Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

MIM and Skype 2016

0
0

Hi

Im currently using this https://github.com/Microsoft/MIMPowerShellConnectors for setting up my skype accounts, but I have some problems with hangs and sync times with it, som may be related to that we have all accounts left in AD and this script does not remove acccounts without makeing a own extension. The good thing with this script is that it enables me to set every detail for skype on the account, which I need.

I ownder if its worth the time and effort to troubleshoot this script or if there is any alternative scripts or WAL that I should consider using to set Skype up?

Regards

Jimmy


MIM 2016 SP1 showing

0
0

I've just taken over an operation that what I thought was FIM2010 R2 installation, according to the About screen.  However when I looked up the build number it is for MIM 2016 SP1.   Why is it like this?  Is this from a bad installation/upgrade?  How do I correct this?  Should I be concerned about this - is it a clean MIM2016 SP1 installation?

FIM Service and Portal hotfix KB3171318 installation error.

0
0

Hello All,

We are installating hotfix KB3171318 ins our environment. All went good with Synchronization service and we are abel to successfully deployed this hotfix for sync service.

But while deploying the same for FIM service and Portal we are getting below error. Kindly suggest how to resolve this 

"

Product: Forefront Identity Manager Service and Portal - Update 'FIM Service & Portal Hotfix KB 3171318' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Regards,

Suman

Move existing MIM infrastructure to different domain

0
0

Dear All,

We have MIM infrastructure mapped with abc.com and now we are planning to migrate our existing infrastructure to def.com 

How it can be achieved?

Need your Help!

Thanks,

Shashidhar


Generic SQL connector not importing all records

0
0

 

I’ve set up the Generic SQL connector reading from a couple of views (including one for multi-values). When I run a full import it stops when it reaches the default page size (5000) even though there are around 30,000 objects to import. It doesn’t error.

 

If I make the page size lower it just errors saying too many objects returned (0x80231345 Objects returned on import exceeds page size. Import aborted.) So it seems to be importing 5000 whatever I set the page size too.

 

Has anyone got this running with more than 5,000 objects (in the same partition)? Any ideas on what I may have configured wrong also gratefully received.


Change password using web portal

0
0

Hi Guys,

I have been using Forefront identity manager for self-service password reset but now seeking your support to allow users to change their password by providing their current password without any security questions or code.

I am interested to use forefront identity manager but if there is any other way to allow users to change their password then I will also look into that. I have also looked into the third party tools but they are quite expensive if you have more users.

Your help will be highly appreciated.

Regards
NAV


Sarwar

String Field to Reference (DN) field in MIM (Group Owner)

0
0

Hi,

I have field in my SQL MA that contains employee ID, I want to map it to reference field (DN) in metaverse. But it doesn't allow me to do so. So how can I do this?

Actually, I am creating security & distribution groups on FIM portal using a SQL MA but I am unable to set group owner's and administrator field. I am trying to flow out administrator's employee id from SQL but since it is a string value so it is not allowing me to assign it to a reference value.

I'll be thankful for the response/solution.

Regards  


F.

Migrating MIM between environments

0
0

Hi,

So we would like to migrate our MIM Sync and Service/Portal from 'test' to 'production'.

There is an AD Forest namespace difference between 'test' and 'production'.

We have matched the MIM version number in 'production' to 'test'.

We have exported the MIM Sync server configuration. The import fails, as it complains that the MIM Portal MA is missing custom attributes - yes, that is expected, as we have extended the MIM Service/Portal schema.

So we then proceeded to exporting the MIM Service policy and schema (to the policy.xml and schema.xml files, as per migration guide).

When we try to commit the schema.xml file, it errors and says that many of the required MPRs either do not exist or are not configured correctly, or MPR permissions are missing.

When we try to commit the policy.xml file, it errors and says that many of the required Schema objects/attributes are missing.

So as can been seen, everything has dependencies on each other - how the heck is one meant to migrate a MIM Solution from 'test' to 'production' ????

Cheers,

SK


'Unable to process your request' while searching user with _ in email attribute

0
0

Hello FIM forum,

We are experiencing an issue with our FIM deployment. When we try to search a user with _ in email the search runs and then fails with the 'Unable to process your request'

I do not so much about FIM. I am sure if some regex filters are wrong, or what could be checked to address it

Any ideas

Thank you


Liibas

Server Error in '/' Application

0
0

Hi,

We migrated our MIM schema and policy to a new environment, and we could log on as the 'MIM_Admin' account and see the MIM Portal for about 5 minutes...and then it just stopped. Now we get the following error in the MIM Portal:

Server Error in '/' Application.

Object reference not set to an instance of an object.

             Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  

Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.]
   Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key) +266
   Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key) +25
   Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache() +96
   Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap() +87
   Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource) +43
   Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth() +59
   Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e) +46
   System.Web.UI.Control.PreRenderRecursiveInternal() +175
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
                  


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.81.0

Looking in Event Viewer, we find the following:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2018 4:58:12 PM
Event time (UTC): 11/16/2018 4:58:12 AM
Event ID: f2427f75ca1f4dc382f821f7dee7032e
Event sequence: 51
Event occurrence: 23
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1742489732/ROOT-1-131868080209261945
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\80\
    Machine name: MIMService01
 
Process information:
    Process ID: 6056
    Process name: w3wp.exe
    Account name: TESTAD\svcsps
 
Exception information:
    Exception type: NullReferenceException
    Exception message: Object reference not set to an instance of an object.
   at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache()
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap()
   at Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource)
   at Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth()
   at Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e)
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
Request information:
    Request URL: http://portal.testad.com/IdentityManagement/default.aspx
    Request path: /IdentityManagement/default.aspx
    User host address: 192.168.205.123
    User: TESTAD\mimadmin
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: TESTAD\svcsps
 
Thread information:
    Thread ID: 18
    Thread account name: TESTAD\svcsps
    Is impersonating: False
    Stack trace:    at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache()
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap()
   at Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource)
   at Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth()
   at Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e)
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Does anyone have a clue on what the problem might (suddenly) be - it was working...

thank you,

SK

Email Notification Control

0
0

Hello,

I have a workflow that sends a password expiration notification for password that will expires in few days, it's working fine.

My management asked me to stop sending these notification on Sunday regarding a loi in France (the right to disconnect).

How can I achieve this knowing that I don't want to stop the FIM service.

The notification is based on 2 Sets (Odd and Even) for days to Expires and 2 MPR in Transition-In and the mail notification is a MIMWAL PowerShell activity.

Setting up MIM and PAM together and Design

0
0


Hi Team,
Hope you all are doing good. I need some guidance with the MIM and PAM deployment and design.

Our clients wants to use fresh new installed components of MIM and PAM in their environment.
They currently have 4-5 Domain Controllers with necessary FSMO roles enabled , spread across two data centers for HA.

For us to build a solution with HA for both MIM and PAM , what is the best approach?

a.Considering we have a main forest as abc.com and within that we have a domain xyz.abc.com
b.I understand that for PAM we need to have a separate new forest(bastian) , so does this mean I have to install and configure a new DC with name something like pqr.com? ( in this way abc.com and pqr.com will be two separate forest and I can then build PAM trust between them )
c.For MIM to be installed and configured, do I need to install MIM on Virtual machines which are joined to PAM's forest i.e. pqr.com ?
d.If I do point number C, in that case can I use that same MIM server ( which is under pqr.com domain ) to provision users in various target applications like SAP , AD (xyz.com) or exchange servers?
e.Since we are in design phase , are there any design recommendations which I can refer and build my own?

Requesting your assistance here.

Thank you,
Parin Das

MIM (Group Owner)

0
0

Hi,

I am creating security & distribution groups on FIM portal using a SQL MA but I am unable to set group owner's and displayed owner field. I am trying to flow out administrator's employee id from SQL using reference field (DN). My MA flow successfully creates all the groups but don't populate owner field. 

While I flowed out Employee ID of administrator as reference (dn) field to owner and displayed owner fields of Metvaerse from SQL, and then from Metaverse to FIM portal. 

If I run the preview of my MA's synchronization, I get the following results, shown in screen shot below. I have checked the attribute precedence but it is set to equal but still it is skipping these values. 

For setting the manager of a user on FIM portal, I used the same approach and it worked. That I passed the EmployeeID of manager as reference (DN) to manager and it automatically resolved the reference. But in case of groups, it is not working. 

Please see screen shot below 

If anyone could help me to come out of this situation, I'll be really very thankful. 


F.

Microsoft IDM and IAM solutons

0
0

Hello Team,

Am aware that Microsoft offers IDM solution through PAM, does it also offers IAM(Identity access management).?

Is there any difference b/w these two.?

What all other features provided by MIM

Active Directory Federation services (OTP through EMAIL)

0
0

Hi Guys,

I am very new to this topic and yes  I don't understand most of the terms in regards to the process I am implementing , but yes this is the task that was given to me to implement a process where a user signs in to an application and gets an OTP to his email id which is in our Active directory for that user. and he submits the OTP and gets access to the application and an authenticatoin provider provides the JWT tokens suck as authentication token, refresh token and reset tokens for the entire session.

My question is can Active directory federation service be helpful in implementing this 2fa for sending OTP to an email, and we currently have 200 users ..so we will have 200 hundred emails , each user trying to login gets an OTP to his email id.

