Window Azure Connector Group memership sync to office 365

December 13, 2016, 9:28 pm

≫ Next: MIM 2016 Sync Installation

≪ Previous: Possible bug: MIM 2016 PAM and removal of Shadow Principal membership

Hi All,

I could see the group membership in connector space of Management Agent window Azure and there are no errors in export, howerver in office 365 they are not exported. I tried to re-sync the group membership still the export of group membership are not happening.

Check all the user are present in connector and in office 365 and till connector space of Window Azure Management Agent all is fine, but i could not figure it out why the export of group membership are not happening tooffice 365.

Please let me know, if anyone have come across this and help me for the fix.

Regards,
Anirban Singha

↧

MIM 2016 Sync Installation

December 14, 2016, 2:00 am

≫ Next: //WorkflowData/referenceobject in approval workflow - "Could not resolve any of the defined.."

≪ Previous: Window Azure Connector Group memership sync to office 365

Hello All,

Need Help!

We are upgrading to MIM sync 2016 in our environment. We have a database deployed in a clustered environment on SQL Server SP1

Problem is while installating MIM sync service , the moment i provide server name and instance name it gives an attached error.

The port configured as per the SQL team is 52608 and not the default one 1433/1434 for the DB connection.

As MIM 2016 is by default use the port 1433/1434, then how can i proceed my instllation.

Please Suggest.

Regards,

Suman

↧

//WorkflowData/referenceobject in approval workflow - "Could not resolve any of the defined.."

December 14, 2016, 2:22 am

≫ Next: Set AD attribute for Supervisor

≪ Previous: MIM 2016 Sync Installation

Anyone see any reason why the below would not work? If i set destination: //Target/CustomReferenceAttribute, the attribute get's updated with correct value. It is as if the built in approval workflow cannot use //WorkflowData/referenceobject as input object?

Workflow:

Error message:

/Frederik Leed

↧

Set AD attribute for Supervisor

December 14, 2016, 2:32 pm

≫ Next: MIM 2016 and SharePoint 2016

≪ Previous: //WorkflowData/referenceobject in approval workflow - "Could not resolve any of the defined.."

Hi Everyone,

is there a way to create a "supervisor" attribute on a User object in AD?

I know the manager attribute exists, but I have a need to query user's supervisor.

Best Regards,

Happy Christmas.

Michael Walsh.

mwalshe

↧

MIM 2016 and SharePoint 2016

December 15, 2016, 5:56 pm

≫ Next: MIM Server Sync to several AD`S that don`t have trust or relationship

≪ Previous: Set AD attribute for Supervisor

Hi,

SharePoint 2016 no longer has a 'Foundation' version, so:

- is there a deployment guide for MIM 2016 SP1 and SharePoint 2016?

- which SPS 2016 version do we deploy?

- how is the SPS 2016 licensing handled now?

Cheers,

↧

MIM Server Sync to several AD`S that don`t have trust or relationship

December 16, 2016, 8:31 am

≫ Next: No Admin password was set when win10 upgraded by download from microsoft.

≪ Previous: MIM 2016 and SharePoint 2016

Hello,

I have one main Domain (Domain A) that has several OU`S, each OU belong to a company, I can sync the users to the MIM Server from this Domain A, but I am trying to synchronize the MIM with others domain, but I don`t get any response from the management agent, I was also trying to get the logs, but when I had the lines to activate the logs in the file "miiserver.exe.config", I start to get errors in the MIMMA.

The propose of this, is to be able to do a reset and a password registration, through the MIM Portal, in all the domains.

The Main Domain only export the users to the MIM Server and the MIM Server should export the users to the correspondent OU/Domain, and the password synchronization can be done through MIM.

I have a SR, Workflow a MPR for the Outbound Sync, at the moment I am just trying to sync something not even appying filters.

PS. I Believe the problem could be that I want to synchronize one user from one domain to another, but I only need the atribute accountName for this sync.

Thank you very much for the help.

↧

No Admin password was set when win10 upgraded by download from microsoft.

December 16, 2016, 1:05 pm

≫ Next: sync engine update workflow

≪ Previous: MIM Server Sync to several AD`S that don`t have trust or relationship

now I need to act as administrator and it wont let me. Keeps asking fro administrator id and password.

↧

sync engine update workflow

December 19, 2016, 1:24 pm

≫ Next: deleting MA

≪ Previous: No Admin password was set when win10 upgraded by download from microsoft.

