Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Display new value and old value for a changed attribute

0
0

Hi,

i need to implement a workflow of notification, to be sent when an attribute change the value. i need to display the old value and the new value. i did these steps:

1. create a new mail Template

2. create a workflow of notification as below: use the mail Template to be sent to a specific adress

3. create an MPR as below:

- Requestors : all objects

-Operation : modify a single valued attribute

-target resources: all people

- resource attribute:  select specific attribute

then, select the created workflow.

When the attribute selected is changed, i receive the notification, but it shows only the new value ? how can i do to have the old value too?

Regards.


Custom Set in FIM

0
0

Hi,

i need to configure a set in which i put all user with specific Distingushed name.. in FIM i don't have the operator "contain"

how i can have the needed result ?

Regards.

MIM2016 SP1 PCNS services terminated after installed on W2012R2 domain controllers

0
0

MIM2016 SP1 (version 4.4.1237.0) PCNS services terminated after installed on W2012R2 domain controllers with below ERROR in event log.

Log Name:      Application
Source:        PCNS Filter
Date:          11/8/2016 1:58:35 PM
Event ID:      6004
Task Category: Error
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SGDC1INFMSWP03.apll.com
Description:
The Password Change Notification service executable "C:\Program Files\Microsoft Password Change Notification\pcnssvc.exe" failed while verifying the file signature. The service will not be started and password notifications will not be sent. pcnsfltapi.cpp (525): A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

pcnssvc.exe pcnsfltapi.cpp failed while verifying the file signature

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="PCNS Filter" />
    <EventID Qualifiers="49152">6004</EventID>
    <Level>2</Level>
    <Task>4</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-08T05:58:35.000000000Z" />
    <EventRecordID>5888</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SGDC1INFMSWP03.apll.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>pcnsfltapi.cpp (525): </Data>
    <Data>A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
</Data>
    <Data>C:\Program Files\Microsoft Password Change Notification\pcnssvc.exe</Data>
    <Binary>09010B80</Binary>
  </EventData>
</Event>

FIM Portal Customization - specify an empty Portal String

0
0

In the documentation describing "FIM 2010 R2 Portal Customization" https://technet.microsoft.com/en-us/library/jj134312(v=ws.10).aspx I cannot see if it is possible to set one of the Portal Strings to be empty.

We would like to set the following:

   FinalizeRegistrationSubHeading1 - To contain custom text
   FinalizeRegistrationSubHeading2 - To be blank
   FinalizeRegistrationSubHeading3 - To be blank

I have tried the following but the empty <value></value> errors and therefore none of the custmisations are applied.  Same result with just a space.

  <data name="FinalizeRegistrationSubHeading1" xml:space="preserve">
    <value>Click on the 'Problems Logging In?' link from your Windows login screen</value>
  </data>

  <data name="FinalizeRegistrationSubHeading2" xml:space="preserve">
    <value></value>
  </data>

  <data name="FinalizeRegistrationSubHeading3" xml:space="preserve">
    <value></value>
  </data>
 
Thank you,
Alastair.

MIM Installation error

0
0

Hello All,

I was doing a fresh insatllation of MIM 2016, but facing issues with the group creation. 

Please see the screen shot below and help!!

Regards,

SUman

Access MA name in password exstention code

0
0

I have several MA's that need to call the same password exstention code. In the exstention code I want to determine which MA is calling. When I try to access csentry.MA.Name I get "system.invalidoperationexception: MA property not supported"

Is it possible to determine the MA name that is calling the code.


Data Warehouse Jobs Missing in MIM Reporting

0
0

Hi,

Just installed a new MIM Reporting instance and noticed that, although the reports for FIM are there, the data warehouse jobs are missing (Extract_DW_FIMReporting and Extract_FIMReporting).

Anyone else seen this? Do I need to re-run the install to get them in place or is there another option?

Many thanks in advance for any guidance!

Accessing the origin DN from an MVEntry object

0
0

Hope this is the right alias...

