2 object types - user and sponsorship. Each user has a sponsor and a sponsorship.
I am trying to create a set of those sponsorships, the sponsor of which has an active sponsorship (future termination date).
I have the first set as
Now I am trying to create the set that I want as below:
But this one is not producing correct result. I am getting some sponsorships in the set which have inactive sponsor(sponsorship of the sponsor expired).
Any help please?
Hi all.
I'm currently working on a project. It includes connecting Exchange servers of 20 companies so they can route mail to each other, and be able to send email to every user in each domain without knowing his email address. e.g when they put"T" in "To" field in microsoft outlook, it autocompletes names starting with T in each domain.
Since Federated Sharing doesn't do GALsync, I suggested using Microsoft Identity Manager 2016 to sync GAL between domains automatically. But i have a couple of questions.
1.Does MIM 2016 SP1 support Exchange GALsync for Exchange 2016? (Document says it doesn't, but I heard some microsoft tech guy at Summit in UK said it does and i really hope it does)
2.Does MIM 2016 Evaluation software support Exchange 2013 CU 14? (Cause it couldn't detect our setup)
3.Is there any possible way to do a failover installation of MIM 2016 on 2-3 servers?
4.Is there any trick/extra thing to do for instaling MIM 2016? (Cause after we installed it, FIM 2010 R2 popped up (without SP1), so it couldn't detect Exchange 2013)
5.Is there any way to test out MIM 2016 SP1? (It's only available on MSDN accounts)
Thanks in advance
this post is provided as is, with no warranties/guarantees
Hello all,
we have recently upgraded from FIM 2010 R2 to MIM 2016 SP1. The upgrade went fine however, there is one single thing not working in the portal. when we open a workflow and go to the activities, and we select the drop down arrow to view and load the properties of an activity, we get "unable to process request". If i want to create a new workflow, i can successfully load the list of activities and save however when i want to view the activities of the saved workflow i get the error again. The error even happens in out-of the box workflows and activities. The Sharepoint version is 2010 foundation
The event viewer shows the error "the portal was unable to complete a request and showed the user the default error page". I have enabled verbose logging in the web.config file of MIM portal and got the following two additional errors:
- ErrorHandlingModule.HandlePortalException: The following error is not handled through FIM components :An exception of type 'System.Web.HttpUnhandledException' was raised
- ErrorHandlingModule.HandlePortalException: There is an error. The error detail is not reported by IIS.
I have opened a case with MS since 3 weeks now, but still no progress. Any chance someone can help?
thanks
MM
Hi folks
Product: MIM 2016 (SSPR)
We're currently using MIM 2016 purely for SSPR to sync against one domain. Everything is working as expected fine and dandy; users are able to Password Register and Reset etc. No issues there. Recently, the MIM 2016 Portal admin account
object was a) changed in AD from usernameA to usernameB and this AD object was moved into a new OU once the username was changed. The following day, we tried to log into the MIM 2016 Admin Portal and I got the following error:
I then checked for the new username using Metaverse Search within Synchronization Services Manager and could not find the modified username, only the old one. I tried the old username and this too would not let me log into the Admin Portal either - same error as above.
I then performed an Export, Full Import (Stage Only) followed by a Full Synchronization on both the MIM Management Agent and the same again on the MIM AD Management Agent. I still couldn't see the correct (changed) username in the metaverse and obviously still couldn't log in to the MIM 2016 Admin Portal (as above error again).
I then modified the MIM AD Management Agent within the Directory Partitions to include the new OU (to sync in) with the renamed/moved MIM 2016 admin account to sync across. I then performed an Export, Full Import (Stage Only) followed by a Full Synchronization on both the MIM Management Agent and the same again on the MIM AD Management Agent. I could then see the renamed MIM 2016 Admin account but still couldn't log in. I now realise that this should be a flow filtered account to protect the MIM 2016 admin account but was not aware of this at the time.
What is the current status on this account, based on the above? Has it gone? Am I blocked now from accessing the MIM 2016 Portal? I search and see the new account in the MIM 2016 metaverse and it exists but I cannot log into the MIM 2016 Admin Portal - I get the error above. The account was modified and moved to a new OU in AD and not deleted and then the changes (I assume) sync'd in. Have I lost access to the MIM 2016 Admin Portal or can I still access the system?
I found the following article recently - https://www.ccrossan.com/blog/identity-management/fim-portal-no-access-for-fim-admin-account/ - which uses a Powershell script to set the AccountName attribute of the MIM Admin account - identified by a well-known admin user GUID) - is this attribute different between FIM 2010/R2 and MIM 2016? Is this Powershell script of any use here?
