Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 200 | 201 | (Page 202) | 203 | 204 | newer

    0 0

    Hey all, 

    So, not entirely sure what happened - using the basic documented MIM AD and FIM Agents in Sync tool, followed up by the Inbound / Outbound Group Sync rules in portal. All of a sudden a few random users were removed from Groups and I am not sure why, or even where to look for a logical explanation. 

    MIM Is getting all AD users INbound 

    MIM Is getting a selected OU for Groups (other groups exist outside of this OU) 

    MIM Outbound rule is pointing to a specific OU to create Groups from the portal. 

    The groups get created in the Metaverse but don't show up in AD, but running it will remove some users from Groups that are not in this "specific OU" just in the "In Bound Groups OU" - 

    Any ideas? 


    0 0

    In the connector flow the field userPrincipalName is checked under Select Attributes

    Under Configure Attribute Flow the field is defined as follows:

    When I process new imports I get the following error:

    Microsoft.MetadirectoryServices.AttributeNotDefinedAsSourceException: Attribute "userPrincipalname" is not declared as a dependency.

       at Microsoft.MetadirectoryServices.Impl.EntryState.GetAttribute(String attributeName, IMacroCollectionBase collection)

       at GTI.IDAM.IDHubSync.MIMConnector.MFAADIafAnygtMemberfirmID(CSEntry csentry, MVEntry mventry) in C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\SourceCode\GTI.IDAM.IDHubSync.Dev\GTI.IDAM.IDHubSync\GTI.IDAM.IDHubSync.Import.cs:line 149

    The code referenced on line 149  is:

     if (csentry["userPrincipalName"].IsPresent)

    So why am I getting the error that it is not declared ??

    0 0

    Hi Everyone,

    i wish to use FIM SET and Group as Enterprise RBAC. I have gone through the article at the link below. I wish to take this further by extending the application Role with attributes that will be required for entitlement (literally serving as permission) in the target application.

    My question is how do I query the members of the Resultant Group to sync to the Target application such that iterating through the Group membership (users) actually surface the defined Permission attributes on the Group Object. I don't want to define the Custom attributes on the user object. Is this doable and Any XPATH query sample that can help ?

    Help appreciated in advance 


    0 0

    I've searched as much as I can but unable to find a clear definition. According to

    "For any resource type that has an Object Type Mapping with a metaverse resource type, any object projected to the metaverse will provision to the FIM MA connector space.  Synchronization Rule Provisioning (tools->options) has no affect on this behavior"

    If this is the case, what is the purpose of Sync Rule Provisioning?


    0 0

    I am configuring an ESAE environment using MIM 2016.  We will be using PowerShell scripts and the PAM commandlets to migrate admin accounts from the corporate domain to the red forest, migrate groups to create the shadow principles in the red forest, and manage roles.  I do not want to use SharePoint.  All ESAE installation instructions include the installation of SharePoint with MIM.  Is SharePoint REQUIRED or can the MIM be installed without SharePoint?


    0 0


    I was wondering if anyone is happy to share their step by step MIM installation. I don't mind any of the version at this time as i just need to get one working. i have tried multiple documents online including and i still cant get it to work. It all looks like there is always something missing in everydocumentation i have used.

    i've had tried rebuilding my dev environment 12 times but i still cant get it to work. I'm not sure if its is permission issues or the steps i am following is wrong but the major hurdle has always beenMIM portal which end prematurely. There are someSharepoint steps not mentioned in Microsoft's documentation but exist is some blogs for previous installations.I'm not sure if that has changed or the documentation is not complete.

    i'll really appreciate your help if anyone can sharetheir owndocumentation on how to install MIM.

    0 0

    Greetings all,

    Straight to the point. MIM/FIM is not provisioning distribution groups to AD. Strange is that it is provisioning security groups but not distribution groups.

    Does anybody have any clue, what could be causing this?



    0 0

    I am setting up an ESAE environment using MIM 2016.   I made the following assumptions when i started the project:

    1. An administrative account migrated to the privileged AD domain (a.k.a. red forest domain) as a PAM Object would be able to manage multiple corporate domains based on the roles the account is associated with.
    2. Once a user get's an admin account in the privileged AD domain, the user's admin account in corporate domains could get deleted if all of the associated functionality is also migrated to the privileged AD domain.  In other words, if the user's admin account in corporate domains is no longer a member of any group, then delete the account.
    3. If a new user requests an administrative account, simply create the PAM object and the MIM record

    I question if those assumptions are correct because the MIM record for the administrative account maintains the source account name and source domain name of the original corporate admin account.  I have had some odd results with the set-pamrole command to add a user to the candidates list if the user is not in the corporate domain.



    0 0

    I am in the process of migrating FIM 2010 - 2010 R2 - MIM 2016.  Everything seemed to go well as no errors during the Synchronization service.  However I ran into an issues and I am stuck. Performed the migration, all looked good except that when I run the FIMMA Full Import (after successfully running ADMA Full import and Full synch) it triggers the following event:
    Log Name: Forefront Identity Manager Management Agent
    Source: ForefrontIdentityManager.ManagementAgent
    Date: 12/18/2018 11:49:43 AM
    Event ID: 3
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: PSC-MIM-01.mso.intranet
    .Net SqlClient Data Provider: System.Data.SqlClient.SqlException (0x80131904): Could not find stored procedure 'fim.IsServiceBrokerEnabled'

    My SQL admin checked and did not find the 'fim.IsServiceBrokerEnabled' in neither of the old or new databases. New SQL Database is SQL 2012 R2.

