Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 194 | 195 | (Page 196) | 197 | 198 | .... | 204 | newer

    0 0
  • 09/18/18--05:36: Transient Objects after sync
  • Hi all,
    I'm trying to manage by a script all transient objects inside the metaverse.
    This because I would like to avoid to manage it manually.
    I've search internet for it but I've not found any article about hwo to do this.
    Do you have suggest for me ?

    Thanks regards



    0 0

    Hello!

    I'm a beginner in MIM. Assume the following:
    I have an agent defined as a Extensible Connectivity.
    This agent read a database and create a file which is read into CS when I do Full Import.
    Now I do a full sync.
    The agent is defined to project the data into MV.

    Now all the data that existed in CS is now in MV which is correct.
    Now to my question if I now to a second Full import on the same data without change anything.
    What happen?
    As I understand it the following will happen. Do correct me if I'm wrong.
    The whole CS is loaded again. The file is read and the data is written into CS when I do a Full Import.
    Now I do a Full sync in the same way that I did before.
    But what happen with the MV(metaverse)?

    I assume that the only sensible solution is that MV will not change anything because the data has not been changed.

    //Tony



    0 0

    Dear All,

    I am getting following error when I am trying to export data to MIM.

    Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>AccountName</AttributeType><AttributeValue></AttributeValue><FailureMessage>Exception: ValueViolatesUniqueness Target(s): \M1090300
    Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: ValueViolatesUniqueness
       at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
       at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
       at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
       at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>ValueViolatesUniqueness</AttributeFailureCode><AdditionalTextDetails>The specified attribute value must be unique for this Resource Type.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>efffe73f-01b5-4842-82f6-2745b47045b5</CorrelationId></RepresentationFailures>.

    Thanks,

    Shashidhar


    0 0

    Hello!

    I just learning MIM and I'm very new to this but I have been using C# for many years. This test is just a test that I have made up to learn MIM.

    I have created a database that act as a HR system and I have created a database that act as a AD system.
    I have one agent for the HR and I have one agent for the AD. In the HR I have a column called endDate  which is the date when an employee is to leave the job. The startdate is when an employee is starting to work at the company. I have also a column called Inactive that is true when an employe has left the job which mean the person is no longer working at that company. I want the column Inactive in HR to be updated automatically to true by MIM when there is a valid value in endDate and startdate and the realation between these two is valid. The AD system has also a column called Inactive and I want this column to be updated to true automatically when endDate and startdate is valid and the relation between these two are valid.

    When I want to test this I changed the endDate in the HR database and run all the profiles.

    I project HR into MV and I join AD to matching HR object in MV. If there is no matching object in MV I use ShouldProjectToMV for those AD object that doesn't exit in HR.

    There is two way to do this as I can see:
    I have done it in this way and it works fine but I don't know if this way is reasonable acceptable.
    On import flow from HR I check if endDate and startdate and relation is valid is so I set Inactive to true in MV.
    I have also an direct export flow on Inactive which will set this attribute in CS for the HR system. If the attribute Inactive  has been changed in CS will this result in pending export for the HR.
    I also want the AD system column Inactive to be updated as soon as the endDate has a valid value.
    In the AD agent I have set an direct export flow on Inactive.
    I have not set an import flow on Inactive for the AD system. But I can if I will.

    The second way that this can be done is the following.
    I have a direct import flow on Inactive and endDate and startdate .
    For the HR system on export flow check endDate and startdate and the reralation and if valid set Inactive  to true.
    For the AD system on export flow check endDate and startdate and the relation and if valid set Inactive  to true.


    This checking for my solution is done in the MAR MapAttributesForImport. If I want to use the second solution I have to add this code to both the export flow for HR and for AD.

    Which way is the best practice?
    As I mentioned I'm very new to MIM.
    I only use the Synchronization Service Manager so we don't use the Fim Portal.

    //Tony


    0 0

    Started to receive the following errors in the application log of a FIM synchronization service server (FIM 2010 R2):

    Alert description: Event Description: The server encountered an unexpected error while performing an operation for

    the client.

