Hello dear all
I have a nested group structure that I don't want to break it when managing group membership when using MIM bhold but I can't find a way for that..
is there any possible solution to keep managing groups with Bhold without breaking the nesting ??
Thank you..
Randa
FIM 2010 R2
I get an error when I try to run Full Import on HR MA - no-start-database-schema-mismatch, Schema-Out-of-date, 0x80230823
HR MA is connecting to MSql.
I tried to refresh the schema, but it shows that it is up to date. Tried to reenter passwords, but nothing changed.
What then can be the problem here? Maybe some bad data in some table can cause this?
Cannot find any useful information on web.
Hi,
I am trying to install MIM 2016 SP1, have installed SQL 2016, SharePoint 2016 so far and getting this error.
I am having one active directory which is my domain controller, installed MIM synchronization on that server and on another server i have installed SQL, SharePoint as well as trying to Install MIM Service and portal and getting the Service and portal error.
So my question is do i need Exchange Online as i am selecting that option but not having exchange online.
I ran the command ""msiexec /I "Service and Portal.msi" /L*V MIM_Service_Install.log" to get the log file but unable to troubleshoot that log.
Here is the link for the log file. help will be appreciable.
https://nathcorp1-my.sharepoint.com/:u:/g/personal/roshan_kumar_nathcorp_com/EfUlMiYyZr5BjVDSlNAd1dUBoqjseIMJ2ZTLP8hmFd82Hw?e=qhIKcp
Thanks,
Roshan
Hi,
I am currently trying to integrate Sailpoint 7.2 with Microsoft identity Manager(MIM) for one of the requirements and I am stuck at the step where you import Management agent Sailpoint-MA on MIM Synchronization client. I have entered the details as shown in attached screenshot and when I click on Next I get error as "Unable to retrieve schema". The MA is a custom one of type ECMA 2.0. This MA has been provided by Sailpoint for integrating with FIMR2. I think it should work with MIM as well but not very sure.
Appreciate if someone can help me with this. Thanks.
Regards, Chandan
I have been looking for a way to delegate adding and removing users from groups through the MIM Portal to our Service Desk.
I have tried creating an MPR that grants read access to All Groups and All Group Attributesm, and another MPR that grants Add and Remove Multivalues attributes for the Manually Managed Membership attribute.
Also I have excluded these user from the NON Administrators set as well.
Currently they still cannot see any Security groups(Im not managing Distribution Groups in MIM).
Is there something that I am missing?
Hello Friends,
We are upgrading our databases FIM databases from 2008 to SQL 2014 and to new servers as well.
We have FIM 2010 R2(v4.1.3436) in our environment. So I just want to know how to proceed so that new servers will be adopted by our existing FIM environment.
Can we go with in-place upgrade by just stopping the service ,so that we can provide the new db details while installing the product and registries will be configured accordingly.
Kindly suggest.
Regards,
Suman
Hi All,
I have workflow which updates mail,proxy addresses and mail alias when user change alias of Distribution group. Workflow has below steps
1. Read values from default env-- Working
2. Generate new mail id using .PS1- Working
3. update mail id-getting updated in object
4. Generate proxy list using .ps1- Log file shows its generating proxy list
5. update proxy --not working
6. Calculate new aliases - log file is empty
7. Update alias - not working
now when mim log showing You cannot call a method on a null-valued expression.then which script would be giving this error.
How to fix this
Hello,
I am getting below error when we try to apply hotfix. Anybody know how to fix this?
MSI (s) (58:DC) [10:43:21:397]: Executing op: CustomActionSchedule(Action=PatchRemoveFIMPortal,ActionType=1025,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Program Files\Microsoft Forefront Identity Manager\2010\Portal\Microsoft.IdentityManagement.SolutionPackUtility.exe" action=uninstall mode=ServiceAndPortal log=event SHAREPOINTTIMEOUT=180 SHAREPOINT2016RESTART=1 SHAREPOINT2007CAPATIBILITIES=1 SolutionPack=MicrosoftIdentityManagement.wsp deleteweb=no continueonerror=no UILevel=5)
MSI (s) (58:88) [10:43:21:397]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIC216.tmp, Entrypoint: CAQuietExec
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack retraction.
CAQuietExec: Retracting microsoftidentitymanagement.wsp
CAQuietExec: An exception occurred while running Microsoft.IdentityManagement.SolutionPackUtility.exe: A deployment or retraction is already under way for the solution "microsoftidentitymanagement.wsp", and only one deployment or retraction at a time is supported.