If someone could assist me here in any way I can get access back to the Admin Portal, I'd appreciate it. Has the account in the MIM 2016 Admin Portal been deleted? Surely not, as I can see it - it has just had a modification.
Any help on this, really, really appreciated folks! :)
My client was recently acquired. The new corporation has 2 AD forests, that are syncing accounts to one O365 tenant. Some of the employees have managers from the new firm. What is the recommended best practice for maintaining the Manager attribute in this scenario?
I'm thinking that they should use FIM/MIM with Azure AD Connect, but I don' t know how to do that .
Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365
Hi,
We have setup MIM SSPR Registration Portal deployed on URL http://PasswordRegister.company.com
The URL loads, but when we click to register, the following error appears:
Event Log shows the following:
The error page was displayed to the user.
Details:
Title: Access denied.
Message: Error processing your request: The operation was rejected because of access control policies.
Source: The supplied request content violates system rules.
Attributes:
Details: The Request contains changes that violate system constraints.
CorrelationId: cb3f3644-ef0d-4f72-90dd-3207e0056cee
RequestId:
ErrorCode: 3001
CaughtTime: 02/11/2016 11:20:15
Web Portal: FIM Password Registration Portal
Session Id: qhifrt5541wgrn33oxwkz0uw
IP Address: 10.10.20.52
This is the SPN we registered:
setspn -A HTTP/PasswordRegister.company.com Domain\SSPR_server_name
Could someone please recommend some troubleshooting steps?
thanks you
SK
I am trying to install mim 2016 service and portal. SharePoint is all setup. The wizard starts fine but after selecting what to install a message box pops up title "Installation Prerequisites Not met", body -windows powershell 1.0 or better.
So I turned on detailed logging - Failure happens at the log entry - Doing action: checkdotnetversion and here it returns value 1. It then creates the dialog etc.
Now I have both .net 4.5 and .net 3.5 installed. I have PowerShell host version 4.0 and using it. Any ideas? thanks.
Hilalh
Hello Experts,
I was advised to write to your email for an advice on this concern.
My overall goal is to migrate FIM 2010 R2 to MIM 2016, and to that effect I have tested a few aspects separately and I was able to figure out most of the parts.
One such test, I am getting stuck at is to deploy MIM 2016 SSPR portals (Pwd Reg and reset) on SPF 2013 Port 80, like it was done for FIM 2010 R2.
I was able to deploy Identity Management Portal, and also setup AAM for a userfirendly address (URL) rather than just hostname and that works fine, except the password registration and reset portals.
MIM2016/SQL2014/SPF2013SP1/IIS are installed on Windows Server 2012 R2, and the host name is -----SQL2014-2.
SQLServer
The MIM portal works fine and I am able to provision and sync users in AD, however the the SSPR portals end up in "Page cannot be displaied" error. There are Host A records created in DNS, pointing to same IP as the MIM Server (SQL2014-2). The SPNs for http/pwdreg.cloud.org are also registered for Mimservice service account.
Also, Claims auth and auto upgrade are disabled for SPF2013 SP1.
The SSPR portals are set to operate on Port 80, unlike what's stated on MIM guide to use ports 8080 and 8088 respectively. This is a new install and I have followed the FIM guide where all the portals work fine together on 80/443.It as suggested in MIM formal guide to use FIM guide when necessary.
Is this supposed to work or are we supposed to use ports other than Port 80 for MIM 2016 unlike FIM 2010 R2?
</Event>
HOST/SQL2014-2.cloud.org
Any help would be greatly appreciated.
SG
Hi,
Is there any option to modify the Azure MFA given by default for PAM request which gives a call to your phone to use SMS OTP instead. If so please let me know the steps to achieve the same
Hi Experts,
Is it necessary that MIM Service Server(SSPR Portal) must be internet facing for testing SSPR with MFA?
I have installed SSPR portals on the same server where MIM Service is and is using phone gate. While testing password reset, i am getting error "Please contact system administrator" while my MIM Server is trying to made a phone call.
I am not using any internet connection. Is it mandatory that my server must be internet facing?
BR
| FIM Community Information Center Article |
 |
Wiki Page:
MIM 2016: RCDC Management with PowerShell |
| Go to the FIM Community Information Center |
Wim Beck | IS4U FIM/MIM Expert Blog: blog.is4u.be
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!
Wim Beck | IS4U FIM/MIM Expert Blog: blog.is4u.be
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!