An Action workflow is triggered when engine updates last name. The action workflow checks for a condition which is always returned false. Not sure what I am doing wrong. Please help.

MPR - sync engine updates lastname, call the action workflow.

workflow -If old lastname is equal to professionalname, update new lastname to professional name. If its not equal, dont do anything.

IIF(Eq([//Target/LastName],[//Target/ProfLastName]),[//Delta/LastName], Null())

Allow Null is not checked.

Thanks in advnce.

↧

deleting MA

December 19, 2016, 1:28 pm

≫ Next: MIM 2016 Password Synchronization

≪ Previous: sync engine update workflow

I have a MA through which data is imported to fimportal. This is just one time load and I would like to delete the MA as it is of no use anymore. The data in FIM should not be deleted when this MA is deleted. Should I just mark "Donot recall attributes" and then delete the MA?

↧

MIM 2016 Password Synchronization

December 19, 2016, 11:22 pm

≫ Next: Move MIM 2016 SQL Databases to a separate Server (New)

≪ Previous: deleting MA

Hi,

Currently we have three forests (A, B and C). We are in the middle of Active Directory Migration and Forest C is our centralized AD where all of the accounts will be placed. MIM server joined to Forest C. We enabled password synchronization from Forest A->C and B->C. Everything is working.

Then we enabled password synchronization from C->A and C-B.

C->A is working. Password changes can be synced over successfully. But C->B is some how not working.

We are using MA account which is member of domain admin and have full access on OU and accounts. There is no firewall between Forest C and Forest B.

Here is the error that we are getting.

Could you advice us what need to be checked?

Cheer.

↧

Move MIM 2016 SQL Databases to a separate Server (New)

December 20, 2016, 7:22 am

≫ Next: SSPR without domain name portion oddity

≪ Previous: MIM 2016 Password Synchronization

I need to move my SQL databases to a new server. Only the databases. I have two databases, MIM Synchronization Service andMIM Service Database.

I have found an article on How to move the backend SQL Server Synchronization Service Database. However I cannot find any documents to also move the Service Database.

Can anyone recommend instructions.

Thank you.

kathy4270

↧

SSPR without domain name portion oddity

December 21, 2016, 8:52 am

≫ Next: MIM 2016 deprovisioning OU's

≪ Previous: Move MIM 2016 SQL Databases to a separate Server (New)

Hi all,

I have a customer who's rolling out SSPR, where some of their users are unable to perform password reset without prefixing their domain (i.e. they have to log in to the portal as domain\username) where the majority don't have to.

I wondered if there was a duplicate identity in the MIM service with the same user name but different domain for the affected users, but this isn't the case. For good measure, I deleted an affected user from the MIM portal and re-provisioned them but it's still the same.

Does anyone have any idea of how and when the domain is "assumed" or why this might not be working for some users within the exact environment where it works for others?

Thanks,

Paul.

↧

MIM 2016 deprovisioning OU's

December 22, 2016, 2:54 am

≫ Next: Moving MIM sharepoint database

≪ Previous: SSPR without domain name portion oddity

i'm using MIM 2016 synchronization service without portal. I can provision users and groups from domain A to domain B. If a user ou is missing in domain B the synchronization task creates them. If i delete the user ou with the user in domain A the synchronization task will only delete the user - not the ou? Why is that happen and how can i get a clean synchronization.

Kind regards

derhoeppi

↧

Moving MIM sharepoint database

December 22, 2016, 3:53 pm

≫ Next: Password Change Notification

≪ Previous: MIM 2016 deprovisioning OU's

Hi,

I can't seem to find much on google but I'm wondering what steps are involved in moving FIM's sharepoint databases to a completely different SQL server? are there specific registry keys that need to be changed or anything like that?

Cheers.

edit: when accessing the portal we receive a "UnwillingtoPerformException: IdentityIsNotFound" in the event log and directly before that another error:

GetCurrentUserFromSecurityIdentifier: No such user NT AUTHORITY\IUSR, S-1-5-17

↧

Password Change Notification

December 22, 2016, 10:14 pm

≫ Next: Write back to SQLMA

≪ Previous: Moving MIM sharepoint database

Hi everyone!

I'm using IMAPasswordManagement to update password of Users from AD(Active Directory) to SQL server.

