Free e-book Install and Configure Microsoft Identity Manager 2016 to Simple Account Provisioning between two Forest

September 25, 2018, 7:46 am

≪ Previous: An object with DN "XUser" already exists in management agent "SPMA".

Hi everyone,

I would like to share with us my e-book Install and Configure Microsoft Identity Manager 2016 to Simple Account Provisioning between two Forest,that is free today on Amazon.

https://www.amazon.com/Install-Configure-Microsoft-Identity-Provisioning-ebook/dp/B01N3ZQSQG/ref=sr_1_2?s=digital-text&ie=UTF8&qid=1537886094&sr=1-2&keywords=MIM+2016

I will wait for your comments about this guide. Share the link above, with your contacts too.

Thanks in advanced

Wilsterman Fernandes

↧

CA SiteMinder and FIM/MIM

September 25, 2018, 10:46 am

≫ Next: Looking for reliable MIM 2016 setup guide (preferably printable)

≪ Previous: Free e-book Install and Configure Microsoft Identity Manager 2016 to Simple Account Provisioning between two Forest

We are looking at implementing MIM 2016. One of our web applications is secured using CA SiteMinder which currently handles password changes. We would like to use MIM for password reset. Anyone aware of issues with MIM and SiteMinder playing nicely together.

↧

Looking for reliable MIM 2016 setup guide (preferably printable)

September 25, 2018, 11:20 am

≫ Next: How do you mailenable security groups via a SQL source

≪ Previous: CA SiteMinder and FIM/MIM

This link

https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-deploy

has a comment, acknowledged by Microsoft, that the documentation is wrong and no clear indication that it has been corrected.

Is this link

https://docs.microsoft.com/en-us/previous-versions/mim/ee534909(v=ws.10)

more accurate?

I did see (don't remember where) a link to a downloadable version of the setup guide, but got a message that the link was no longer valid.

Thanks

↧

How do you mailenable security groups via a SQL source

September 25, 2018, 4:11 pm

≫ Next: MIM - Synch from HR System and outbound synch to another existing DBs

≪ Previous: Looking for reliable MIM 2016 setup guide (preferably printable)

I have security groups being imported from a sql database. I have researched the forum and have changed the type from Security to MailenabledSecurity. I even added a mailnickname in sql

Is there anything else I will need to do or add to make sure the security group is mailenabled? For new and existing groups?

I get this export error:

Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: ValueViolatesRegularExpression
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateObjectAttributes[T](RequestType request, Guid objectIdentifier, String objectTypeName, IEnumerable`1 parameters, OperationType operationType)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateInputRequestCreate(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>ValueViolatesRegularExpression</AttributeFailureCode><AdditionalTextDetails>The specified attribute value does not satisfy the regular expression.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>51d6dcfc-329f-4bb3-9f46-2abfd1c5bd5f</CorrelationId></RepresentationFailures>

Does it even matter if mail enable checkbox is checked, if there is a mailnickname? In the FIM portal, if I select mailenable, I can enter an E-mail Alias. However when I import the info from SQL, the mailenable gets unchecked.

↧

MIM - Synch from HR System and outbound synch to another existing DBs

September 25, 2018, 11:14 pm

≫ Next: Sharepoint Online MA for MIM 2016SP1

≪ Previous: How do you mailenable security groups via a SQL source

Hi Team,

Just want to check if MIM has capability to input data from HR System (may be selected fields), hold it and Insert the data in existing multiple SQL Server DBs?

Regards

↧

Sharepoint Online MA for MIM 2016SP1

September 26, 2018, 1:03 am

≫ Next: Custom error pages for MIM Portal?

≪ Previous: MIM - Synch from HR System and outbound synch to another existing DBs

Dear All,

we have Sharepoint point online portal (HR database).

how we pull the user information from Sharepoint online portal to MIM? is there any MA available?

Thanks,

Shashidhar

↧

Custom error pages for MIM Portal?

September 27, 2018, 10:06 pm

≫ Next: I read a book and I read something that I need help to understand

≪ Previous: Sharepoint Online MA for MIM 2016SP1

Has anyone managed to use custom error pages (f.ex. 401 and 404) with MIM Portal? I have tried with couple of ways but seems like impossible to make it work even when trying to use the suggestions found for example here at https://stackoverflow.com/questions/2480006/what-is-the-difference-between-customerrors-and-httperrors#

↧

I read a book and I read something that I need help to understand

September 28, 2018, 4:24 am

≫ Next: Query regarding SQL software on FIM servers

≪ Previous: Custom error pages for MIM Portal?

Hello!

Below is text from a book that has been used in a course for Managing Microsoft Metadirectory Service 2003.
I know the book is old but most in the book is correct even today.

