Hi,
Several articles speak about new MIM licencing. Here is a particular case : we need to create an AD from different sources. MIM works fine for this. But licencing speaks about a licence for each user using MIM Service.
However, user in the created AD are used as a source for a third party software, but never authenticate on it.
Do we need a licence for each AD user in this case ? Either for sync from sources trought MIM ?
If so, is this the "same" CAL for AD and MIM ?
BR,
Emmanuel IT
Hi,
I have the following scenario:
Domains X and Y are synced with each other.
I create a new user Z in domain X and run the following sequence:
1. Delta Import on domain X
2. Delta Import on domain Y
3. Export domain X
4. Export domain Y
5. Delta Import on domain X
6. Delta Import on domain Y
7. Export domain X
8. Export domain Y
The result is the contact gets created in domain Y.
The proxy addresses on user/contact Z in both domains are updated with X500 address for domains X & Y.
The metaverse object DOES NOT contain any of the X500 addresses.
Subsequently, when a full sync is run, the X500 addresses get updated on the metaverse object.
Is it normal that the X500 addresses are NOT updated on the metaverse object during a DELTA sync? If not, what am I doing wrong?
Hi,
I was wondering if anyone else had this Issue with FIM/MIM
You have 2 types of Employees
1. Temporary
2. Permanent
So when a temporary employee becomes Permanent their Employee number becomes 2 Holograms to us thru our HR system, instead of just 1 ID with an updated contract.
We are also managing the Temps and Permanent thru Different MA's, as there is a different flow to each contract.
What is the Best way to overcome this, as our employee ID is the requirement and based on the Join rule.
Hi All,
Is SharePoint 2016 supported to install MIM 2016 SP1 Portal ?
===
I have also try to install it but without any success!
The MIM Service and Portal Setup wizard failed during installation of FIM Solution Pack. Here is error from Event Viewer:
"Error - SharePoint did not confirm the deployment of the FIM solution pack microsoftilmportalcommondlls.wsp within the expected time."
On the log file, I have also this entry:
"CAQuietExec: An exception occurred while running Microsoft.IdentityManagement.SolutionPackUtility.exe: System.InvalidOperationException: Feature with Id '7c43ce5b-a59b-44f5-9e8a-50bd1b696145' is not installed in this farm, and cannot be added to
this scope."
Any ideas?
Regards,
-Misch-
Hi,
I'm looking at deploying MIM 2016 into an AD that already has FIM 2010 R2. We'll just be using MIM for SSPR initially but will look to expand it out later to include user self service. I have a few questions:
1. Is it supported to install MIM 2016 into an AD that already has FIM 2010 R2 installed? Note, we don't want to upgrade the existing FIM install, but rather setup a new deployment. Currently FIM 2010 only does some self service functionality and SSPR. We're planning on using different OUs for MIM 2016.
2. I'd like to use a single SQL server with 3 SQL instances for MIM sync DB, MIM service DB and SharePoint - can I use 3 different SQL aliases on the same SQL server? I'm wondering if I'll have any issues with port mappings...
3. I'm planning on using the classic sync rules configured in the AD MA to import AD users rather than rely on the portal to do this, I'd be interested in hearing people's thoughts on the merit of the portal for AD synchronisation rules (from my point of view it seems to only add complication).
We're not planning on using the SCSM/SSIS reporting functionality at the moment, but may do later. I'm guessing we can't import the existing FIM SSPR answers into MIM 2016 without an upgrade...
Thanks in advance!
IT Support/Everything
I can see in the Properties for FIM that I can turn on SSL by changing the flag from False --> True but there should be more to this process as I would need FIM to accept a certificate in order to create a trust between the FIM server and OID. I can not find this setting anywhere in FIM, has anyone ever had to do this before?
Thank you,
Philip Cowgill
Hi
I'm looking for a way to enter some lines of text on a TAB on the "MyProfile" ("Edit User" RCDC).
I have been trying with the UocCaptionControl, entering "Important!" in the Caption and the rest of the text in "Descrition". Problem is... i'm not able to control fontsize or enable text wrapping. So... font is way to big and not
all of the Description text is displayed. (I have entered sample text below.)
Does anyone know of a way to accomplish such a thing?
Text sample with correct length.
Important!
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras blandit vel lacus ut laoreet. Integer molestie, lacus at euismod viverra, ligula ligula facilisis ligula,
vel aliquet justo enim nec leo.
Duis nulla nunc, molestie faucibus dictum eget, pharetra in leo. Mauris non vehicula dui. Suspendisse pulvinar, lacus sit.
/Frederik Leed
I have implemented PAM 2016 in our test & development environment. My PRIV forest is a 2016 domain Level, and my "CORP" forest is a 2012 domain level. The "CORP" forest has Win 2016 based domain controllers (but as stated, is at a 2012 domain level).
According to KB3155495 I should be able to add the "PRIV" base security group in the CORP domain to the Domain Admins group. This is not happening. The forest trust still disables nesting external security groups in "special groups" (i.e.: Domain admins, etc...).
The "trustAttributes" on the TRUST indicates 0x448, which should be TAPT, TATE, PIM-TRUST. Reading the description on these attributes in 6.1.6.7.9 trustAttributes, seems to say that Sid Filtering is used, but even if I enable SID filtering on the Trust, it's a no go. In fact with SID filtering enabled the shadow group obtains even less group membership.
Is there any other setting that needs to be made to accomplish having PAM place shadow groups in the CORP domain admin group?
PS: This is the PAM 2016 SP1, Version 4.4.1237.0
I seem to be unable to utilize servicemanager.exe from the PAM runas and obtain the "pass through" permissions.
