AD MA log tracing

August 14, 2016, 10:33 pm

≫ Next: Prerequisites for Microsoft Identity Management 2016

≪ Previous: it tells me i have registration problems , i click the help and its a blank page, the updates have failed 5 times now

$

0

0

Hi All,

I'm having problem where every time I try to export from my AD connector I get an unhandled exception crash from miiserver.exe. I want to enable verbose logging but I can't seem to find the "source name" attribute for the AD MA. I've tried ConnectorsLog with no luck and neither System.ServiceModel or ForefrontIdentityManager.ManagementAgent seem to log anything to do with AD. Here's the relevant section from my miiserver.exe.config file

<system.diagnostics><sources><source name="System.ServiceModel" switchValue="Verbose,ActivityTracing"
              propagateActivity="true"><listeners><add name="ServiceModelTraceListener"><filter type="" /></add></listeners></source><source name="ForefrontIdentityManager.ManagementAgent" switchValue="Verbose,ActivityTracing"><listeners><add initializeData="ForefrontIdentityManager.ManagementAgent" type="System.Diagnostics.EventLogTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                         name="ExceptionEventLogListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack"><filter type="" /></add><add name="ServiceModelTraceListener"><filter type="" /></add></listeners></source><source name="ForefrontIdentityManager.ManagementAgent.EventTracingForWindowsTraceSource" switchValue="Verbose,ActivityTracing"><listeners><add name="EventTracingForWindowsListener"
                         type="System.Diagnostics.Eventing.EventProviderTraceListener, System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                         initializeData="{C4D0C1D4-909D-481b-B011-10E682A6009C}" /></listeners></source><source name="ConnectorsLog" switchValue="Verbose,ActivityTracing"><listeners><add initializeData="ForefrontIdentityManager.ConnectorsLog" type="System.Diagnostics.EventLogTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                         name="ConnectorsEventLogListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack"><filter type="" /></add><add name="ServiceModelTraceListener"><filter type="" /></add></listeners></source></sources><sharedListeners><add initializeData="C:\FIMLogs\ForefrontIdentityManager.ManagementAgent_tracelog.svclog"
              type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              name="ServiceModelTraceListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, ProcessId, ThreadId, Callstack"><filter type="" /></add></sharedListeners><trace autoflush="true" /></system.diagnostics>

Any ideas?

Thanks

---

Prerequisites for Microsoft Identity Management 2016

August 15, 2016, 1:17 pm

≫ Next: sample APP that can mimic HR system and telephone data using SQL

≪ Previous: AD MA log tracing

$

0

0

Hi Team,

Can you please let me know what are the prerequisites required to deploy MIM 2016 

1. Hardware requirements.

2. Privileged account requirements.

3. Software requirements.

4 And process to install and if you can provide screenshots that are already implemented on some X company.

If you can provide these details its much appreciated.

sample APP that can mimic HR system and telephone data using SQL

August 16, 2016, 6:31 am

≫ Next: FIM 2010 R2 as Directory Synchronization

≪ Previous: Prerequisites for Microsoft Identity Management 2016

$

0

0

Hello,

I am not sure if there are free or trial software out there. I am currently learning MIM but i need a couple of database i can sync from. Its not really easy for me going into the database manually to populate the data.I am looking for an application that can work with Microsoft SQL which can be used to create accounts and telephone data just like in the book or anything that can be used to create data which can be written into the database.

Is there any one out there with ideas that can help? Thanks in advance

FIM 2010 R2 as Directory Synchronization

August 16, 2016, 11:09 am

≫ Next: New - Forum Ninjas Blog!

≪ Previous: sample APP that can mimic HR system and telephone data using SQL

$

0

0

Hi,

A customer is currently running on-premises Exchange 2010 and 2013 with Exchange Online Protection (EOP). All Emails flow through EOP to on-premises Edge Transport 2013 Server. When they setup EOP they used FIM 2010 R2 for Active Directory Synchronization.