With SetPassword events only fire 4 times, 5th times it(event SetPassword) is not fired.

Please help me this problem!
Thank!

↧

Write back to SQLMA

December 23, 2016, 2:18 am

≫ Next: Attribute change notifications

≪ Previous: Password Change Notification

we are provisioning mailboxes in a mail system in the cloud (not o365) and they have provided the MA and dll for that side of the sync.

We are developing our side of the sync which is a local SQL database.

We can sync our sql view into the metaverse, provision mailboxes on the cloud mail system successfully.

However when it comes to populating the email field in the SQL view presented to the SQLMA we are stuck what to do next.

I have configured attribute flow in the SQL MA. How do I enable provisioning the email addres field in our local SQL?

↧

Attribute change notifications

December 23, 2016, 7:47 am

≫ Next: MIM 2016 SP1 Portal POP-UP UI Does Not Work

≪ Previous: Write back to SQLMA

Hello!

I'm looking how I can track changes history in MIM. We decided to send email notifications andout what was changed.

Yes, I know about SCSM, but looking for more simple solution.

So, which notifications are needed:

1.Change in HR DB attribute from 1 to 0 -> generate email to user or user's manager about this change. I think that I can use set and workflow for this, but can't buid a logics fot it.

2. Change in users name/surname -> generate email to user or user's manager about this change. How it can be done?

3. Information letter to administrator about changes, what happened in AD to user account (change of all attributes, like displayName, first name and so on).

Thanks!

↧

MIM 2016 SP1 Portal POP-UP UI Does Not Work

December 25, 2016, 8:07 am

≫ Next: new-pamrequest cmdlet gives Error processing your request: The operation was rejected bcause of access control policies

≪ Previous: Attribute change notifications

Hi Everyone,

We upgraded our environment from FIM 2010 R2 to MIM 2016 SP1 last week. After upgrade we notice that Pop URL for any object is not working as the way it was working in FIM2010 R2 version.

Below are the URL format which we were using in FIM 2010 R2 version to open group object type in pop windows:

In FIM 2010 R2:-

https://localhost/identitymanagement/aspx/customized/EditCustomizedObject.aspx?id=6978f402-6efd-4910-9de6-25d5f2fda843&type=Group&_p=1

However, when we remove "&_p=1" and try the rest of URL in MIM then object open but not in pop windows.

Anyone knows what's URL we should use in MIM 2016 SP1 version to open any object in pop window.

Thanks in advance!!

Sujit Kumar

↧

new-pamrequest cmdlet gives Error processing your request: The operation was rejected bcause of access control policies

December 28, 2016, 3:45 pm

≫ Next: Filter for MIM PAM Roles

≪ Previous: MIM 2016 SP1 Portal POP-UP UI Does Not Work

The workflow instance '....' encountered an internal error during processing. Contact your system administrator for more information

I am following the Microsoft installation guide and have managed to get to almost the end where I need to verify/demonstrate that PAM is actually working.

This is where Jen tries to access a share and gets access denied and then requests privileged access by using the cmdlet new-pamrequest. The cmdlet fails with the above error.

I tried the portal and it fails as well

I looked at the workflow in question and it is empty, so I am at a loss. Can anyone point me in the right direction. Thanks.

Hilalh

↧

Filter for MIM PAM Roles

December 29, 2016, 6:21 am

≫ Next: FIM Edit Attribute

≪ Previous: new-pamrequest cmdlet gives Error processing your request: The operation was rejected bcause of access control policies

I try to query MIM PAM for existing Roles. But the user I am using always gets all Roles he is a candidate or errors.
Whats wrong using either Powershell module or REST API as stated below?

This is OK (Powershell module):
Get-PAMRole -DisplayName CorpAdmin

But this produces an error:
Get-PAMRole -Filter {DisplayName -eq 'CorpAdmin'}
Get-PAMRole : cannot filter as requested

Using REST API I always get all roles the user is a candidate but not the one I am asking for:

$filter = 'filter=DisplayName eq "CorpAdmin"'
$Encode = [System.Web.HttpUtility]::UrlEncode($filter)
$uri = 'http://MIMRedPAM.red.corp.dir:8086/api/pamresources/pamroles?$' + $Encode
$result = Invoke-RestMethod -Method GET -Uri $uri -UseDefaultCredentials
$result.value

Can anyone of help?
Henry

↧

Latest Images