CAQuietExec: An error occurred while retracting FIM portal solution packs.
CAQuietExec: Error 0xfffffffa: Command line returned an error.
CAQuietExec: Error 0xfffffffa: CAQuietExec Failed
CustomAction PatchRemoveFIMPortal returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)I am trying to find a way to fix a password issue we have for certain account types. We have Vendor accounts by job classification which add "-V" to the last name. This was done by committee and cannot be changed without considerable modification to SOPs. Here is our CustomExpression for password as defined in the Outbound Attribute Flow in MIM Portal:
"!$"+SS4R+LowerCase(Right(lastName,2))
Which ends up looking similar to this for vendor accounts:
"!$1234-V"
This is bad on so many levels. It should end in the last 2 letters of the person's last name.
My thought was to Replace -v with "". I attempted "!$"+SS4R+ReplaceString(lastName,"-v","") just to keep it simple. I looked it up on MSDN (link here). It appeared to be accepted when I clicked OK. However, I haven't tried to incorporate that with the rest of the function.
As this is not the only suffix that has been appended to the lastName value (we've added -CS, -NS, -NI, -ECC and a few others I cannot recall off the top of my head). How could I write this in a manner that could replace the suffix before selecting the last two characters. I have a few IIF(IsPresent()) type expression in use which leads me to think I could "test for each suffix type" before replacing the characters in question. Or possibly use a RegEx to do the evaluation for all the various suffix types?
What would be the best way to go about addressing this issue?
Additionally, what "language" is this written in? Visual Basic? Is it SharePoint specific or FIM specific?
In case it matters... Home / About Microsoft Identity Manager says I'm on Version 4.4.1302.0 and the same is true for Sync Service Manager. I believe this to be MIM 2016 SP1.
Thanks in advance for your help.
Hi there
I think I have discovered a bug in the Forefront Identity Manager Lotus Domino Connector v1.1.830.0. Can anyone confirm this please or should I log it directly with MS?
Problem Description:
With Export in Replace mode, updates to multi-valued attributes result in unchanged values being removed and replaced by the changed values only.
For example, using CompanyName, say the existing CompanyName is Contoso and the outbound sync operation adds two additional company names, say Northwind and Fabrikam. The pending changes for this attribute would look like this:
Change | Value |
none | Contoso |
add | Northwind |
add | Fabrikam |
Once the export has been applied, the CompanyName values in Notes will be Northwind and Fabrikam. Contoso was deleted but should have been unchanged.
Environment
Product | Version |
MIM Synchronization Service | 4.4.1749.0 |
Lotus Domino Server | 8.5.1FP4 |
Forefront Identity Manager Lotus Domino Connector | 1.1.830.0 |
Notes Client | 9.0.1 |
Thanks in advance
Adrian
Hello,
We got an issue in FIM and could not find any rootcause what is actually causing this issue. The below issue happens forONE SPECIFIC GROUP and other AD group membership are in sync and we don't see any issues. we have this issue only for the past 1 week and previously the sync was working fine.
Issue:
we have a group in AD which contains more than 15k members in it. The AD group is synced to FIM portal and we have policies, out bound sync rules that provision this groups to Azure office 365.
For the past one week, what we see is the membership for this particular group in AD is not in sync with FIM portal. For e.g. in AD there are 15950 members for this group and in FIM portal only 15800 members are present.
In metaverse, if i search for this group, i can see that FIM connector status is always "Export in Progress" and i also see there are 150 "Add" pending for export. This is the case for last
1 week and the "Adds" getting increased day by day.
Can someone please help me on resolving this issue. Appreciate your help on this!
Thanks,
Hi
I try for several days now to solve the problem, but I dont get it under control.
MIM CM 2016 - Portal
Everything adjusted and configured like described in
https://docs.microsoft.com/de-de/microsoft-identity-manager/mim-cm-deploy
also in English, to prevent translation errors.
When I open a Internetexplorer, call the URL of the Portal (https://cm2018.domain.de) it works fine, til I try to get the certificate request done. It comes with the WebAccess confirmation popup and then it runs into an error
Fehler beim Herstellen der Verbindung mit der Zertifizierungsstelle: p-m-pki-1003.domain.de\domain-P-M-PKI-1003-CA
I suppose it has to be an error during installation. Suppose rights or impersonalisation is not correct.