Hello, I'm getting this error when trying to Sync AD to SharePoint extensible-connector-refresh-required. I've tried different .dll files, but still have an issue. Although it did work once and I was able to import, but did not work again. I keep getting the extensible error when running the SPMA. Does anyone know the answer?
Thanks,
AJL
Hi,
We had MIM Sync and MIM Service/Portal running MIM 2016 SP1.
We have now deployed a separate server for SSPR.
We had to rerun the MIM Service/Portal setup, in order to configured the SSPR URLs & Service Accounts.
Since we ran the MIM Service/Portal setup from the original MIM 2016 RTM .iso file - do we now need to reapply MIM 2016SP1?
Thank you,
SK
We are trying to Reset a single User so that they must re-register for SSPR.
I have seen past discussions of FIM 2010 that it is possible BUT NOT SUPPORTED to edit a user and remove the correct workflow from the AuthN Workflow Registered attribute via Extended Attributes button on the RCDC form.
If the Unregister cmdlet is Supported (?), what is it doing which is different from editing the user via the user edit form?
I perform synchronization user profile from Active Directory toward SharePoint 2010 User Profile Service Application.
I use miisclient.exe to monitor this task, even through the job was
successful as expectation but always found “stopped-database-connection-lost” status while running DS_FULLSYNC Profile name as figure shown in below.
This issue was found 2 errors , both are FIMSynchronizationService type in window log event as following table. It is likely to involve with above figures.
EventID | Message |
6322 | The server encountered an error because the connection to SQL Server failed. |
6075 | The management agent"MOSSAD-xxx"failed on run profile "DS_FULLSYNC" because the connection to the server database was lost. |
Moreover,I am wondering that this problem may result in incomplete the total numbet of user from synchronization.
As far as I I researched,the , I found only https://social.technet.microsoft.com/Forums/en-US/39129eac-09d3-48ff-83f9-ecb4ae2424b6/sharepoint-profile-synch-stoppeddatabaseconnectionlost?forum=ilm2 along with being marked as correct answer , however, I was not found Event ID 2004(The FIM Synchronization Service failed to update the timestamp. Verify that SQL Server is running.) like mentioned cases. So I think a root cause may come from different situation.
If anyone need to more configuration information including SharePoint environment details in order to suggest a good solution , please free feel to ask me.
Please kindly recommend me how to fix this issue.
Thank a lot
Pongthorn
“An influential teacher, or popular expert“
Oh mighty reader, we need your enlightenment! Only YOU can show us… the TRUE WAY to code!
Win the dedication and adoration of generations to come, by giving something back to those less awesome.
Show your technical prowess, and divine knowledge of your craft.
Teach us good code from bad. Show us the way (or the work-around)
We can offer you the very best platform that you need to preach these good words.
Join us and lead this technical community in a whole new way, into a brighter future!
Become a TechNet Guru and you may find your own life also significantly enriched!
Win awards, interviews, invites, reviews, medals, friends, recognition points, high fives, hugs, smiles, and so much more!
All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day’s work today.
Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
HOW TO WIN
1) Please copy over your Microsoft technical solutions and revelations to TechNet Wiki.
2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you’ve contributed)
3) Every month, we will highlight your contributions, and select a “Guru of the Month” in each technology.
If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once “on our radar” and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!
Winning this award in your favoured technology will help us learn the active members in each community.
Feel free to ask any questions below.
More about TechNet Guru Awards.
Thanks,
If my reply is helpful please mark as Answer or vote asHelpful.
My blog |
Twitter | LinkedIn
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Hi Guys,
What is the MS certification available covering Microsoft Identity Manager ,Azure Active Directory?
Got to know from Google that 70-414 covers the identity management but only 25%.
Are there any other certifications that I can prepare for ?
Regards,
Srinivas
Hi
There are lots of custom Management Agents for Google services. Does any of those supports MIM 2016 (SP1)?
Hi
I am testing Self service password reset feature on FIM 2010 R2 with OTP SMS gate, I little confused about how to modify "SMSProvider.dll" to communicate with SMS gateway provider.
For test purpose , I subscribed with Clickatell sms gateway with free test credits. After subscription, new HTTP API is created to be used to send SMS, and it has the following parameters : API ID , username, password, to & text in order to send SMS through HTTP URL , as below example "
http://api.clickatell.com/http/sendmsg?user=USERNAME&password=PASSWORD&api_id=xxxxx&to=xxxxxx&text=Message
How can i insert the above parameters in smsprovider.dll sample that explained on Technet guide "https://technet.microsoft.com/en-us/library/hh824692(v=ws.10).aspx" or Is there any other working way to let FIM send SMS ?
I appreciate your help
