM already deployed and working. If we want PAM, I understand we need to deploy another Forest - can we use our existing MIM, or do we need to deploy another MIM instance in the new Forest?

    2. Where can I find a PAM deployment guide?

    3. Where can I find a MIM PAM configuration guide?

    4. Will the '' PAM website be updated, or is this it?

    Thank you,


older | 1 | .... | 165 | 166 | (Page 167) | 168 | 169 | .... | 204 | newer