If not can we achieve this using custom ADFS ,if so can any one direct me to the links and procedure to implement this. here cognito user pools will be an authentication provider and I really appreciate if some could help me out of this .since I am trying to complete it since a month and I am ending up with no light :(

Thanks,

Venkata




MIM SSPR and Azure MFA

0
0

Hi.

I've been tasked with implementing SSPR into our environment utilising MIM and Azure MFA. 

I had it all working perfectly, except for it wasn't applying the DefaultCountryCode from the MFASettings.xml file.....eventually managed to get that to work! but now i'm getting an error everytime a user tries to reset their password:

Exception: The specified network password is not correct.
; StackTrace:    at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at pf_auth.send_message(String target, String message, String cert_file_path, String& body)
   at pf_auth.pf_authenticate_internal(PfAuthParams pfAuthParams, Boolean asynchronous, String& otp, Int32& call_status, Int32& error_id)
   at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider.AzureMfaAuthenticate(PfAuthParams pfAuthParams, Int32& callStatus, Int32& errorId); InnerException null; callStatus=0, errorId=0, Certificate File Path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\MFACerts\cert_key.p12

I've checked the account running the FIM Service and even tried reentering the credentials for this. I know they are correct as i can log in as that account. 

Has anyone come across this before or can point me in the right direction?

Many Thanks

AG

Cannot view My SG Memberships

0
0

I followed the instructions in
http://fimspecialist.blogspot.com/2013/03/to-make-security-option-visible-to-non.html#!/2013/03/to-make-security-option-visible-to-non.html
to allow non-admin users to see the SG options on the portal. When I log in
with my non-admin account I see the links to My SG's and My SG Memberships.

I have added my non-admin account  to an SG (TestGroup1), which does have Owner and Displayed Owner attributes set.

Going off this article
https://social.technet.microsoft.com/Forums/en-US/27ba3c10-1a05-4e06-a6bc-dcb28fadf1f7/my-sg-membership-only-shows-groups-with-ownerdisplayedowner?forum=ilm2
I made that account a member of the Security Group Users set.

When logged into the portal I can  search All Security Groups, I see TestGroup1 and see myself as a member.

The issue is, when I click on My SG Memberships, there are no results.


Multimodal MIM Management Agent

0
0

Hi All,

I wish to know if anyone has experience creating a multi-modal type of Call based Management Agent. So Export does Web Services Call to the Target Connected Data Source and Import will use SQL Connection because API method to get all User records for import is not available/exposed in the connected system. This looks feasible in theory, but just want to know if that assumption is actually the case in practice. Any 'gotcha' to watch out for ?

Thoughts and Feedback appreciated.


Akinzo


Filter Builder control broken after patching

0
0

I upgraded from 4.4.1302.0 to 4.4.1749.0 in a Test environment (Windows Server 2012R2, SharePoint Foundation 2013).

Now any screen which should show a filter builder instead shows the error page "Unable to process your request". So this happens if I click on "Advanced Search" from anywhere, and also if I try to open the "Criteria-based Members" tab on any Set, and the "Members" tab on any criteria group.

I ran the same upgrade in Dev a couple of months ago and have had no such problems there. I did also migrate a bunch of new config into Test on the same day as patching, but I have compared config between Dev and Test and don't think it is config related.

The only error in the event log is a Warning from Microsoft.ResourceManagement.PortalhealthSource:

"The portal was unable to complete a request and showed a user the default error page.

An unhandled exception was caught.

Check the product diagnostic log file and then check the SharePoint log file."

I have looked through the SharePoint logs but all I see is when it shows the Error page - it doesn't say why. I've done a comparison between Dev and Test and the logs look identical up to that point.

I've re-installed the MIM Portal update and confirmed in the install log that there were no errors. I have rebooted all servers.

One thing I have noticed is that Windows patching is much more up-to-date in Test - they routinely patch Test at this customer, but not Dev. So I guess it's possible some combination of Windows patching and the MIM Portal patch has broken it - it would just be really helpful to get an error message from SOMEWHERE!

I have also figured out that the method for diagnostic logging has now changed. I generated a trace log but there are no errors at all, which does seem to indicate an error in the SharePoint layer, not reaching the MIM Service. There used to be a way of commenting out the "ILMErrors" line in the web.config to get more useful messages. but doing this now completely breaks the Portal - is there a new way to do that? (CustomErrors is set to Off but it's still showing the useless error page)

Final observation: the issue happens both when accessing the MIM Portal through its full address, and using localhost on the server.


http://www.wapshere.com/missmiis

FIM provisioning script

0
0

Hi,

I wanted to know a simple vb script which i can use in FIM sync service for validating user. Like user should have this naming convention or automatically it should have that when i export user from FIM portal to AD.

Anything simple like this will be a great help.

Thanks,

zeet

Viewing all 4767 articles
Browse latest View live




Latest Images