Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 174 | 175 | (Page 176) | 177 | 178 | .... | 204 | newer

    0 0

    I am currently engaged in discovering  use cases , life cycle rules and associated operations (workflows) of a Tivoli Identity Manager solution for which no requirements, as built  or use case are available.

    With the use of TIM admin access and TIM tools I am documenting the current configuration but wanted to consider the next phase. 

    Is anyone aware of a tool to migrate ??? LCR - > MPR's ; Operations to MIM Workflows, Views and ACI -> RCDC? 

    I am starting to sense a correlation between some Operations elements and MIM elements but would love to use (or develop) a solution to assist with migration. Something like we had in the good old days for Notes to SP migration - anyone remember Casahl ?



    0 0
  • 09/28/16--00:35: AD Sync - Disconnectors
  • Hello all,

    Hope I have the correct forum category for this. I see disconnectors  when I do an import from AD in AD Sync (about 800) and I think that this could be some issue, because this states that there are a lot of accounts in the CS that do not have a connection anymore with an object in the metaverse. I wonder how I can effectively find out if this is an issue and what kind of objects that are.

    0 0


    I have an interesting question about two domain and MIM configuration.

    We have one PROD domain and one TEST domain.

    In PROD we have HR DB and MS AD with prod users. AD users were syncronized to MIM.

    In TEST we have only MS AD with TEST users.

    We want to test provision of users to TEST domain before deploying them in PROD.

    As I understand, we can do it with 2 AD MA (AD MA PROD and AD MA TEST) for this domains.

    In addition, I need to create a Sync rule in Portal with use of AD MA (TEST) to provision users to TEST domain.

    We don’t need to synchronize passwords and so on for this scenario.

    What else I need to do to test this case?



    0 0
  • 09/28/16--06:51: Export FIM MA very slow
  • Hi,

    We use FIM 2010 R2 SP1 to sync a user database with AD. As explained in official links, but db in place of file)

    and official installation guides

    sync process may be DB import, DB Sync, FIM export, ...

    Howerver we noticed on the third step (FIM Export) a such slow behaviour. As far as we know, we have respected all of the guides requirements, and the server hardware configuration is quite "strong" (4 cpu x 4 cores, 16 Gb), but here are some performance data. 

    Considering 1000 entries, in a fresh FIM environnement (only one sync rule inserted in configuration, no MPR, no workflow) :

    - DB import (from db to db connector space): 18 seconds (~55 entries/s)

    - DB sync (from db connector space to MV, including FIM MA provisionning for export) : 19 seconds (~53 entries/s)

    - FIM Export : 180 seconds (5 entries/s) !!!!!!!!!!!!!!!!!!!!!!!!

    Considering we have to work with about 300 000 entries for real, and that a full cycle is such longer (after FIM Export, we may have FIM sync, AD export, AD import, AD Sync, FIM Export) with EREs and DREs to sync with FIM...

    There is something missing, something we cannot see, but what ? Anyone had similar issues ? Any way to solve this slow slow behaviour ?

    We have noticed a real cpu increase during export too. 2 or 3% during import and sync, but 40 to 50 % during export !!!


    Emmanuel IT

    0 0

    Hi Team,

    in my customer i have two oracle application, peoplesoft campus solution and oracle finance

    my customer want to implement single sign on, they already have office 365 and no Active Directory on premise

    My company propose solution using azure graph API, to authenticate directly to azure. like this schenario

    is it posible to do single authentication with oracle application using universal API? 

    can you share the workflow and logic ?



    0 0
  • 09/29/16--07:01: Password Registration Issue
  • Hello All,

    Need help!

    We have implemented SSPR in our environment and there are workflows set for a each user as per their language.

    But for one of the user while registration security question are coming in english and other description on the page is coming in his regional language.

    Kindly suggest.



    0 0
  • 09/29/16--20:35: SSPR options questions
  • Hi,

    When deploying MIM SSPR, can we:

    1. Provide one set of users with the OTP option, and another set of users with the Question & Answer option on the same MIM SSPR Portal (Registration and Reset Portal)? Or do we need multiple Registration and Reset Portals deployed linked to different Sets?

    2. Can we offer a user the both options at Registration (Question&Answer or OTP) and they can pick which one they want to register for?