Customer wants to evaluate Exchange online and we are planning to deploy Hybrid Exchange Infrastructure. We want to know that is there a way to upgrade FIM 2010 R2 to Azure AD Connect? or can we setup additional Directory Synchronization server for Azure AD Connect tool?

or can we leave FIM 2010 R2 as is for Directory Synchronization? or is there any better approach?

Thanks,

---

Thanks, Sheeraz

New - Forum Ninjas Blog!

August 16, 2016, 6:35 pm

≫ Next: New - Forum Ninjas Blog!

≪ Previous: FIM 2010 R2 as Directory Synchronization

$

0

0

Forum Ninjas blog was launched!

The Forum Ninjas blog is the official blog of the MSDN and TechNet Forum members, which means you, if you read this message.

In the "Hello world!" blog post, you can read more about: Who are we, and what this blog is about, Calling more bloggers, What’s next, and The people behind the scene. You'll also see our first interview blog post!

Visit the Forum Ninjas blog at https://blogs.msdn.microsoft.com/forumninjas/

Have fun, and feel free to send us feedback!

---

Ed Price, Azure Development Customer Program Manager (Blog,Small Basic, Wiki Ninjas, Wiki)

Answer an interesting question? Create a wiki article about it!

New - Forum Ninjas Blog!

August 16, 2016, 6:35 pm

≫ Next: FIM / MIM Provisioning users/rights to Oracle/MS SQL DB

≪ Previous: New - Forum Ninjas Blog!

$

0

0

Forum Ninjas blog was launched!

The Forum Ninjas blog is the official blog of the MSDN and TechNet Forum members, which means you, if you read this message.

In the "Hello world!" blog post, you can read more about: Who are we, and what this blog is about, Calling more bloggers, What’s next, and The people behind the scene. You'll also see our first interview blog post!

Visit the Forum Ninjas blog at https://blogs.msdn.microsoft.com/forumninjas/

Have fun, and feel free to send us feedback!

---

Ed Price, Azure Development Customer Program Manager (Blog,Small Basic, Wiki Ninjas, Wiki)

Answer an interesting question? Create a wiki article about it!

FIM / MIM Provisioning users/rights to Oracle/MS SQL DB

August 17, 2016, 5:21 am

≫ Next: FIM Synchronization Manager operations grid flickering/refreshing constantly

≪ Previous: New - Forum Ninjas Blog!

$

0

0

Hello!

Does anybody have any experience with provisioning users (or access rights) from FIM to Oracle DB or Microsoft SQL DB?

For example, I need to automate user management in connected system, which stores user accounts and access rights in their own DB.

Is this is possible?

 Thanks!

---

1

FIM Synchronization Manager operations grid flickering/refreshing constantly

August 17, 2016, 6:30 am

≫ Next: Configure Management Agent 'Connect to...' Credentials with Powershell

≪ Previous: FIM / MIM Provisioning users/rights to Oracle/MS SQL DB

$

0

0

Hello,

Since some time I encounter an issue which gets more and more annoying, especially when one need to analyse some run history details. The Operations table is being refreshed every couple of seconds and it cause refresh of all other controls (the ones containing errors and statistics). Anybody encountered this as well ? Any fixes ?

I don't remember this happening in the past I think I encounter it only in more recent versions of fim/mim and/or windows (2012/2012 R2). But it might not be related.

Thanks for any clues.

Regards,

T

---

Configure Management Agent 'Connect to...' Credentials with Powershell

August 17, 2016, 10:02 am

≫ Next: PAM project duration?

≪ Previous: FIM Synchronization Manager operations grid flickering/refreshing constantly

$

0

0

I am currently working to try and design a Powershell script to change the credentials of our management agents. We utilize a service account for the management agents to connect to our SQL Database (for the SQL agents) and to connect to our Active Directory Forest (for the Active Directory agents). The password for this service account is changed on a schedule, but this require manually updating the password for each agent via the Management Agent Designer. I would like to roll this task into a script to expedite and simplify the process.