    "BAIL: MMS(20572): d:\bt\37528\private\source\miis\server\server\server.cpp(7428): 0x8023062d (The operation cannot be performed because the management agent's credentials are invalid.): MA missing default password

    BAIL: MMS(20572): d:\bt\37528\private\source\miis\server\server\server.cpp(7697): 0x8023062d (The operation cannot be performed because the management agent's credentials are invalid.)

    BAIL: MMS(20572): d:\bt\37528\private\source\miis\server\server\server.cpp(8094): 0x8023062d (The operation cannot be performed because the management agent's credentials are invalid.)

    Forefront Identity Manager 4.1.3766.0"

    The issue is there are no MAs running at the time of the error and I've confirmed there are no missing passwords on any of the MAs. I've searched online for any information on BAIL: MMS(20572) alerts with no success. Any recommendations or ideas would be greatly appreciated.


    0 0

    User unauthorized to register for Password Reset
    An unauthorized user initiated a request to register for self-service password reset.
    The user's identity was: CONTOSO\happys
    The user's IP address was: 192.168.0.101
    Ensure that all users who should be eligible for self-service password reset are members of a set which is referenced by MPR(s) that (1) grant permission to create registration objects for themselves in the FIM Service, and (2) have permission to read password reset resources.

    0 0

    Hi,

    So a while back Microsoft announced that we should use AADConnect and not MIM to provision identities into Azure.

    1. So does that mean if we use MIM and a PowerShell connector to provision to Azure it will not be supported by Microsoft?

    2. What about this. Can we use AADConnect to provision users to Azure, but, for example, if we need to immediately terminate a user, could we use MIM and PowerShell Connector?

    Hope my questions make sense.

    Thank you

    SK


    0 0

    Hello!

    I'm new to MIM.
    Below is a method in MVE handling Provision.
    In this method ProvisionPerson below we create two connectors one for agent "Projekt - Personal" and one for
    agent "Projekt - AD"
    I just wonder what consequence what occur if I don't have a connector to agent "Projekt - Personal"
    Can somebody explain that?
    Why is connector important?

    bool ProvisionPerson(MVEntry mventry)
            {
                CSEntry csentryKatalog;

                ReferenceValue dn;

                //This well give the number of connectorer to source system
                int connectorsSourceSystem = mventry.ConnectedMAs["Projekt - Personal"].Connectors.Count;

                //Get connector to Projekt - AD
                ConnectedMA targetAgent = mventry.ConnectedMAs["Projekt - AD"];              

                //Add a new csEntry in CS named Katalog with dn as initials
                if (connectorsSourceSystem >= 1 && targetAgent.Connectors.Count == 0)
                {
                    dn = targetAgent.CreateDN(mventry["personnummer"].Value);
                    csentryKatalog = targetAgent.Connectors.StartNewConnector("Katalog");
                    csentryKatalog.DN = dn;
                    csentryKatalog["MAID"].Value = mventry["personnummer"].Value;

                    csentryKatalog.CommitNewConnector();
                }

               return false;          
            }

    //Tony

                           

    0 0

    Hello!

    I want to say that I'm new to MIM and this test is just for learning.
    I only use Synchronization Service Manager and not the FIM Portal.
    I have two agent called Project-AD and Project-HR.
    I have this provision code located in MVE for agent  Project-AD.

    bool ProvisionPerson(MVEntry mventry)
            {
                CSEntry csentryKatalog;
                ReferenceValue dn;
                
                int connectorsSourceSystem = mventry.ConnectedMAs["Projekt - Personal"].Connectors.Count;
                ConnectedMA targetAgent = mventry.ConnectedMAs["Projekt - AD"];              
                if (mventry["forname"].Value.ToLower() == "nilspoppe" && connectorsSourceSystem > 0)
                {
                    CSEntry csentry = mventry.ConnectedMAs["Projekt - Personal"].Connectors.ByIndex[0];
                    csentry.Deprovision();
                }
                else if (connectorsSourceSystem >= 1 && targetAgent.Connectors.Count == 0)
                {
                    dn = targetAgent.CreateDN(mventry["personnummer"].Value);
                    csentryKatalog = targetAgent.Connectors.StartNewConnector("Katalog");
                    csentryKatalog.DN = dn;
                    csentryKatalog["MAID"].Value = mventry["personnummer"].Value;
                    csentryKatalog.CommitNewConnector();
                }
               
               return false;          
            }

    In addition for this example I also have this code for method Deprovision in MAR for agent Project-HR

    DeprovisionAction IMASynchronization.Deprovision (CSEntry csentry)
     {
           return DeprovisionAction.Delete;
     }
    In "Configure Deprovision" for agent Project-HR" I have set  to use "Determine with a rule extension"

    This method Deprovision will cause the Connector for this object with forname=nilspoppe to be false.
    So the object will have status pending export so I can delete that object in method BeginExport.