    3. Say a user is registered for BOTH 'Question&Answer' and 'OTP', do they have to get both correct in order to reset their password, or is there a way for them to only get one of them correct?

    Thank you,


    0 0

    Hi All,

    When I try to connect AD via Powershell MA I am getting below error 


    The extensible extension returned an unsupported error.
     The stack trace is:

     "System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.IdentityManagement.Connector.PowerShell.Bridge.ConfigBridge.GetSchema()
    Forefront Identity Manager 4.1.3441.0"

    I get this error with both impersonation and without it.What is the access required for the impersonated account or the FIM Sync account without impersonation.Below Schema file works in other environment but not in one.

    Schema File


    Function LogWrite
       Param ([string]$logstring)

       Add-content $Logfile -value $logstring

    $Logfile = "C:\Temp\SchemaLog.txt"
    Set-StrictMode -Version 3            

    LogWrite "Start"

    Import-Module (Join-Path -Path ([Environment]::GetEnvironmentVariable('TEMP', [EnvironmentVariableTarget]::Machine)) -ChildPath 'FIM.MTAD.psm1') -Verbose:$false            

    LogWrite "Import module"

    $Schema = New-FIMSchema            

    LogWrite "Setup user schema"

    $SchemaType = New-FIMSchemaType -Name 'user'            
    $SchemaType | Add-FIMSchemaAttribute -Name 'distinguishedName' -Anchor -DataType 'String' -SupportedOperation ImportOnly         
    $SchemaType | Add-FIMSchemaAttribute -Name 'sAMAccountName' -DataType 'String' -SupportedOperation ImportOnly 
    $SchemaType | Add-FIMSchemaAttribute -Name 'name' -DataType 'String' -SupportedOperation ImportOnly                     


    LogWrite "Setup group schema"

    $SchemaType = New-FIMSchemaType -Name 'group'            
    $SchemaType | Add-FIMSchemaAttribute -Name 'distinguishedName' -Anchor -DataType 'String' -SupportedOperation ImportOnly            
    $SchemaType | Add-FIMSchemaAttribute -Name 'sAMAccountName' -DataType 'String' -SupportedOperation ImportOnly 
    $SchemaType | Add-FIMSchemaAttribute -Name 'name' -DataType 'String' -SupportedOperation ImportOnly   
    $SchemaType | Add-FIMSchemaAttribute -Name 'Members' -DataType 'Reference' -MultiValued -SupportedOperation ImportExport


    LogWrite "Setup computer schema"

    $SchemaType = New-FIMSchemaType -Name 'computer'            
    $SchemaType | Add-FIMSchemaAttribute -Name 'distinguishedName' -Anchor -DataType 'String' -SupportedOperation ImportOnly            
    $SchemaType | Add-FIMSchemaAttribute -Name 'sAMAccountName' -DataType 'String' -SupportedOperation ImportOnly 
    $SchemaType | Add-FIMSchemaAttribute -Name 'name' -DataType 'String' -SupportedOperation ImportOnly   



    0 0


    I have setup Identity Manager for the first time to use with a new SharePoint 2016 environment. I had tried to use the default AD sync but could not pictures to work there way over. I have followed a few instructions on getting MIM installed, hot fix applied, SharePoint connector installed, GitHub files downloaded, and scripts run. I am running in the issue where I cannot get the ADMA and SPMA to run successfully with the following command.

    Start-SharePointSync -Confirm:$false

    When I do I am getting two different Return Values.

    The first is for the ADMA FullSync. I get stopped-extension-dll-file-not-found. The dll listed in the ADMA Agent is SharePointSynchroniation.dll. When I navigate to the extensions folder it is not listed. Tried another extension that was and received the same error. Event viewer giving this:

    The server encountered an unexpected error:"Could not load file or assembly 'file:///C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\SharePointSynchronization.dll' or one of its dependencies. The system cannot find the file specified.
       at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
       at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
       at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark)
       at System.Reflection.Assembly.LoadFrom(String assemblyFile)
       at Microsoft.MetadirectoryServices.Impl.ScriptHost.InitializeWorker(InitializeArguments pArgs)

    On the SPMA FullImport, Export, and DeltaImport I am seeing extensible-connector-refresh-required. No clue on this one as I have no support I can locate.