After some research, so far I am able to enumerate the management agents:

#Get wmi object for management agents
$MAs = get-wmiobject -class "MIIS_ManagementAgent" -namespace "root\MicrosoftIdentityIntegrationServer"

#Iterate and and perform respective actions on AD and SQL agents
foreach ($MA in $MAs)
{
  if ($MA.type -eq "Active Directory")
  {
    #Looking for actions to perform here
  }

  elseif ($MA.type -eq "SQL Server")
  {
    #Looking for actions to perform here
  }
}

After much research, I'm having a difficult time locating an object or a method which can make the change I'm aiming for and was hoping to try and get some insight.

Regards,

PAM project duration?

August 17, 2016, 9:41 pm

≫ Next: Unable to Process your Request

≪ Previous: Configure Management Agent 'Connect to...' Credentials with Powershell

$

0

0

Hi,

I know this is a hard question - but anyone got an idea on what a typical PAM project might take (days/effort/duration)?

Typical project would include:

• Planning, analysis, design, development, testing, production deployment, supporting documentation, training

With a PAM project, there is another forest, another MIM instance, tweaking the existing Forest AD Groups, etc etc

Then it also depends on the number of privileged accounts, groups and the complexity of the PAM/MIM Policies.

So anyone have any idea on duration? or is this another "how long is a piece of string" discussion?

Thanks,

Sk

Unable to Process your Request

August 18, 2016, 1:10 am

≫ Next: MIM Azure MFA licensing via EMS

≪ Previous: PAM project duration?

$

0

0

Hi,

We have 2 instances of FIM (Portal+Service) installed in our QA environment. One for Admin and other for User. Now when I place a request in FIM to add a user to group, it places request successfully. End user is able to approve the request as well.

Now we have a PowerShell script to add users to group and when that is used, requests get placed successfully but Approver is unable to approve the request. When he tries to submit the request he gets a pop up stating "Unable to Process the request". This only happens when request is placed via PowerShell.

The difference I see between both request i.e. request raised directly and request raised via script is that the "Create Approval" request created in FIM has 2 different end point address referred. PowerShell uses Admin instance of fim portal and normal request has end point address as User Instance. PowerShell script does not have any reference to end point address so I am not sure why the differentiation is happening.

I checked for many other blogs regarding this issue and checked all config. Everything looks perfect. I do not see any logs logged in event viewer as well. The only error I get at the end of PS script execution is as below:

Unknown exception occurred when processing SOAP message from FIM. View the FIM error and debug logs for trouble shooting information.

The same Powershell code works good in DEV environment and we are able to approve requests there.

I have spent 2 full days in solving this but of no success. Can someone help me here?

Thanks,

---

Veena

MIM Azure MFA licensing via EMS

August 18, 2016, 1:42 am

≫ Next: MIM Portal - Responsive design

≪ Previous: Unable to Process your Request

$

0

0

Hi all,

Can anyone clarify how licensing users to perform password reset via Azure MFA works?

I understand you can configure and pay for Azure MFA for per-user or per-authentication, but what about in an EMS scenario where the user is already subscribing to Azure MFA via an active EMS subscription?  I can see nothing in the registration process that "ties" the two identities together.  So is it really the case that MIM MFA incurs additional cost?

Many thanks,

Paul.

MIM Portal - Responsive design

August 18, 2016, 5:18 am

≫ Next: In fim portal - user card - roles tab, one service roles block is not showing

≪ Previous: MIM Azure MFA licensing via EMS

$

0

0

Hi all,

I was wondering if MIM portal could be made responsive design. I know that it is not so reponsive deisgn but would there be a way to make the portal responsive design?

As it running under sharepoint foundation, I was wondering if this project on codeplex would help: https://responsivesharepoint.codeplex.com/releases/view/114361

Thanks in advance for in any insight on this matter.

Sylvan

In fim portal - user card - roles tab, one service roles block is not showing

August 18, 2016, 6:24 am

≫ Next: AD Management Configuration - decomissioning window server 2008

≪ Previous: MIM Portal - Responsive design

$

0

0

With regular FIM user in portal > user card > roles tab, one roles block is not showing, but with administrator its there, what can be wrong?