Here is the text.
"It is legal for more than one object from a connected directory to be joined to the same Metaverse object. However, it is not then possible to have inbound attribute flows(although export flows are allowed). This is because the synchronization engine cannot establish precedence between the competing connectors - which connector's attribute should flow inbound to the metaverse? Therefore, if you have inbound attribute flows, and the join rules would allow more than one CD object to join to the same MV object, the second(and subsequent) joins fail with "ambiguous-join-error", The first join made remains, but no sebsequent joins will be completed."

Note I just use the Synchronization Service Manager and no FIM Portal

I have two agent called agent-AD and agent-HR that simply consist of a simple database.
Assume I have an attribute in agent-AD that is called my_AD_Attribute that I read from the db and an attribute in agent-HR that is called my_HR_attribute that I also read from the db.
In MV I have the same two attributes called my_AD_Attribute and my_HR_Attribute. I will have no problem to use import flow the CS attribute my_AD_Attribute into the MV attribute my_AD_Attribute and no problem to do the same with my_HR_Attribute.

Can somebody explain what the text is trying to explain because I don't understand what it means

//Tony

↧

Query regarding SQL software on FIM servers

September 29, 2018, 10:02 am

≫ Next: What happen to Connectors and MV on full import

≪ Previous: I read a book and I read something that I need help to understand

Hi,

May i know why are we installing SQL Server Integration Services Enterprise Edition 64bit on FIM servers ?

↧

What happen to Connectors and MV on full import

September 30, 2018, 3:37 am

≫ Next: Configure Object Deletion is not working

≪ Previous: Query regarding SQL software on FIM servers

Hello!

Below is some information that I found about full Import here is the link https://blogs.msdn.microsoft.com/connector_space/2015/09/28/the-complete-synchronization-process-part-4-deltafull-importsynchronization-explained/

"The very first run you will perform when building FIM (or adding a new data source) is a full import. During a full import, everything in the connected data source is brought into the connector space. The key point to remember about a full import is that, regardless of total number of objects or objects with changes, everything will be refreshed."

As the text says everything is brought into CS no matter if the source has been changed or not.
When we import we use the MAC import method that read the Db by using normal SQL and create a file that is read by the MIM and loaded into CS.
As the text says everything will be refreshed does that mean that the connector to MV object is true. So shall I understand it such that all the attributes is refreshed so to speak updated to what it is in the CD but the connector is still True and of cource the MV object is still there because we have a Connector thet is true.
So how should I understand the term "everything will be refreshed" in the above text.

//Tony

↧

Configure Object Deletion is not working

September 30, 2018, 11:40 pm

≫ Next: FIMService CPU stuck at 100%

≪ Previous: What happen to Connectors and MV on full import

Hello!

I only use the Synchronization Service Manager and not any portal.
I have two agents agent-HR and agent-AD where both are defined as Extensible Connectivity.
I have just a simple SQL Server database as the source for the two agents.

I have the following configuration:
* The object type in MV is PersonT and the Configure Object Deletion Rule is set to "Delete metaverse object when connector from any of the following management agents is disconnected" and I have check marked just the one agent-HR
* The deprovision rule for agent-HR is set to "Stage a delete on the object for the next export run"

I project some object from HR to MV and then provision these to AD.
When I change a name in HR db to nilspoppe this code is called and it enters this if clause

if (mventry["forname"].Value.ToLower() == "nilspoppe" && connectorsSourceSystem > 0)
{
CSEntry csentry= mventry.ConnectedMAs["Projekt - Personal"].Connectors.ByIndex[0];
csentry.Deprovision();
}

in the MVE void IMVSynchronization.Provision (MVEntry mventry)
When this code is called I can see in CS for agent-HR that the Connector become False for this object and I get a pending export.
If I take a look in Metaverse search the object is still there.

I mean when I have selected "Delete metaverse object when connector from any of the following management agents is disconnected" and checked agent-HR the object that become disconnected should be removed from MV.

The object is still connected in AD but that doesn't matter as long as I have selected "Delete metaverse object when connector from any of the following management agents is disconnected"
As you can see it says "...any of the following management agents is disconnected and here I selected just agent-HR.

So why is not "Configure Object Deletion Rule" working as expected.

Now I change another thing instead setting the deprovisioning by using this code. (mventry["forname"].Value.ToLower() == "nilspoppe" && connectorsSourceSystem > 0)
{
CSEntry csentry= mventry.ConnectedMAs["Projekt - HR"].Connectors.ByIndex[0];
csentry.Deprovision();
}

The code above is the MVE for agent-AD.

Now I tested another thing and that was to set an object to state disconnected by using the Configure Connection Filter filter for agent-HR.
When I do this it works as this.
The object for agent-HR is disconnected and I get a pending export
The object for agent-AD is also is disconnected
The MV object has been deleted and I get a pending export.

So as a conclusion I cant' understand why it all works when using the Configure Connection Filter but not when I use this code (mventry["forname"].Value.ToLower() == "nilspoppe" && connectorsSourceSystem > 0)
{
CSEntry csentry= mventry.ConnectedMAs["Projekt - HR"].Connectors.ByIndex[0];
csentry.Deprovision();
}

Can someone explain why I get this odd result.