How can I check that. Has MIM CM 2016 no checkup tools to verify the configuration ?
clm-log entries:
CheckCertificateAuthorityAvailable(Microsoft.Clm.Common.AD.UserProfile)" "Doman\user" "Domain\user" 0x00000B00 0x00000019 Check that all CAs are available for profile template
Unable to complete request for profile template: Test PKI2018 MIM CM - nicht nutzen (UUID 10c20223-4b3e-4571-97d4-662c3ee9ff38).
Certificate Authority: p-m-pki-1003.domain.de\domain-P-M-PKI-1003-CA is offline.
Start CA service.
CA Service is running, I can request certificates by certificate snap-in.
So this is my idea that it has to be in the middle between user and CA, the MIM Portal is not able to use the correct rights to access or see the CA (but it can see it, when i create profiles and add the CA to them).
Thanks a lot
Bernhard
Hello,
We have an issue while trying to install FIM 2010 4.0.2592 about the database compatibility (error 25009).
We need to install this specific version because we have to duplicate our production environment which is this version.
When the installer is setting up the database, a popup appeared with the error 25009 about the compatibility level which need to be between 100 to 130. But our FIM database is already under compatibility level 100. The SQL Server is under 2016 SP2 (KB4052908) 13.0.5026.
FIM 2010 is incompatible with SQL Server 2016 even if the compatibility level is modified or it is a generic error maybe?
Thanks for you help !
Hi All
Is full bidirectional GALSync possible without trust between forests with MIM 2016.
best regards
Hi,
I installed MIM 2016 onto my environment. My goal is to have MIM take the users and passwords we have stored in our SQL database and create AD accounts for those users. We are hoping to have this close to real-time update. I am having issues finding much documentation on this online.
Any idea?
Thanks!
Hey Folks,
I spent half the day on reading different Forums / blogs etc. to understand and calculate the amount of CALs I need for the Microsoft Identity Manager 2016 but Im somehow unlucky and couldnt find a good answer, so maybe one of you knows.
So here is my scenario:
We are running an online platform where customers can Login, this platform is connected to an AD where the credentials are stored.
Of course the Platform customers constantly forget their passwords and it need to be changed from IT.
This workload is supposed to be taken away from IT and assigned to the department running this platform and we are looking into using MIM to give a group of 5-10 employees access to reset passwords for the customers via MIM instead of granting access to the AD.
Lets say we have 4000 Customers (external Users) and 5 Administrators.
The 5 Administrators should only be able to reset Passwords via a Website. - no more functionality is needed.
How many CALs do I actually need?
4000?, 4005? 5?
Cheers
Hi all,
I need to Hide an User in FIM/MIM portal and this should be a self service by FIM administrators by clicking an attribute (hide_from_portal). Is this possible?
What change should I need to do from RCDC end.
I need to make sure the user doesn't appear in any resource picker ( like set and groups).
Please advise.
Thanks..
Rajesh
Hello,
I have followed the article to Import/Export Contact in MIM/FIM Portal.
https://social.technet.microsoft.com/wiki/contents/articles/34178.fim-2010-mim-2016-managing-contacts-in-the-portal.aspx
But, might be some steps are missing in this article because <g class="gr_ gr_222 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation only-ins replaceWithoutSep" data-gr-id="222" id="222">still</g> I am not able to do the same.
Can someone please help or do we have any other process to SYNC contacts also from <g class="gr_ gr_485 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" data-gr-id="485" id="485"><g class="gr_ gr_484 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="484" id="484">AD</g> ?</g>
I cannot create contact, as it is showing Access Denied.
---------------
Error processing your request: The operation was rejected because of access control policies.Reason:The operation failed as a result of insufficient access rights.Attributes:DisplayName,ObjectType Correlation Id:a3defc1b-b11d-4d9e-b7ee-b7ab8d0b0026Details:No policy grants the Requestor permission to complete all changes.
---------------
Regards,
Amol
Regards, Amol Patil
Hello,
I am new to MIM and I am trying to import the attribute AuthNWFRegistered from the MIM portal to the Metaverse so I can determine the number of registered users for password reset.
However, the attribute is not imported and it is always blank regardless if the the user is registered or not.
In the preview of the MIMMA connector it is showing: intial value: NULL final value: deleted
CAn you please let me know why it is showing like noting that the value in FIM portal is populated.
Hello all!
Have finaly installed Microsoft Identity Manager Portal 2016, but when I tried to Login via Domain Admin (or any other account used to during installation) i get folowing error:
Where I need to look into to finally make it works?
Best regards.
