“Regarding Microsoft Identity Manager Management Agent (MIM MA), this account is not considered a service account and should be a regular user account. The account must be able to log on locally in order for The “FIM Synchronization Service” service account to be able to impersonate it.”
The MA accounts do use service Id(s), not sure how this aligns (or doesn’t) with the above statement?
Hi,
Unsure on where to post this, but since its SSPR related, I'm posting this question here.
Can we have custom Azure SSPR URLs, e.g. https://passwordregister.company.com and https://passwordreset.company.com
And can we upload an already purchased SSL certificate for these URLs?
Thank you,
SK
Hi,
We have a requirement to integrate MIM with the GNU Mailing List Manager (www.list.org).
We'd like to be able to dynamically (or manually to begin with) manage List membership in the MIM Portal; and are planning to create a new MIM Portal object call 'List'. The GNU Manager would then need to pull the data (membership and list names in somehow).
Hence got a few questions:
Thank you,
SK
Hello!
I'm very new to MIM so this is very basic question.
I just wonder what is the condition that ExportEntry is called. Here is the code
//Tony
Hello!
I have an agent that is used for target system and an agent that is used for source system.
I pass in from source system startdate and enddate and a lot more for an employeer.
When I import and sync I can see this startdate and enddata in metaverse.
I need the target system to be able to access this startdate and enddate so the connector space for the target system must be able to access it.
So when go to the configure attribute for the target system agent and try to create this startdate and enddate by using the new button to create a new attribute it is grayed out.
I'm new to MIM so why is it not possible to create new attribute.
//Tony
Hi,
So back in the day, SharePoint Foundation (2010 & 2013) was free to use (thank goodness as it is a FIM/MIM Portal prerequisite).
What's the story on licensing now that SPS 2016 is supported for MIM Portal?
Will SPS2016 require additional licenses (in addition to MIM licenses)?
Thank you,
PS. Microsoft SharePoint Foundation 2013 Service Pack 1 Mainstream support ended on 10/04/2018...so if a customer only has mainstream support, we have to use SPS 2016.
Hi Guys,
I can see that MIM 2016 (Identity Manager) has a reset password option. What we want to implement is a Change password option. This is for when users may have not changed their password before it expires and are not login directly onto a domain computer, or onto a computer that will not let them connect until the change their passwords.
Is there an feature in MIM 2016 to setup a website for users to change their passwords?
Best if this required old password and secondary question or SMS.
Thanks for you time.
Craig
Craig
Hello!
I just want to say that I'm very new to MIM so this is very basic.
Assume we have a user with userid nihu01 and his homedir is the same
My main task is to check if the Person has an enddate and then move his original homedirectory to c://archive/
So we get for user Nisse Hult move c://MyHomeDir/nihu01 to c://archive/nihu01
There is one attribute that I don't know how to fix and that is enddate for a person.
This attribute is in connector space for target system so I export so I can access it in
public void ExportEntry(ModificationType modificationType, string[] changedAttributes, CSEntry csentry) {...}
which work but when I then need to validate the export I get
exported-change-not-reimported because the connector space does not contain enddate.
I can see in ExportEntry that I have a value here csentry["enddate"].Value
When I run the import for target system I don't have access to the enddate attribute.
When I run profile Import to validate the export a new instance of this class is being created
public class MACallExport : IMAExtensibleFileImport, IMAExtensibleCallExport
so I can't save the enddate anywhere.
When I validate the export this method is called.
public void GenerateImportFile(
string filename,
string connectTo,
string user,
string password,
ConfigParameterCollection configParameters,
bool fullImport,
TypeDescriptionCollection types,
ref string customData)
{...}
So can somebody help me with this.
I assume that the way is I'm trying is the wrong way to do this.
//Tony
Hello!
From my base system I get enddate which is the date a person is leaving the exployment.
If the user is called Nisse Hult with userID nihu01.
He has the homedir C://MyHomeDir/nihu01
So when current date > enddate we move C://MyHomeDir/nihu01 to C://archive/nihu01
So can somebody explain in general how to do this.
//Tony
Hello!
I have two agent one for inbound and one for outbound.
The one for inbound is called ProjektAgentPerson and the other is called
ProjektAgentHomeDirectory.
In the ProjektAgentPerson agent I set this
case "startdatum" :
mventry["startdatum"].Value = csentry["startdatum"].Value;
break;
in method void IMASynchronization.MapAttributesForImport( string FlowRuleName, CSEntry csentry, MVEntry mventry)
This works good and mventry["startdatum"].Value will get a value
But in agent ProjektHomeDirectory method
void IMASynchronization.MapAttributesForExport (string FlowRuleName, MVEntry mventry, CSEntry csentry)
When I do this bool b = mventry["startdatum"].IsPresent;
I get this error
get Attribute "startdatum" is not declared as a dependency.
If I look in MV I can clearly see that startdatum has a value
I can't understand this. How on earth can I get error when attribute has a value in MV.
//Tony
Hi,
I did a fresh installation of MIM and everything works fine. However, I couldn't access the MIM portal using the URL I used during installation(e.g. MIMPortal.thefinancialcompany.net), it works fine using localhost though.
I have configured these SPNs:
Please let me know what I am missing and where should I start troubleshooting?
Thanks!
Hi,
I did a fresh installation of MIM and everything works fine. However, I keep getting "This page can’t be displayed" error when I try to access the MIM portal using the URL I used during installation(e.g. MIMPortal.thefinancialcompany.net), it works fine using localhost though.