    I have deleted and recreated the Run Profiles and Updated the Management Agents no avail. No users appear in the Metaverse search and no user data is getting to SharePoint from AD. Looking for advice and direction.

    0 0

    Dear all,

    Is MIM 2016 supported to be installed on SQL 2012 SP3 for synchronization and fim service components? TechNet article state SQL 2012 SP2 but do they mean this is the minimum requirement on SQL 2012?



    0 0


    Busy reading on how to enable on-prem MIM 2016 SSPR SMS/Phone Gate to use Azure MFA -

    The article does not mention anything about whether it is required that the user identities also exist in Azure AD, via AADConnect.

    So based on this article, I dont need any Azure identities for this SSPR Azure MFA solution to work then? Is that correct?

    Thank you,


    0 0
  • 10/03/16--02:03: FIM upgardation to MIM
  • Hello All,

    We have currently two environment(test and Prod) and below is there our environment .

    1) win 2008 R2

    2) .NET 3.5

    3) SQL native client 9.0

    4) SP 2007

    5) FIM versions 4.1.3613, and 4.1.3559

    Can any one please help is these versions can be supported while i am upgrading to MIM 2016.???



    0 0

    I'm running MIM2016 / FIM Portal. I am having trouble getting groups, security and DL, showing up in the FIM Portal. I have them in my test ou and I can see they were adds when I ran a Full Import on my ADMA. But when I run the MIM MA they are not provisioned to the FIM Portal. They are not listed as projections, joins, updates ... I cant seem to figure out my problem. I think I have my sync rule setup correctly, but I'm thinking that is where my problem lies. Any help would be appreciated.

    0 0

    I am trying to install MIM CA Files on a 2008 32 bits CA Server, where CLM was installed and worked fine. Here is a snipped of the log, where it failing.

    Thanks in advance for your help!


    MSI (s) (14:7C) [15:09:36:226]: Executing op: RegisterSharedComponentProvider(,,File=F_CENTRAL_msvcr100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,Component={9983C931-37BE-3C6E-AD32-8B6E789B6881},ComponentVersion=10.0.30319.460,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,PatchSize=0,PatchAttributes=0,PatchSequence=0,SharedComponent=0,IsFullFile=0)
    MSI (s) (14:7C) [15:09:36:242]: Executing op: RegisterSharedComponentProvider(,,File=F_CENTRAL_msvcp100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,Component={E822F933-C70D-3CF4-A92D-7263B8ACCF30},ComponentVersion=10.0.30319.460,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,PatchSize=0,PatchAttributes=0,PatchSequence=0,SharedComponent=0,IsFullFile=0)
    MSI (s) (14:7C) [15:09:36:242]: Executing op: CacheRTMFile(SourceFilePath=E:\Software\Certificate Management\x86\System32\Win\System\msvcp100.dll,FileKey=F_CENTRAL_msvcp100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,Attributes=512,,,,CopierFlags=0,FileSize=421200,,,,,)
    MSI (s) (14:7C) [15:09:36:258]: Note: 1: 2318 2: C:\Windows\Installer\$PatchCache$\Managed\1EE4AF45EB474514FB7C0BE2DF5D5D54\4.4.1237\F_CENTRAL_msvcp100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3
    MSI (s) (14:7C) [15:09:36:289]: Executing op: CacheRTMFile(SourceFilePath=E:\Software\Certificate Management\x86\System32\Win\System\msvcr100.dll,FileKey=F_CENTRAL_msvcr100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,Attributes=512,,,,CopierFlags=0,FileSize=768848,,,,,)
    MSI (s) (14:7C) [15:09:36:289]: Note: 1: 2318 2: C:\Windows\Installer\$PatchCache$\Managed\1EE4AF45EB474514FB7C0BE2DF5D5D54\4.4.1237\F_CENTRAL_msvcr100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3
    MSI (s) (14:7C) [15:09:36:320]: Executing op: CacheSizeFlush(,)
    MSI (s) (14:7C) [15:09:36:320]: Executing op: ActionStart(Name=REGISTERCMEVENTS,,)
    Action 15:09:36: REGISTERCMEVENTS. .
    MSI (s) (14:7C) [15:09:36:320]: Executing op: CustomActionSchedule(Action=REGISTERCMEVENTS,ActionType=3073,Source=BinaryData,Target=CAQuietExec,CustomActionData="WevtUtil.exe" im "E:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\Bin\" /rf:"E:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\Bin\Microsoft.Clm.Configuration.dll" /mf:"E:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\Bin\/Microsoft.Clm.Configuration.dll")
    MSI (s) (14:24) [15:09:36:320]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI4731.tmp, Entrypoint: CAQuietExec
    MSI (s) (14:A4) [15:09:36:320]: Generating random cookie.
    MSI (s) (14:A4) [15:09:36:336]: Created Custom Action Server with PID 7580 (0x1D9C).
    MSI (s) (14:3C) [15:09:36:382]: Running as a service.
    MSI (s) (14:3C) [15:09:36:382]: Hello, I'm your 32bit Elevated Non-remapped custom action server.
     CAQuietExec:  Invalid option rf. Option is not supported. The parameter is incorrect.
    CAQuietExec:  Error 0x80070057: Command line returned an error.
    CAQuietExec:  Error 0x80070057: CAQuietExec Failed