    Now I mean that the following should also call the Deprovision metod but is doesn't.
    I do the following for agent Project-AD
    I click Search Connector space
    Select one line that has Connector =True
    Click Lineage
    Click Metaverse Object Properties
    Click Connectors
    In my case I have two agent
    * Project-AD
    *Project-HR
    Now I select the row with agent Project-HR and click disconnect and then choose Disconnector(default)
    When I do this I get the result "The object was successfully disconnected."
    So my question is why is not the method Deprovision being called?

    Hope you understand what I mean?

    //Tony


    0 0
  • 09/23/18--17:54: PCNS, MA & Google
  • Hi,

    Has anyone used PCNS, an MA and (probably) a password DLL to provision users and set their passwords in Google (typical PCNS functionality)?

    Thank you

    SK


    0 0

    Hi,

    Is there a way for MIM to send out a notification when, for example, 25 changes are detected against a single account in a 5 minute window?

    Thanks,

    SK


    0 0

    Hi,

    I am generating a random password as per client's password policy through workflow and setting it while creating account in Active Directory. Now I need to notify user about this new password directly with out the interference of any system team user. 

    How can I achieve this via MIM?

    Moreover, I know about the password reset portal provided by the MIM. Can I use the same portal or any other service provided by MIM through which user can generate his/her password first time by some verification via EMAIL or SMS or security questions?

    Thanks



    F.


    0 0

    Hello!

    I only use Synchronization Service Manager and no portal
    I have two agents called agent-HR and agent-AD.
    In Meteverse Designer-> Configure Object Deletion Rule I have selected the one in the middle
    "Delete metaverse object when connectors from any of the following management agents is disconnected."
    I have here selected agent-HR.

    In "Configure Deprovision" for agent HR I have selected "Stage a delete on the object for the next export run"

    Now I disconnect an object from agent HR by using Search Connector Space and chose an object and select Lineage and click on Metaverse Object Properties and then click on Connectors and here I select the row with agent HR and click Disconnect and chose the default.
    I get the result saying "The object was successfully disconnected."

    I can now see that the Connector is False for this object and the object is gone in metaverse but I have no pending export on this object in connector space.

    Because I choose "Stage a delete on the object for the next export run" for agent HR I should have an pending export for this object in agent HR
    If I look at this object in connector space for agent-HR I can see that I have Changes add.
    I found this strange when I selected "Stage a delete on the object for the next export run"


    Can somebody explain this too me how on earch I can have add for changes in the CS for this object
    I have probably misundersttod this "Stage a delete on the object for the next export run"



    //Tony

    0 0
  • 09/14/18--05:58: Skip this
  • Skip this


    0 0
  • 09/18/18--23:41: Skip this
  • Skip


    0 0
  • 09/20/18--00:48: skip
  • Skip this


    0 0

    Skip

    0 0
  • 09/21/18--03:12: Skip
  • Skip this


    0 0

    Hallå!
















    0 0

    Following the procedure detailed here: https://docs.microsoft.com/en-us/sharepoint/administration/use-a-sample-mim-solution-in-sharepoint-server-2016 I configured my SharePoint 2016 environment to Sync User Profiles using MIM 2016.  All went well until I added the remainder of our Domains.  Now I'm getting the error message "Microsoft.MetadirectoryServices.ObjectAlreadyExistsException: An object with DN "XUser" already exists in management agent "SPMA"."  Every time I do a Fullsync of the ADMA.  I can't figure out how the DN for the SPMA connector space is generated.  How do I fix it?


     


    Robert W. Kirchhof


older | 1 | .... | 194 | 195 | (Page 196) | 197 | 198 | .... | 204 | newer