Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Access MIM portal with another url

0
0

Hi everyone, 

I have a MIM 2016 SP1 environment, <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="fb165f56-30f7-432a-a3e2-51509ccf3006" id="ce4eaa52-d9b4-4255-a95a-972ade8170eb">i</gs> am able to login only when <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="fb165f56-30f7-432a-a3e2-51509ccf3006" id="fdff082c-dd16-49bc-9151-d816b7ed889e">i</gs> hit the <<gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="fb165f56-30f7-432a-a3e2-51509ccf3006" id="ca54e5a3-05f2-4b0e-ab14-3bb3963fb86f">fqdn</gs>> of the MIM portal machine

<gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f9e411e6-71b1-4cdb-b8a0-3500c2dc8891" id="a9c4e9f4-08a0-4c4f-8c0b-e4ad89c3b294">if</gs> <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f9e411e6-71b1-4cdb-b8a0-3500c2dc8891" id="47639e30-948e-44f2-8850-c34257383c33">i</gs> try to login with another <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f9e411e6-71b1-4cdb-b8a0-3500c2dc8891" id="689ef8a4-718e-46e7-9e3a-63b792f976e3">dns</gs> name it pops for authentication in <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f9e411e6-71b1-4cdb-b8a0-3500c2dc8891" id="d8ce787d-4471-413f-88b1-966fbb0137b6">loop</gs>.

How do I tackle the problem? 

#2 

<gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f368cc73-1cec-497c-9705-c5e94eb33c43" id="1d39593f-1af4-4014-99a6-65d7b7431744">how</gs> do <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f368cc73-1cec-497c-9705-c5e94eb33c43" id="a34daf7d-3097-4c3c-a534-fc772f0bd86c">i</gs> configure the "my security group membership"<gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="f368cc73-1cec-497c-9705-c5e94eb33c43" id="319e266d-4472-457b-886b-cacec6f1cdb6">?</gs> 

<gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="7ac8c3db-ff06-4734-b6d6-53087832a442" id="32fccfb3-6a7c-46f4-b0d8-8e2353937582">its</gs> empty if <gs class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="7ac8c3db-ff06-4734-b6d6-53087832a442" id="7f3fdb8c-99d1-4d76-a2c2-58845dfa44a0">i</gs> click on it.

Thanks

Igor


Licencing

0
0

Hi,

Several articles speak about new MIM licencing. Here is a particular case : we need to create an AD from different sources. MIM works fine for this. But licencing speaks about a licence for each user using MIM Service.

However, user in the created AD are used as a source for a third party software, but never authenticate on it.

Do we need a licence for each AD user in this case ? Either for sync from sources trought MIM ?

If so, is this the "same" CAL for AD and MIM ?

BR,


Emmanuel IT

I need an integrated web portal with active directory for public services (FIM is my solution?)

0
0

Hi Guys,

I have deploying website, I decision using active directory for authentication/authorization/account(user store) for this website.

At now I need a web portal that it is full integrated with active directory. 

I want my public users can self-register to active directory through this web portal, and for authentication/authorization use the active directory. Actually I want this portal use the active directory's user store (DB) for add/edit users or like mirror status between user store (DB) either active directory and web portal. 

1- Could you tell me, FIM is a good solution for this scenario?
2- I see the last release of FIM was 2012 !!!!? This mean the Microsoft don't want support it and stop update stream?

Note: I know, i shall use AD LDS for relation between AD and portal, and I should not directly connection between either.




How do I resolve this reference attribute problem?

0
0

We have an Oracle HR table.

EmployeeNumber is unique and is the one we want to use as a base reference.

There is a ReportsTo attribute which contains the EmployeeNumber of the user's manager.

However, To make sense of the data in the table we have to invent an Anchor in our CS consisting of 3 attributes:

EmployeeNumber + OperationType + LastModifiedTime

Having set this anchor, how can I make FIM/MIM use ReportsTo as a reference? Normally I would have set EmployeeNumber as the anchor but is impossible with the table supplied by HR.

I would like to Sync the OracleHR MA ReportsTo attribute to person.MV attribute manager. But How??

New MIM 2016 install fails to connect to remote SQL Server

0
0

Working on installing the Synchronization Service and I specify the SQL Server in remote machine, and leave instance as default and it immediately returns the error, "Microsoft Identity Manager Synchronization Service is having trouble contacting SQL server using the provided information."

I don't believe this is any kind of SQL problem as it doesn't even appear to make it to the server, Wireshark shows nothing going to it and SQL logs don't show any connection attempts.  I can ping the SQL server, and make an ODBC connection to it using Windows Authentication. 

Any ideas on things to try.  Due to how fast the error comes up I'm guessing something is causing the failure before the connection is even attempted.

PAM 2016 - How to use the Server Manager tool in CORP via PRIV elevated credentials?

0
0

I seem to be unable to utilize servermanager.exe from the PAM runas and obtain the "pass through" permissions.