    Nosh Mernacaj, Identity Management Specialist

    0 0


    i wish to use MIM to connect to Data sources with Web Services exposed. Can I use

    1. The PowerShell MA to achieve this ? How Reliable\efficient is this approach ?

    2. Can i customize the Web Services Connector to achieve this for my various application identity data sources, even though the default Web Services Connector Projects are specific to Oracle, SAP, PeopleSoft etc.



    0 0
  • 10/03/16--23:17: FIM 2010 CAL license query
  • Hi Guys,

    Our client Is actually a museum/ Exhibition still not operational. We are managing identities based on user webmember registration. Basically if any visitor comes to our museum/Exhibition and if he subscribe any membership we will create a AD user account and provide access to application based on his subscription. The number of managing identities through FIM Sync engine is keep on increasing. That’s not a problem. The problem is we are going to hire 600 staffs. We want to manage 600 staffs through FIM Portal, and we plan to provide password reset portal and group management. But, in FIM Sync MV will have all web registers and 600 staffs. So, do we need to purchase only 600 CAL license or we need to buy CAL for all the users in Metaverse? Currently we have only FIM server license. Without Purchasing CAL license can we implement SSPR atleast?

    0 0


    Recently I updated FIM -> MIM SP1 for one of my customers (happily first in TEST environment). After upgrade when I open portal locally on MIM server dialog boxes are not showing any data (they are empty, infinitely "loading"). When I try to open portal from another server it is showing dialog box but if I'm trying to select something in identity picker, second dialog box is opening empty. Accessing portal from third server everything works ...

    Anyone seen something similar? As there are not errors in event log I assume it is some client issue. Are there any requirements for browser for use with MIM SP?

    These servers are as follows:

    MIM server - Win 2012 Data Center, IE 10

    other server - Win 2018 R2 SP1, IE 8

    third server - Win 2012 Data Center, IE 10

    Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

    0 0

    hi all,

    I have performed an upgrade from FIM 2010 R2 to MIM 2016 SP1 sync and service and portal. All setups finished without any error. however, when I try a refresh schema on the FIMMA or any other MA it fails with incompatible version.

    did anyone of you encounter this problem?


    0 0

    I'm in the process of setting up a new MIM Synchronization Service instance as an upgrade from FIM 2010 R2. I've installed the software, imported the database from my FIM 2010 R2 server, but I'm getting a weird error when I try to modify the MA for an Oracle Database. Anytime I try to make a change, I get this:

    followed by this:

    • I'm on FIM 4.4.1237.0
    • Windows 2012 R2
    • MS SQL 2016, local instance
    • .Net 3.5 enabled; 4.5 installed; 4.6 installed.

    Ed Bell - Specialist, Network Services, Convergys

    0 0


    A client wants to use the MIMWAL. They are currently on Visual Studio 2010 and MIMWAL requires 2012 or higher.

    Has anyone ever encountered any issues with upgrading Visual Studio and subsequent recompilation of the rules extension and workflow DLLs?

    We are trying to assess any risks before deciding to implement MIMWAL for this iteration or leave that for the next cycle.

    Thank you in advance for any shared experience with this.

older | 1 | .... | 174 | 175 | (Page 176) | 177 | 178 | .... | 204 | newer