//Tony

↧

FIMService CPU stuck at 100%

October 1, 2018, 1:32 am

≫ Next: Export Error

≪ Previous: Configure Object Deletion is not working

Hello everyone,

Since one week, we got a little issue on our FIMService. He is stucked at 100% all the time.

We have already tried to restart the service, the server but still no change. No workflow are in progress, we don't found the issue and the reason.

Can someone help us please?

↧

Export Error

October 2, 2018, 5:16 am

≫ Next: MIM Custom User Interface (UI)

≪ Previous: FIMService CPU stuck at 100%

Hi,

Can anyone tell me what is this error related to ?

System.Runtime.InteropServices.COMExceptionSystem.Runtime.InteropServices.COMException (0x80040FA0): Notes error: You are not authorized to perform that operation
at Domino.IDocument.Remove(Boolean bForce)
at Microsoft.IdentityManagement.MA.LotusDomino.Core.Person.Delete(CSEntryChange csentry, Context exportContext, List`1 listChangeResult)
at Microsoft.IdentityManagement.MA.LotusDomino.Core.Person.ExportEntry(CSEntryChange csentry, Context exportContext, List`1 listChangeResult)

↧

MIM Custom User Interface (UI)

October 4, 2018, 3:23 am

≫ Next: synchronization service manager

≪ Previous: Export Error

Hi All,

Do you know where I can find some information like Templates/Examples of code
to develop FIM/MIM Portal Custom UI to create new User Account.

RCDC is too basic and I need to have a dynamic UI when creating User Account to MIM Portal.

Regards,

-Misch-

↧

synchronization service manager

October 4, 2018, 11:10 am

≫ Next: Pulling manager DN into metaverse when all AD flows are 'Advanced'

≪ Previous: MIM Custom User Interface (UI)

is this software I can buy or is it something I already own?

↧

Pulling manager DN into metaverse when all AD flows are 'Advanced'

October 4, 2018, 6:26 pm

≫ Next: Help troubleshooting Import "read-error" from SharePoint MA completed-discovery-errors

≪ Previous: synchronization service manager

In order to manage multiple accounts in a single domain/forest, I converted all of my AD Import flows to 'Advanced.' But now I can't import the 'manager' DN because it won't work with an 'Advanced' flow. If I set that one attribute to direct, is it going to prevent me from being able to manage multiple ID's?

Is there any other way to get the DN into the MV?

Thanks in advance.

Ed Bell - Specialist, Network Services, Convergys

↧

Help troubleshooting Import "read-error" from SharePoint MA completed-discovery-errors

October 5, 2018, 6:03 am

≫ Next: Who will be announced as the next FIM Guru? Read more about October 2018 competition!!

≪ Previous: Pulling manager DN into metaverse when all AD flows are 'Advanced'

Please any help or guidance you may offer concerning the troubleshooting of these types of errors.

1) Error reading from where? The SharePoint User profile database? (The error occurs during a SPMA Full Import run profile) Note: It did not occur on the first run.

2) What do the entry numbers represent? entry 7 shows up twice.

MIM/FIM Errors

Robert W. Kirchhof

↧

Who will be announced as the next FIM Guru? Read more about October 2018 competition!!

October 5, 2018, 8:36 am

≫ Next: using Exchange Online Mailbox for MIMService Account

≪ Previous: Help troubleshooting Import "read-error" from SharePoint MA completed-discovery-errors

What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in October 2018 and must be in English. However, the original blog or forum content can be from before October 2018.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
(Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from Baishakhi Banerjee.

Thanks,
Kamlesh Kumar

If my reply is helpful please mark as Answeror vote as Helpful.

My blog | Twitter | LinkedIn

↧

using Exchange Online Mailbox for MIMService Account

October 8, 2018, 12:40 am

≫ Next: Securing Passwords with ECMA for SQL Data Source

≪ Previous: Who will be announced as the next FIM Guru? Read more about October 2018 competition!!

Dear All,

what are limitations, if we use following setting?

Configure mail server connection image

↧

Securing Passwords with ECMA for SQL Data Source

October 8, 2018, 9:02 pm

≫ Next: Failed to scan PAM Group - Operation is not valid due to the current state of the object

≪ Previous: using Exchange Online Mailbox for MIMService Account

Hello All,

I just wrote an ECMA to an SQL Data Source. The password management Interface has been implemented and works as expected. Password field in the Users table of the connected SQL Data Source gets updated when password is changed on AD.

Need Ideas as per the following

. How can I hash the password value for storing in the SQL Table and still have users de-crypt when they login into the application
I will also like to know how to mask the password text box on the properties page for connecting ECMA to SQL Data source or better still make it invisible after initial configuration.

Help Appreciated

Akinzo

↧

What is TechNet Guru Competition?

Who can join the Competition?

How can you win?

Do you have any question or want more information?

Latest Images