Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 188 | 189 | (Page 190) | 191 | 192 | .... | 204 | newer

    0 0


    I am currently implementing a Generic SQL Connector based on Stored procedures only (not direct access to the table). For the export, an ADD and UPDATE stored procedures have been implemented. To be able to clear value in the table, I wanted to use the option:"Export Type: Object Replace" available on the connector second page. From the documentation, this option should do:

    Export Type: Object Replace: During export, when only some attributes have changed, the entire object with all attributes is exported and replaces the existing object.


    By ticking this option, I would expect that FIM/MIM would send the whole object (all the attributes configured to be exported) with NULL value where this no value for an attibute. It's look like that this option is not taken in consideration by the Management Agent. Here the result of the log file after an export with this option activated:

    <?xml version="1.0" encoding="UTF-16"?>
    <mmsml xmlns="" step-type="export">
    <delta operation="update" dn="MIM_History+220175640">
     <attr name="GIVENNAMES" operation="update" type="string" multivalued="false">
      <value operation="delete">Yfwegewi</value>
      <value operation="add">Yigsgd;Erfsfic Dudspond</value>

    Did anyone has the same issue in the past? Is it a bug in the MA or did I misconfigure something?

    What would be a good workaround to clear value in a table with an UPDATE stored procedure?

    Thanks in advance for you help.

    Anthony S.

    0 0

    So how we really get the value of the response provided by the approver for example to include it in email notification?

    Some examples in internet are providing solution to use [//WorkflowData/Reason]. But somehow we need to include the value to worflowdata dictionary.

    0 0
  • 06/26/18--17:53: Deprovisioning stopped
  • MIM - HR MA deprovisioning is set to 'Make them disconnectors'.  It is connecting to a SQL view and is updating and creating accounts, but is not deprovisioning those not in the view. AD MA is using a rules extension file which disables and moves them to disabled OU. Was working correctly then stopped. Had made change to the rules extension file that creates the account name and now accounts are being created in the new format, but those not in the view are not being disabled. No changes to the rules extension for deprovisioning. Set the previous version of the rules extension file which creates account name back and still no account disables. 

    0 0

    Hi All,

    Greetings! I am facing this issues since from last three days. All of my accounts that are being provisioned from MIM to Active Directory are created as disabled accounts in Active Directory. Even I am passing 512 to UserControlAccount attribute. 

    Below are the stats of AD MA Export for one record. Now when I see in AD, this account is marked as disabled.

    Kindly help me and guide me in this regard.



    0 0

    Dear All,

    I am trying to delete existing accountexpires value. using following c# script but no luck

    long iFileTime = 9223372036854775807;
                        if (mventry["employeeEndDate"].ToString() != null)
                            DateTime dtFileTime = DateTime.ParseExact(mventry["employeeEndDate"].Value, "yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'", provider);

                            csentry["accountExpires"].IntegerValue = dtFileTime.ToFileTimeUtc();
                            csentry["accountExpires"].IntegerValue = iFileTime;

    Need Your Help!



    0 0

    Dear All,

    when I am trying to run Export Profile Getting stopped-extension-dll-exception status.

    0 0

    What is TechNet Guru Competition?

    Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

    One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

    Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

    If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in July 2018 and must be in English. However, the original blog or forum content can be from before July 2018.

    Come and see who is making waves in all your favorite technologies. Maybe it will be you!

    Who can join the Competition?

    Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

    How can you win?

    1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
    2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
    3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

    Do you have any question or want more information?

    Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read Moreabout TechNet Guru Awards.

    If you win, people will sing your praises online and your name will be raised as Guru of the Month.

    PS: Above top banner came from Vimal Kalathil.

    Thanks in advance!
    Ninja [Kamlesh KumarTechNet Wiki Council

    Kamlesh Kumar

    If my reply is helpful please mark as Answeror vote as Helpful.

    My blog | Twitter | LinkedIn

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    0 0
  • 07/02/18--23:06: Changing HRDB Table
  • Dear Team,

    Testing purpose we have created SQLMA with Test Table. Now we would like to change it to production SQL view.

    How to change and does it affect SQLMA?



    0 0

    I'm trying to deploy MIM 2016 in a test environment. I have deployed Sharepoint 2013 SP1 and SQL 2016 Enterprise. Trying to install MIM Service and Portal but I'm getting error "the feature you have selected have the following prerequisites. Refer to the installation guide for more information. Please update your machine and retry the installation. -Sharepoint"

    Can anyone help me out?

    0 0


    Does AADConnect support bi-directional password sync (so from on-prem to Azure cloud and vice versa)?

    So if I change my password on-prem, AADConnect syncs the pwd to my Azure account?

    And if I change my password in Azure, AADConnect syncs the pwd back to my on-prem account?

    Assume that AADConnect is already setup and synchronising my on-prem identities with Azure.

    Cheers & Thanks


    0 0


    I have to connect the output of non active directory system to Office365 to provision users. To this end I have installed MIM 2016 and added the azure active directory connector.

    The office365 tenant has pre-existing user accounts. I specified an immutableId for these accounts using powershell. I then was able to import these users.

    The problem is I get only very few attributes in the import, though I selected many for import.

    I would at least expect a value for userprincipalname and the email addresses of the user, but I barely get more than first and lastname. How do I get the agent to import more attributes? Is this a result of those account already existing? If so how do I convert them to "synced" accounts?