Example- I Activate my PRIV access. The PAM role activated has "local admin" privileges to a set of servers. On my PAW server I start servermanager.exe from a powershell window that was opened via runas using the PRIV credentials, Server Manager starts fine. I attempt to use the Event Viewer from the Server Manager tools, and connect to a server that I should have local admin rights I get read access failures.
Contrast- If I start MMC from the same powershell (via runas PRIV credentials), I'm able to add the Event viewer snap-in and successfully connect to the server in question.
PAM 2016 SP1- Version 4.4.1237.0Hi,
We want to deploy MIM 2016 into an existing AD environment just for SSPR to begin with. I'm thinking of a simple AD MA and FIM MA with sync rules configured in the classic style.
Further down the line, we need to deploy starters, movers and leavers. I can't see this being an issue, but thought I'd ask if I only use SSPR to begin with, is there anything that I need to be aware of? In other words, if I roll out SSPR, will implementing a full functioning account provisioning and deprovisioning scenario cause an issue?
Thanks
Hi
Any one who now where i can find who approved a PAM request.
i can find the request but not the approval.
Anders
Hello,
I want to customize RCDC to set the length of an attribute in the range of 6-30. I could set the MaxLength as following:
<my:Control my:Name="Alias" my:TypeName="UocTextBox" my:Caption="{Binding Source=schema, Path=MailNickname.DisplayName}" my:RightsLevel="{Binding Source=rights, Path=MailNickname}">
<my:Properties>
<my:Property my:Name="Required" my:Value="true"/>
<my:Property my:Name="HintPath" my:Value="Hint"/>
<my:Property my:Name="Text" my:Value="{Binding Source=object, Path=MailNickname, Mode=TwoWay}"/>
<my:Property my:Name="MaxLength" my:Value="30"/>
<my:Property my:Name="RegularExpression" my:Value="{Binding Source=schema, Path=MailNickname.StringRegex}"/>
</my:Properties>
</my:Control>
How do I set the minimum length and show error when less than 6 characters are entered?
Hello,
I'm trialling the use of Exchange Online for MIM SP1's 'FIM Service' to send/receive email to a mailbox located in Exchange Online. A few questions as there doesn't appear to be any documentation on this yet.
1. Can you use a Exchange Online Shared Mailbox instead of an individual mailbox to avoid an Office 365 license?
2. If it's an 'individual' mailbox (ie. attached to an AD user account) and not a shared mailbox, does this incur an O365 license charge from Microsoft?
3. If it's an individual mailbox, does this mailbox have to be 'attached' to the MIM Service ('FIM Service') service account? Or can it be any AD user sync'd to O365 with a mailbox?
4. Is the only way to change the password to this O365 account is to do a 'change' installation on the MIM Portal and Service MSI installation?
Thanks
Michael
Kloud Solutions
I'm looking to implement the MIM 2016 Synchronization Service to Sync GAL's. I pre-created the accounts listed in the official setup documentation as well as groups, but is there any info out there that details what each of these do?
Along those lines, I'm going to be using a remote SQL server, but my Database Team wants to know what account needs permissions to create the database. My guess would be the SQLServer account I created, but I'm installing with my Domain Admin account on the actual server. Any insight would be greatly appreciated.
Hi,
We're about to deploy MIM 2016. My DBA wants a single SQL cluster to host the MIM sync, MIM service and SharePoint DB all within the same instance using different DB names. I'm not a big fan of this as I suspect the sync and service account permissions will get more privileges than needed, in addition I suspect there'll be issues with SQL agent jobs needing to renamed and other issues.
Has anyone installed all the MIM DBs into a single instance and is it supported?
In addition, we're looking at using the MIM SSPR plugin, if I use a DNS alias, is there any configuration in the client addin which communicates directly with the SQL DBs? I believe not as the client (I think) talks directly to the MIM service.
Thanks in advance
I have a couple of Microsoft Powershell MAs in a customers FIM solution using a SQL source. I needed to add an extra data attribute to the SQL data which I did in the SQL script and then added the attribute to the schema script area of the MA
$SchemaType | Add-FIMSchemaAttribute -Name 'NewAttribute1' -DataType 'Int' -SupportedOperation -ImportOnly
After saving the change I did a Refresh Schema on the MA and then check the Select Attributes (Show All) but no new attribute is shown
Any suggestions as to why
I know not traditional that using on-premise active directory (Local AD) for public services, but I don't have alternative that has AD's features. For example many software that integrated with AD.
I want know active directory is good choice for using as authentication/authorization/account solution in a website? (For public services)
Note: I don't give permission to public users that they can access directly to AD. It is possible use the ADFS between AD and public users.
I have two farms, SharePoint 2013 (New) and SharePoint 2010 (Old). I am currently migrating the stuff from old to new environment. New environment is already setup and during this migration process (which may take months), i want to use new environment's search service to give users a new search experience. I want to show search results from old environment as well.
I believe its possible to achieve this using Federated Search Service by publishing service applications from one SharePoint farm to another.
Question: Is it possible to publish SharePoint Search Service Application from SharePoint 2010 (Provider) to SharePoint 2013 (Consumer) environment?
I have seen multiple articles on setting up federated search including by Microsoft but they all shows the same SharePoint version i.e online and on-premises etc. I need to publish services from SharePoint 2010 to be used in SharePoint 2013 environment.
I'll really appreciate if someone share a MSDN or Technet article where Microsoft confirms the above question.
If there is any other possible way to achieve that, please share as long as i do not need to crawl the both environments.
Thank You