Example- I Activate my PRIV access. The PAM role activated has "local admin" privileges to a set of servers. On my PAW server I start servermanager.exe from a powershell window that was opened via runas using the PRIV credentials, Server Manager starts fine. I attempt to use the Event Viewer from the Server Manager tools, and connect to a server that I should have local admin rights I get read access failures.

Contrast- If I start MMC from the same powershell (via runas PRIV credentials), I'm able to add the Event viewer snap-in and successfully connect to the server in question.

PAM 2016 SP1- Version  4.4.1237.0

Problems Loading AD Cmdlets in a Workflow

0
0

Hello,

I'm still working with this, but I thought I post this to see if I can speed things up a bit. 

I'm trying to set the logonHours attribute for a particular set of users using MIMWAL's PowerShell.  In short, the PowerShell script is:

[byte[]]$logonHours = @(0x00,0x00,0x00,0x00,0x00,0xFC,0x00,0x00,0xFC,0x00,0x00,0xFC,0x00,0x00,0xFC,0x00,0x00,0xFC,0x00,0x00,0x00)
get-ADUser -Identity $AccountName
set-aduser -identity $user -replace @{logonHours = $logonHours}

This works from a PowerShell window.  It doesn't not work running under the workflow.  Throws this error:

WAL (2.16.0320.0): 01/24/2017 09:35:28.9077: RunPowerShellScript : RunScript: PowerShell script execution resulted in 2 error(s):\nThe term 'get-ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

The term 'set-aduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

I tried the import-module ActiveDirectory at the beginning of the script and get this error:

WAL (2.16.0320.0): 01/24/2017 09:15:55.2184: RunPowerShellScript : <SetupStreamEventHandlers>b__0: The 'C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.psd1' module cannot be imported because its manifest contains one or more members that are not valid. The valid manifest members are ('ModuleToProcess', 'NestedModules', 'GUID', 'Author', 'CompanyName', 'Copyright', 'ModuleVersion', 'Description', 'PowerShellVersion', 'PowerShellHostName', 'PowerShellHostVersion', 'CLRVersion', 'DotNetFrameworkVersion', 'ProcessorArchitecture', 'RequiredModules', 'TypesToProcess', 'FormatsToProcess', 'ScriptsToProcess', 'PrivateData', 'RequiredAssemblies', 'ModuleList', 'FileList', 'FunctionsToExport', 'VariablesToExport', 'AliasesToExport', 'CmdletsToExport'). Remove the members that are not valid ('HelpInfoUri'), then try to import the module again.

I read something about adding a startup tag to the FIMServer config file.  Did that and the FIMService won't start with that in there.  Maybe I'm not putting the tag in the right place.  But, I stuck it as a child node to the configuration tag. 

I don't want to get into the code extensions, as that would require my client to maintain a developer for this, which they don't want. So, I'm trying to stay "in the box".  I haven't seen anything about being able to do this with sync rules.  What I've read suggests a rules extension.  I just need to get the PowerShell script MIMWAL to run.

Any ideas? 

Greg

MIM 2016 install fails, "The login is from an untrusted domain..."

0
0

Going through the install, using a remote SQL server and I get this error message.

"Error 25009. The Microsoft Identity Manager Synchronization
Service setup wizard cannot configure the specified database.
OLEDB Provider Information: Description = 'Login failed. The login is from an untrusted domain
and cannot be used with Windows authentication.'
Failure Code = 0x80004005
Minor Code = 18452
<hr=0x80230406>"

Not even sure where to start with this.  Has anyone come across this before?


Guide for GALSync between Exchange 2010 and 2013?

0
0
Are there any good resources that walk through setting this up?  I actually have an Exchange 2010 and 2016 environments but I'm sure setting up for 2013 would be similar.  I've gone through the Microsoft guide on MIM 2016 but it only details installing the Synchronization Service (leaving many things out I might add).  There's nothing about actually configuring the Management Agents for GALSync.

Export to CSV

0
0
Sync data with our new oracle HR system via CSV files. The oracle admins have provided an export in CSV which I have successfully imported into MIM and then exported to AD.

However the issue now is to create an Extract to CSV with changes to user accounts in AD. The changes successfully sync back to MV. But I cannot seem create a CSV using the "delimited file MA". I have tried the Outbound Sync Rule method with a MRP and workflow. An ERE is added to the user account you can see the relevant objects imported when you do a MIMMA import. However when you export using the inbuilt "Delimiter File" MA nothing happens and the CSV (one specified in the Export run profile) file is empty.

MIM Management Agent, error 1355 connecting to another forest

0
0

I'm trying to setup GALSync and I created the MA for the forest my MIM server lives in, but cannot get it to work with the Trusted Forest, fails with error code 1355.  If I replace Forest Name and Domain with an IP of a Domain Controller in that forest, it works no problem.  This screams DNS issue to me, but I can't create any sort of DNS failure, can ping, reverse lookup, do nslookup for srv records.

