Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 190 | 191 | (Page 192) | 193 | 194 | .... | 204 | newer

    0 0


    I am trying to replicate my Prod to my Dev Environment,

    they are the same build version,

    but when I execute the Import-FIMConfig command it succeeds, but the portal is not showing the Sets/MPR/Workflows that I have,

    am I missing something, I have restarted my Dev environment, just to make sure its not something I have to restart for or reset IIS for.

    0 0

    So the issue is I am trying to join users using the index on the user table.  I have a Stored procedure that will add a user to the table if they do not exist and return there index. 

    Not sure how to set the returned value to either a DN or attribute, so they can be joined on later.  Maybe Im going about this the wrong way?

    0 0

    I have around 50 new advanced IAFs to add to each of three management agents. There's 5 attributes on each on the datasource side so it's taking a really long time to input. Had a look at the lithnetmiisautomation module but it doesn't have anything for this. I also tried exporting an MA to see if I could alter the xml manually but it looks a bit too complex to do that. Any ideas on how to get these flows in a bit quicker than manually clicking each one?

    0 0

       What is the recommended approach when we have an existing functional AD. We need to import all that data to a new MIM installationfor which the authoritative source of information is HR Feed . How will MIM map the users in FIM portal with the imported users from AD. I believe it should automatically map the user data in metaverse based on objectSID described in the syncrule. Is there any document which can guide for this implementation and any best practices to follow, or precautions to take.


    0 0
  • 07/31/18--05:14: Scaling out MIMService
  • Hi, 

    Does anyone have a good article/blog they're willing to share when it comes to best/preferred practices, "do:s" and "don't:s", "gotcha:s" and the like, when it comes to scaling out MIM? 

    Andreas Hultgren<br/> MCTS, MCITP<br/> <a href=""></a>

    0 0

    What is TechNet Guru Competition?

    Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

    One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

    Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

    If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in August 2018 and must be in English. However, the original blog or forum content can be from before August 2018.

    Come and see who is making waves in all your favorite technologies. Maybe it will be you!

    Who can join the Competition?

    Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

    How can you win?

    1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
    2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
    3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

    Do you have any question or want more information?

    Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

    If you win, people will sing your praises online and your name will be raised as Guru of the Month.

    PS: Above top banner came from Ousama El Hor.

    Thanks in advance!
    Ninja [Kamlesh KumarTechNet Wiki Council

    Kamlesh Kumar

    If my reply is helpful please mark as Answeror vote as Helpful.

    My blog | Twitter | LinkedIn

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    0 0

    I need to implement GAL Sync for 2 forests running Exchange 2016.  I've setup GAL Sync several times for Exchange 2010.  It looks like everything is the same except I'm not sure what to do about the "Provision for" box where I typically add the Exchange 2010 URI for Remote PowerShell.  Exchange 2007, Exchange 2010, and No Provisioning are the only options.  Since this drop down only configures MIM to make Remote PowerShell calls to run Update-Recipient, does Exchange 2016 not require this Update-Recipient call?  Or is there something else I need to do for Exchange 2016.

    Thanks for the assist!

    0 0


    In a Hybrid Azure AD joined machine environment (where a workstation is both on-prem domain joined and Azure joined- what if we have Azure SSPR configured...will the user be able to perform a password reset from the desktop (like with the MIM SSPR client) where pressing cntrl-alt-delete reveals the 'Forgot my password' prompt?

    thank you,


    0 0

    Hi All,

    I have made a flow in FIMMA for manager attribute that flows "Employee ID" of manager from SAP to FIM. If I see stats on synchronization service, it shows that manager's employee id is added. Please see screen shot below. 

    But when I see on portal, it shows empty manager. Please see screen shot. 

    Kindly guide me where I am doing any mistake. Employee ID is anchor attribute in source SAP MA.



    0 0
  • 08/06/18--07:38: ECMA failing to create
  • Hi Experts,

    I am working on a connector where I have implemented Schema,Partition.Hierarchy discovery using ECMA 2.0.

    When I am creating the MA from Sync Manager, it goes till the last page and fails in creating the management agent with this error:


    The server encountered an unexpected error while performing an operation for the client.

     "BAIL: MMS(328): ..\cdext.cpp(416): 0x80070057 (The parameter is incorrect.)
    BAIL: MMS(328): ..\xstack.cpp(405): 0x80070057 (The parameter is incorrect.)
    BAIL: MMS(328): ..\xparse.cpp(436): 0x80070057 (The parameter is incorrect.)
    BAIL: MMS(328): ..\partition.cpp(2096): 0x80230428 (The object cannot be created because the identifier is missing.)
    BAIL: MMS(328): ..\mastate.cpp(1808): 0x80230428 (The object cannot be created because the identifier is missing.)
    BAIL: MMS(328): ..\server.cpp(1078): 0x80230428 (The object cannot be created because the identifier is missing.)
    Forefront Identity Manager 4.4.1302.0"

    I have used System.Diagnostics.Debugger.Launch() to launch the JIT debugger and stepped through each part of the code and I don't see any exceptions.Here's the MACapabilities implemented in the code:

     public MACapabilities Capabilities
                    MACapabilities myCapabilities = new MACapabilities();
                    myCapabilities.ConcurrentOperation = true;
                    myCapabilities.ObjectRename = true;
                    myCapabilities.DeleteAddAsReplace = false;
                    myCapabilities.DeltaImport = true;
                    myCapabilities.SupportPartitions = true;
                    myCapabilities.SupportHierarchy = true;
                    myCapabilities.SupportImport = true;
                    myCapabilities.DistinguishedNameStyle = MADistinguishedNameStyle.Ldap;
                    myCapabilities.Normalizations = MANormalizations.RemoveAccents;
                    myCapabilities.IsDNAsAnchor = true;        
                    return myCapabilities;

    It looks like some parameter is invalid.