I have configured these SPNs:
Please let me know what I am missing and where should I start troubleshooting?
Thanks!
Hi,
I did a fresh installation of MIM and everything works fine. However, on the portal when I click on any object nothing shows up - no popup. This behavior is on each and every page.
I have already tried this.
I see below errors in the console. Please help.
Hello!
If I delete connector space on inbound and outbound it's work fine.
Here I describe what I do.
I change the attribute enddate on a user id in the database on the inbound so the home dir for this user should be moved to archive.
When I call the full Inport I get the following result
Staging
Unchaged 8
Adds 0
Updates 1
Renames 0
Deletes 0
Now I call full sync on the inbound agent and i get the following result
Inbound Synchrinization
Projections 0
Joins 0
Filtered Disconnectors 0
Connectors with Flow Updates 1
Connectors without Flow Updates 8
Filtered Connectors 0
Deleted Connectors 0
Metaverse Object Deletes 0
Now I call full sync on the outbound agent and I get the following result.
Inbound Synchrinization
Projections 0
Joins 0
Filtered Disconnectors 0
Disconnectors 0
Connectors with Flow Updates 0
Connectors without Flow Updates 9
Filtered Connectors 0
Deleted Connectors 0
Metaverse Object Deletes 0
Now I call the Export on the outbound egent so the home directory should be moved to archive and I get the following result
Export statistics
Adds 0
Updates 0
Renames 0
Deletes 0
Delete Adds 0
If I do search connector space for the outbound agent I can see that attribute homeDirFull has been set to
C:\MyHomeDir\Archive\kalper01 *
which is correct for this user Kalle Persson.
But the problem is that why is not my method export being called which handle the writing of new home directory.
If the export had been called it would have worked.
As I mentioned before if I delete the connctor space it always work.
Can somebody guide me in the right direction
//Tony
Hello!
When is ExportEntry in MAC called
Answer:It is called when you have PendingExports in your connector space and run the "export" run profile.
If I now change a column in the database. The column is called enddate and is used for setting the date when an employ finish his job i.e leave the employment.
This enddate has a direct flow into MV.
I have this code in MAR for outbound in method void IMASynchronization.MapAttributesForExport (string FlowRuleName, MVEntry mventry, CSEntry csentry)
case "personHomeDirFull":
if (mventry["uid"].IsPresent)
{
if (mventry["enddate"].IsPresent)
{
enddate = DateTime.ParseExact(mventry["enddate"].Value, "yyyyMMdd", CultureInfo.InvariantCulture);
}
//Check if we have enddate. If yes then set a new directory to avslutade and Remove the homeDir
if (mventry["enddate"].IsPresent && DateTime.Today.CompareTo(enddate) > 0)
{
//New homedir because we have an enddate
csentry["homeDirFull"].Value = MIMShrCommon.UserDirectoryOrg + "\\" + mventry["uid"].Value.ToLower();
//Remove the original homeDir
string sourceDirectory = MIMShrCommon.UserDirectory + "\\" + mventry["uid"].Value.ToLower();
if (Directory.Exists(sourceDirectory))
{
Directory.Delete(sourceDirectory, false);
}
}
else
{
csentry["homeDirFull"].Value = MIMShrCommon.UserDirectory + "\\" + mventry["uid"].Value.ToLower();
}
}
break;
As you can see in the code above I change the attribute homeDirFull when we need to set a new homedir becuse the employee has finish the employment. When I debug I can see that the code is doing the right thing.
The problem is that when I change the column enddate in the database and run the following profile in sequence
Full import
Full sync (Inbound agent)
Full sync (outbound agent)
Export (When this is called the ExportEntry is not called in spite have updated the attribute homeDirFull as you can see in the code above.
I have the following attribute on the outbound agent
homeDirFull, ACL, homeDir and homeDirOrg
All these four is of type rules extension
Can somebody guide in the right direction
//Tony
Hello!
I'm quite new to MIM so I assume this is a very basic question.
In the "Configure Join and Projection Rules" I have set these two rules
Mapping Group Action Metaverse Object Type
1 Join PersonT
homeDir Direct uid
2 Join GroupT
homeDir Rules extension avdelningsID avdelningsID
I have also this code
In MAR agent for outbound.
Now to my question if I set a breakpoint just in the beginning of this method how can I make it being called.
//Tony
Hello!
If I have this join settings below will both join conditions be executed or if the first one find a match in the MV will it stop and never tried the second one.
In the "Configure Join and Projection Rules" I have set these two rules
Mapping Group Action Metaverse Object Type
1 Join PersonT
homeDir Direct uid
2 Join GroupT
homeDir Rules extension avdelningsID avdelningsID
//Tony
Hello!
I just wonder when I implement the Provision method I assume that I must assign a unique distinguished name(dn) for the object type?
//Tony
Hi All,
I am new to Microsoft Identity manager i was able to install MIM 2016 and perform common use-cases. I would like to understand and know
I had gone through some articles and documents after googling but cant find a definitive/single document/article pointing to HA installation. I think the installer must have the provision to configure HA based on different configurations.
I have a forest with full trust (I can connect via ADUC) and a user from that forest which is an Domain Admin, that I am using for AD MA. I can setup the MA, but cannot select the OUs, nor run any imports. I get connection failure.
MIM Server is whitelisted on Firewall rules on the target Forest and MIM Server has Firewalls disabled.
Nosh Mernacaj, Identity Management Specialist