I came across an old thread that mentioned using MIISDCInfo from the MIIS Reskit, but I can't find that.  Is it still available or anything like it available for FIM or MIM?

MIM installation failure - is Exchange needed?

0
0

Hello,

 I'm trying to install MIM 2016 on Windows 2012 R2. I've installed the synchronization service and SharePoint (although SharePoint 2013 is a pain to install). I've followed the prerequisite documentation.

Looking at the log file, the only error messages I've come across are shown below. I'm wondering if Exchange is an absolute requirement for MIM?

Thanks in advance

----------------------------------------------------------------------------------------------------------------------------

Errors DEBUG: Error 2769:  Custom Action ValidateSyncAccount did not close 1 MSIHANDLEs.

The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2769. The arguments are: ValidateSyncAccount, 1,

this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ExchAndCertificateDlg, ckboxUseSSL, to the right

                Line 526: DEBUG: Error 2826:  Control ckboxExchange on dialog ExchAndCertificateDlg extends beyond the boundaries of the dialog to the right by 15 pixels

Workflows in the Web Services Configuration Tool

0
0

Hi Everyone,

I need some help with how to write lines of code for the workflows in the FIM Web Services Configuration Tool namely:

Import (Full Import, Delta Import)
Export (Add, Delete, Replace)
Password

An online sample of the implementation or a reference with sufficient information on how to implement these workflows should help

Thanks


Akinzo

bHold learning

0
0

Hi!

Need to learn bHold role engine from scratch. Can anyone recommend any articles, books, websites other than MS technet?

thanks, 
Søren.


Management Agent for SQL Azure

0
0

I'm trying to connect the sync service to a SQL Azure database.  I'm not having luck.

Searching online, I can't find a specific statement about the default SQL MA and whether it supports Azure SQL.

Does anyone know that answer?

I'm seeing chatter about SQL Azure with ECMA's and a generic connector, plus I see an open source MA option, plus SQL Azure MA's from partners.  All of that tells me the native FIM SQL MA doesn't support Azure, but again, I'm looking for confirmation.

Thanks!


MIMWAL to compare one single attribute against a multivalue attribute

0
0

Does anyone know if there is a way in MIMWAL or otherwise, without writing custom code, to compare one attribute against a myltivalue attribute.

I have a request with multiple approvers. I want to compare if Requestor is anyone of the approvers.

Thanks,

Nosh


Nosh Mernacaj, Identity Management Specialist

After upgrade FIM 2010 R2 to MIM SP1 OTP SMS Gate stopped using SMSServiceProvider.dll

0
0

Hi,

One of my customers recently upgraded their FIM 2010 R2 to MIM 2016 SP1. It seems that their password reset SMS Gate stopped working. They had implemented SMSServiceProvider.dll using gate from their telecom (and it was working fine). All the phones are registered in format: 00971xxxxxxxxx

Right now instead of sending SMS we have error in the log coming from Azure MFA complaining that telephone number doesn't contain international code. It looks like it switched to use Azure MFA instead of previously used SMSServiceProvider.dll.

How can we switch it back?


Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

FIM\MIM Confirms User Creation\Modification in AD to External System with Web Services API

0
0

Hi Everyone,

i wish to know how MIM can confirm user Creation\Modification in AD to an External System (e.g. HR Application)having a Web Services API). So need to send say SOAP Message back to External System on the status of the provisioning\modification in AS

Thanks in anticipation for your help


Akinzo

Clean up of old records in an SQL MA's connector space

0
0

In order to clean up the disconnected objects from SQL MA, I did the following steps

1.I manaully projected them from MA's Connector space into Metaverse by applying projection rules.

2. I imported end dates and names via import rules.

3. I created a set that transitions in the objects that have end dates less than sys date (obviously these objects will transition in to the set)

4. Created a MPR that will remove the particular MA's ERE whenever an object is transitioned in to the set.

5. Tried this by doing the following steps.

              i)  Individually preview'd and commited accounts.

              ii) Objects stood for export in FIM MA, ran Export on FIM MA

              iii) DIDS on FIM MA

              iv) When I see the search requests in FIM portal, i can see that the MPR is triggered but it didnt removed.

Could anyone please help me out. Have I missed anything?

Azure AD Connector

0
0

My requirement is to sync HR database(SQL Server on-prem) to Azure AD. I am using FIM 2010 and Windows Azure AD Connector. I am able to establish sync and all works just fine. Since this MA don’t support any password management scenario I am running PS script to set password for new accounts outside FIM. That also works well.

Next user is asked to change password during first logon. As soon as user submits new password he gets this error: “Your organization doesn’t allow you to change your password on this site. Please change your password according to the method recommended by your organization, or ask your admin if you need help.”

May I know how could I allow the user to change his password?  Am I missing something, any workaround?

Thanks,

Shobhit Vaish

Viewing all 4767 articles
Browse latest View live




Latest Images