I'm trying to figure out the DN of where an object originates from within my extension and can't seem to find public access. Looking at the object in QuickWatch, I can see it in:

((Microsoft.MetadirectoryServices.Impl.ReadOnlyConnectorServices)((Microsoft.MetadirectoryServices.Impl.BaseMVServices)((Microsoft.MetadirectoryServices.Impl.MVEntryImpl)mventry).m_ProvisionerServices).m_rgConnectorServices[0]).m_pstrOriginalDN

Example value: OU=Domain Controllers,DC=ContosoRead,DC=com

However, because it is "Non-public" I am not access it.

Anyone have any idea?

Thank you,

David


David Downing


MIM CM - Smart card disabled but user can still login

0
0

Hello, I have a Gemalto smart card, that according to the MIM CM portal, is disabled and the certificate revoked (see screen print).  However, we are still able to logon to numerous network attached Windows 7 workstations with the card.  This is obviously not the expected behavior since the card is disabled and the certificate revoked. 

Is there some type of pause between when MIM disables the card vs. when the CA (AD CS) sees that the cert is revoked.  If there is a pause, how can we reduce this time to make it immediate?  The bottom line is that we want to disable the card and immediately prevent the user from being able to logon with it.  


Determining if a VMEntry is a built in object

0
0

When my extension is being called, is it possible to determine if the object represents a built in object?

"Domain Admins" for example

Thank you,

David


David Downing


Synchronizing an update request

0
0

I'm trying to update a user/person where the initials have changed however the changes never sync. In addition, my initial sync doesn't persist all the user/person attributes. I found a reference to "CreateOnlineUpdateContentChangeRequest", however I can't seem to find the CLMUtils.dll for a reference.

Can someone shed some light on how updates are implemented?

Thank you,

David


David Downing

MIM 2016 SP1 Add-ins and Extensions installation error with Outlook (Office 2016 Pro Plus)

0
0

I'm working with MIM 2016 SP1, testing out the Exchange Online support for the MIM Service account.  I'm trying to install the MIM Add-ins and Extensions on a Windows 10 Enterprise (Anniversary) client that has Office 2016 Pro Plus installed on it.

During the installation, I get the error "Microsoft Forms/Smart Tags .Net Programmability Support or RegAsm.exe" when running the installer.  With the MSI version of Office, I could have added that support to Outlook through the Change installation option in Programs and Features, but with Office Pro Plus, that is not an option.

Any suggestions on how to get this working?

Thanks,

Marc


Marc Mac Donell, VP Identity and Access Solutions, Avaleris Inc.
http://www.avaleris.com

Upgrading FIM to MIM on a new server

0
0

Hi,

I'm upgrading a FIM environment on Server 2008 to a new MIM environment on 2012.

I've installed MIM SP1 on the new 2012 server and copied the FIM database up to the new SQL server. It was my hope that I could re-run the MIM installation in either "change" or "repair" mode to update the database but the installation returns an error that the database version isn't the one that it was expecting.

The only workarounds I found were:

1. Uninstall MIM and re-install completely against the FIM database.

2. Update the database version in the fim.Version table to allow the "change" installation to proceed. (This is probably unsupported and I'm not sure if it would do all of the DB updates that MIM needs, but the portal and sync seem to be fine.)

3. Haven't tried this yet, but I could upgrade the FIM environment to MIM and then move the databases over. (Though the client is a little cagey about this approach.)

Is there a better approach that I am overlooking?

Thank you for any ideas.

Recreating a schema attribute with the same name and different data type breaks Reporting

0
0

When I get some time i'll try and validate this. But my concern is that in the MIM Portal Schema -> creating an attribute, using it, then deleting the attribute, and creating one with the same name (different data type) breaks the MIM Reporting on SCSM.