AD Management Configuration - decomissioning window server 2008

August 18, 2016, 10:52 pm

≫ Next: Missing search request logs

≪ Previous: In fim portal - user card - roles tab, one service roles block is not showing

$

0

0

Hi All,

We are in the process of decomissioning window server 2008, What are the check we need to perform from FIM side.

In Enviorement, AD management connection is forest and domain and no hard coded DC is mentioned.

When 2008 is decomissioned, does AD Management agent auto discover server 2012. 

Last used DC is server is 2008 and the option is uncheck to use prefered domain controller.

Want to understand how AD Managent auto discover ?

Please advice.

Regards,
Anirban Singha

---

Missing search request logs

August 20, 2016, 10:34 am

≫ Next: Exporting Emploee Start Date on portal

≪ Previous: AD Management Configuration - decomissioning window server 2008

$

0

0

When metaverse updated FIM, i don't see the logs in search requests. please let me know if I am missing something.

FIM has value 'A'

AD (di and ds) - triggered the value to be 'B' in FIM.

FIMMA (ex_di) - updated the value B in fim but I don't see the logs in search requests.

fimportal has the value B but no logs. what am I missing.

Exporting Emploee Start Date on portal

August 22, 2016, 5:39 am

≫ Next: Deprovisoning accounts

≪ Previous: Missing search request logs

$

0

0

Hello!

I have a problem with updating Emploee Start Date on MIM Portal.

What is in my setup:

1. SQL table with HIRE_D collumn.

2. In MV employeeStartDate is filled with data from SQL table as on example 2012-07-15 00:00:00

3.Inbound Sync rule from SQL table is in such format:

function

function name = DateTimeFormat

dateTimeString:String=HIRE_D

format:String = yyyy-MM-ddTHH:mm:ss.000

linked to employeeStartDate in MV

after this configurations I can't see anyone filled employee Start date on MIM portal.

Can anybody help?

Thanks!

---

1

Deprovisoning accounts

August 22, 2016, 4:19 pm

≫ Next: Workflow order AuthZ and Action

≪ Previous: Exporting Emploee Start Date on portal

$

0

0

Hi All

I am new to FIM and just learning the ropes.

One thing I need to get my head round is deprovisioning. Is there a tutuorial of how to implement a simple deprovisioning process between say two systems?

Thanks!

Workflow order AuthZ and Action

August 24, 2016, 5:43 am

≫ Next: FIM Portal - Ordering by localized displayname

≪ Previous: Deprovisoning accounts

$

0

0

Hi all, I've got an issue with an Authz and Action workflow. I would like to start an action workflow after an AuthZ workflow was fired regardles of the result of the AuthZ workflow. I configured an MPR and added my two workflows. But the action workflow is only fired if I accept the AuthZ workflow. Did this change form 2010 to 2010 R2 oder MIM? https://msdn.microsoft.com/en-us/library/windows/desktop/ee652475(v=vs.100).aspx

As far as I understand the article it states that the action workflow is executed after AuthZ, correct?

Carol is refering to exactly the same thing in her article.

http://www.wapshere.com/missmiis/authorization-after-an-action

Problem behind this is the fact that I need to split a user change request into multiple parts to allow approval for individual attributes.

I would like to avoid writing my own custom approval activity.

Thanks Chris

FIM Portal - Ordering by localized displayname

August 24, 2016, 6:48 am

≫ Next: Account synchronisation fails to fully provision in FIM 2010 R2 for around 1% of users, I need to perform manual edits in the FIM portal

≪ Previous: Workflow order AuthZ and Action

$

0

0

Hi,

I've setup a FIM Portal with 2 languages, the first one being the default english and the second being french.

When changing my browser language, it correctly switch between the french and the english version, but there is something that bugs me.

When I use the french version on any list of object, mostly custom ones, and then I click on "Display Name" to order them, it doesn't order the objects by their French display name but it uses the english one, even tho the display name is in french.

This is causing problem for users using the portal in french because it seem to order them randomly instead of having the expected behavior.

Is this by design or is there a way to order by the language used by the user ?