    Can anyone help me fixing this?


    Siva Kumar

    Thanks and Regards, Siva Kumar Balaguru

    0 0

    Good day,

    We are still using FIM 2010 R2 (synchronizing between our HR system and AD).  I would like upgrade to MIM 2016.

    I am not yet planning to use the PAM functionality of MIM, but I want to make sure that the design that I use won't later exclude PAM.

    The short version of my question is:

    Is it best practice to use a completely separate instance of MIM for PAM? The answer seems a common sense yes, but there is nothing explicit nor implicit.

    0 0
  • 08/07/18--08:18: FIM notification frequency
  • Hello,

    We have a FIM notification that is sent out when someone is termed. Is there a way to check the frequency of this notification?  Would like to find out if it is going out daily or just one time.

    Thank you,

    0 0

    Is there a plan to support SQL 2017 in Microsoft Identity Manager 2016' roadmap

    Ulf Lindström

    0 0


    I'm experiencing an odd problem with our FIM ADMA when running a delta import delta sync profile. The MA starts to run, imports a few accounts, then seems to get stuck. It will sit at the same number forever, making no progress. It will continue to run until the transaction log fills the disk, at which point it crashes. When examining its activity with the SQL Profiler, it appears to be stuck in a loop, operating on the same objects over and over. It constantly executes the following statements for each user (there are a few thousand users its doing this to, in alphabetical order): 

    declare @p8 uniqueidentifier
    set @p8='0EFEDF29-AF99-E811-8144-005056A453F9'
    declare @p9 int
    set @p9=NULL
    exec mms_addcslinkbyanchororrdn @objid='7C63436F-E44E-4DD2-A95C-0C41F6CD1EF1',@attr=N'member',@rstate=2,@anchor=NULL,@rdn=N'CN=someuser',@pobjid='8D6C3B01-AE99-E811-8144-005056A453F9',@guidMA='2A1D6392-379A-4E47-ADEC-D592C04C671A',@targetid=@p8 output,@foundByAnchor=@p9 output
    select @p8, @p9

    Does anyone have any ideas on why this is happening? 

    0 0

    Hey all, I've been working with the FIM/MIM synchronization engine for several years but new to the portal.  I'm looking to implement a 2-step approval workflow for some of our Security groups.  The goal is to first have the requestors manager approve, then the request should flow to the entitlement/group owner for final approval. 

    So far I have created a workflow called Manager Owner Approval Workflowand I'm pretty sure I have the steps configured correctly.  I then created a Set Manager|Owner Approved Security Groupsand modified the Criteria-based Member section to include all groups with the 'Membership Add Workflow' attribute set toManager Owner Approval Workflow.  The problem is, how do I update my groups to use my new workflow (as opposed to the default Owner Approval one)?  When I try updating my pilot group to use the new workflow it's giving me an Invalid Syntax error (see screenshot):

    Any guidance would be greatly appreciated!


    0 0
  • 08/09/18--10:00: Bulk group Update
  • Hello All,

    The requirement here is to enable  FIM Portal for a bulk group update(Add/remove multiple users in distribution and security groups)

    What we have so far is:

    1. customize FIM portal with a link is navigation bar for bulk update.

    2. defined request based MPR :"Administrators can add or remove users from groups" as

            Requestor: Administrators

            TArget Resource: All groups

            Resource attribute :All

    3. Another default MPR :Group management workflow: Owner approval on add member

               Requestor: All active people without Fim service account

                Target Resource: owner approved groups

               Resource attribute: manually managed membership

                Workflow: owner approval workflow(default)

    But still I am unable to perform a bulk update, can you please help me?


    0 0
  • 08/12/18--21:22: MIM Portal MFA for Admins
  • Hi,

    Is there a way to enable MFA for MIM Administrators to the MIM Portal?

    Thank you,


    0 0
  • 08/13/18--01:29: MIMWAL Debugging and Tracing
  • Hi Everyone,

    I need some guidance on how to setup already installed install MIMWAL for Event Viewer Verbose Logging. Which file do I edit and how ?

    The guidance on the MIMWAL accessible at the URL below is not too specific on the steps. Appreciate if anyone can assist with/direct to a guidance on how to achieve this.


    0 0


    I have a requirement to setup the GALSync between 2 Forests with 2 -way AD trust, I have gone thorough the link that provides info on the User account permissions -

    However the remote Exchange Admins don't want to give full Org Management rights to the GA Sync account in MIM, what is the way to provide permissions that does not have Org Management rights but follow same approach as full permissions without breaking the RBAC model.


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    0 0
  • 08/13/18--05:00: About Refresh Schema
  • Hello!

    I have read about "Refresh schema" but I still don't understand when to use it.

    I mean when I do an Import I read the database with a select statement and create a file that is automatically read my MIM and load into Connector Space.

    Here is what it says about Refresh schema.
    "Causes the MA to re-read the schema(i.e the available objects and related attributes) of the connected directory. This is used when the structure of a CD is changed after the creation of an MA."

    I mean what is interesting for MIM is what is imported. The only way to get information into Connector Space is by importing.

    So can somebody explain when and why I should use Refresh schema 


older | 1 | .... | 190 | 191 | (Page 192) | 193 | 194 | .... | 204 | newer