    Hope somebody here know the answer.

    0 0

    Following the below article in a hyper-v lab.

    Lab Setup

    2 x Windows Server 2016 VM's consisting of 

    1 x Domain Controller hosting AD

    1 x Member Server hosting SQL 2017, SharePoint 2016

    I get to the point where I now want to install MIM Synchronization Service

    The install goes through successfully except I get an error saving the Sync Service Key


    “The Forefront Identity Manager Synchronization Service setup wizard was unable to back up the key set. <hr=0x80131600>


    I try and launch the MIM Synchronization Service and I get an error saying

    I checked the service and it isn't started so I try and start it manually and I get the below

    In the Windows System log I get the below error

    I have followed the deployment guide with the exception of installing SQL Server 2017 instead of 2016. Does anyone have any steer on where I'm going wrong here? any guidance would be appreciated!

    0 0

    Hi EveryOne,

    I wish to know if there is anyone who has been able to integrate the MIM 2016 SP1 Generic SQL Connector successfully with PostGre SQL 9.x Database.

    The configuration works, and Import works as well but I am having some issues with Export Run. Troubleshooting with PostGre ODBC Logs shows that Export activity from MIM is not recorded, while Import activities are well logged.

    On the MIM Synchronization Console, the error is described as "unexpected error 0x8ffe2740" after Export run.

    I am almost concluding that this issue could because PostGre SQL is not on the list of supported Databases for MIM 2016 Generic SQL Connectors.

    Appreciate some advice from anyone with some experience with this or a workaround to address the issue.


    0 0

    We've made some changes to our forest, removing some child domains and adding others. When I try to refresh the partitions on the AD MA, I get: "An error was encountered while refreshing domains: Unable to cast object of type 'System.Collections.ArrayList' to type 'Microsoft.DirectoryServices.MetadirectoryServices.UI.PropertySheetBase.MaPropertyPages.PartitionObject'.

    I'm on Version 4.4.1749.0 of the Synchronization Service Manager, running on Server 2012 R2.

    Ed Bell - Specialist, Network Services, Convergys

    0 0


    Please help on the below requirement.

    Forest A (Domain - 1), Forest B (Domain - 2) Both forest functional level 2012 R2 having 

    Primary users in A1 (applications and computer domain) and have the same user accounts created in B2 (O365 emails is hosted) in an OU. Need to synchronize the password from A1 to B2 so that the users have to remember only 1 password for computer login and O365 emails.

    I have gone through the below article which gives a good insight but it does not specify whether the users are already created in the trusting domain (Fim.lab.local)



    0 0

    Currently I have MIM sync implemented with GALSYNC to create and manage cross forest contacts.  Now I want to expand on this.   We are currently doing a cross forest move of users with ADMT, Prepare-mailboxmove.ps1.  This process works fine, a user in A is move to B and through SID history they also keep their group memberships.  What I want to do is populate the corresponding Mail Enabled distribution groups with the users contact in Domain B, when the user is migrated to domain B the contact is created in A (Currently working) and the contact is also added to the correct Distribution Group.  Is this even possible?

    Domain A Domain B
    Contact.B1 Contact.A1
    Before Migration
    DL DL
    Contact.B1 User.B1
    After migration
    User.B1 Contact.B1

    0 0
  • 07/10/18--16:46: MIM and Cardax integration
  • Hi,

    Has anyone integrated FIM/MIM with a building access security card system called Cardax before?

    Which MA did you use / develop?

    Were there any complexities to be aware of?

    Thank you,


    0 0

    I have a FilterForDisconnection rule so that CS entries are removed that satisfy a certain condition. What I need to do is set a value on that newly disconnected object - the metaverse entry remains so I don't think it comes under deprovisioning. I just need to write something to the actual object in the source before it's disconnected. Is there some way I can do this?

    0 0

    Hello dears..

    is there any way to sync groups between active directory and MIM 2016 without expanding nested groups and convert it to a group that contains members only ?

    I have some cases that I need to manage membership of nested groups without the members expanding, please help.

    thank you :)

    0 0

    Dear community,

    In an Account & Resource Forest scenario for Exchange, FIM 2010 R2 has been installed and configured with two Management Agents. Currently, one Management Agent is importing user objects from the Account Forest into MIM, the other Management Agent is exporting those user objects from MIM into the Resource Forest.

    Currently, the attribute "mailNickname" is synchronizing from the Account forest into the Resource forest thru FIM.

    My intend is, to remove the attribute "mailNickname" from the attribute flow, so that this attribute is not synchronized into the user objects in the Resource Forest from the user objects from the Account forest anymore - BUT I have to make sure, that user objects in Resource Forest, who already have the attribute "mailNickname" set, that the attribute "mailNickname" will not be deleted or emptied - the user objects in Resource forest  should remain as they are.

    How FIM thinks and works in that case?
    Does FIM no longer feel responsible for the attribute "mailNickname" in the Resource Forest if I remove the attribute from the attribute flow? (which is what I want) Or will FIM remove the attribute "mailnickname" from all user objects in the target Resource Forest (which is not what I want)?

    Thanks everybode for input!

older | 1 | .... | 188 | 189 | (Page 190) | 191 | 192 | .... | 204 | newer