You might ask, "why the hell would you do this?" My answer is, when trying to use said attribute "AccountExtension" in DEV as a String data type, doesn't bode well with RCDC that use integer like values in their UoCDropDownList options E.g. :

  <my:Control my:Name="AccountExtension" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=AccountExtension.DisplayName}" my:Description="{Binding Source=schema, Path=AccountExtension.Description}"  my:RightsLevel="{Binding Source=rights, Path=AccountExtension}">
        <my:Options>
          <my:Option my:Value="7" my:Caption="1 week" my:Hint="7 days"/>
          <my:Option my:Value="14" my:Caption="2 weeks" my:Hint="14 days"/>
          <my:Option my:Value="21" my:Caption="3 weeks" my:Hint="21 days"/>
          <my:Option my:Value="30" my:Caption="1 month" my:Hint="30 days"/>
          <my:Option my:Value="60" my:Caption="2 months" my:Hint="60 days"/>
          <my:Option my:Value="90" my:Caption="3 months" my:Hint="90 days"/>
        </my:Options>
        <my:Properties>
          <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=AccountExtension.Required}"/>
          <my:Property my:Name="ValuePath" my:Value="Value"/>
          <my:Property my:Name="CaptionPath" my:Value="Caption"/>
          <my:Property my:Name="HintPath" my:Value="Hint"/>
          <my:Property my:Name="ItemSource" my:Value="Custom"/>
          <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=AccountExtension, Mode=TwoWay}"/>
        </my:Properties>
      </my:Control>

When having this defined for a string data type for AccountExtension, it breaks the UocDropDownList behavior and gives unexpected results (like summary table showing a deletion when it's actually being set, and values not being translated to their corresponding captions)

Therefore I deleted the attribute and turned it into an integer data type with the same name. Now my RCDC works, but Reporting broke.

Import filter

0
0

Hi,

We are using FIM 2010 to sync several sources into a single AD. One of these sources is a Oracle DSEE (ie IPlanet Server).

We want to only import and sync selected entries in a important tree. Importing all of the DSEE directory is using a lot of time and CPU/Memoy/Disk. So we want to only import entries which could be selected with a simple filter.

On 15000 entries, only 500 are usable.

We trying to use the connector filter in the MA configuration but it seems to only filter entries on the sync step.

How could we IMPORT only the good entries ?

BR,


Emmanuel IT


Self Service Apps

0
0

Is Microsoft creating its own self service app (for reset and unlock AD accounts),  for mobile devices? or maybe it already exists?    I found many companies providing self services, but I wonder if there is any official app from Microsoft.     I found specifically a tool called call2unlock  (www.call2unlock.com)   that makes everything using a IVR, phones and SMS.  But you have to have a PBX in your company  (I know most companies have PBX), but in my particular case we don't.

Thanks

Seth Bochini

Systems Administrator

FIM upgrade to MIM

0
0

Hello All,

I have a requirement where i need to upgrade existing FIM envirornment to MIM.

Actually i have a doubt regarding the synchronization encryption key. I want to know if we use the existing configuration (FIM) encryption key while installing MIM will that restore all the MPRs,Sets,SYnc rule and workflows that are ther in the existing portal? Please confrim.

Regards,

Suman

Delta import with DSEE

0
0

Hi,


When trying to use the delta import feature with a DSEE (IPlanet/Sun Directory Server), we always get the error "no-start-full-import-required".

"ChangeLog enabled" is set to true, which should indicate that that changelog diff detection should work.

What could be wrong ?

BR,


Emmanuel IT

Customizing the MIM add-ins and extension?

0
0

Hi,

We know there is a way to customise the branding and titles in the SSPR registration and reset IIS portals.

But is there a way to customise the branding and titles in the actual MIM SSPR add-ins and extension client?

Thanks,

SK

MIM add-ins and extension client Ports?

0
0

Hi,

We are deploying the MIM add-ins and extension SSPR client and our URLs are running on HTTPS.

So do we only need to ensure that TCP:443 is open between the client workstations and the SSPR Registration and Reset Portals?

Thank you,

SK

Viewing all 4767 articles
Browse latest View live




Latest Images