    0 0


    I have a question regarding "support" of the MIM SharePoint Connector for User Profile Service:

    The document say "supported versions 2016 and 2019"

    While the download (last version from 2016) says "supported versions 2013 and 2016"

    So can we assume that SharePoint 2019 is supported to use with the MIM SharePoint Connector ?


    Peter Stapf - ExpertCircle GmbH - My

    0 0

    We have a need to synch groups between two AD forests, using only the Synchronization Service.

    I can import the groups in one forest into the MV, with the members, and I can provision a group with the same name in the second forest, but I need to lookup the equivalent user ID in the second forest and add them as members to the provisioned group.  But since the member attribute is a ReferenceValue, nothing I try works.

    I know that Group Management in the Synch Service has never been a robust feature, but is there any way to make this work?

    Ed Bell - Specialist, Network Services, Convergys

    0 0

    Hi All,

    Just need some help/thoughts

    My scenario is described as follows

    1. Importing Records from HR (Authoritative SOR)
    2. MPR/WFs process new records from HR before creation in MIM Portal/AD and other connected Data sources.The processing includes generating and deriving, accountName, dn, Display Name based on naming convention, initial AD password. mailbox location for Exchange Server etc.

    What I want to achieve

    1. I want to import the Initial Load of existing Users/Groups in AD to be created in the MIM Portal but want to exempt the existing records coming from AD, from being processed by the MPR/WFs in #2 above that processes every record that gets created in the MIM Portal.

    In summary attributes from existing records in AD should remain unchanged, after initial load into the MIM Portal. Subsequent changes can be initiated from the HR SOR, via Join and sync actions.

    How can I achieve this ?

    Thoughts/Feedback appreciated


    0 0

    Hi All,

    i am working on an ECMA MA, strangely it is only the Export Run Profile Option that is visible to be configured. The other options Full Import, Delta Sync etc. are not showing, so I cant create an Import Run for example.Any ideas/clues on what the issue could be ?

    0 0
  • 12/27/18--03:08: FIM MA creation error
  • Hi,

    I am getting an error while creating FIM MA on synchronization service.

    0 0

    Hey all, what are the steps required in order to allow normal (non-admin) users to view security group attributes such as the current membership list and owner in the FIM/MIM portal?  So far I have tried the following:

    Still, when I log in as standard user I'm unable to see the current membership list as well as owner information.  What am I missing?

    Thanks in advance for any guidance!

    0 0


    I have a SAP inbound MA that is based on webservice configuration tool. I get stopped extensible extension error, when I run full import. I tested my sebservice in SOAPUI and was getting java.socket time out exception. But after changing the configuration in SOAPUI, error got fixed in soapui and webservice is working perfectly there. 

    So now it seems I need to change "service time out parameter" somewhere in MIM or web service configuration tool and I tried my best but I didn't find a place where I can do so. 

    I found a link, where it says that uncompress *.wsconfig file and do the changes in cfg.config file. Please see screen shot below:

     But issue is that when I uncompress my file, I don't get any cfg.config file. I get only files shown in screen shot below:

    So any help in this regard would be highly appreciated. As my webserivce is working fine on same server machine on SOAPUI but on mim i get this below error and I am sure that I just need to fix timeout parameter somewhere and it will start working. 

    --------- Inner Exception Data ---------
      Message: The HTTP request to 'http://xxxxxxxx' has exceeded the allotted timeout of 00:00:59.7990000. The time allotted to this operation may have been a portion of a longer timeout.
      Exception root Exception type: System.TimeoutException 

    Thanks & Regards


    0 0
  • 12/31/18--01:36: MIM 2016
  • Hi,

    i'm trying to deploy MIM 2016 in infrastructure.

    almost done with deployment part, like mim sync engine, SQL, share point, at last i got error while installing service and portal setup files.

    even troubleshooted that issue but after installing service and portal the site is not accessible, which is created in sharepoint 

    what is the possible way to resolve issue?

    NOTE: not the default site, the site which we create for mim portal access, that site is not accessible.


    0 0

    Hi Friends,

    I was trying to design MIM Portal RCDC Configuration while creating the Joiner form, where I need to Auto populate the values ofOfficeLocation, Country and City. When I select the Countryall the Cities under that country should only populate the City Control in RCDCand same when i select only Office Location should be mapped with the OfficeLocation Control. 

    Ex: If i select India as country, then all the cities which belongs to India should come in the dropdown or picker or listview control.

    Share your ideas how we can present this by implementing / or piece of design for a quick help.

    Thanks to all.

    0 0

    What is TechNet Guru Competition?

    Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

    One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

    Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

    If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in January 2019 and must be in English. However, the original blog or forum content can be from beforeJanuary 2019.

    Come and see who is making waves in all your favorite technologies. Maybe it will be you!

    Who can join the Competition?

    Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

    How can you win?

    1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
    2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
    3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

    Do you have any question or want more information?

    Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

    If you win, people will sing your praises online and your name will be raised as Guru of the Month.

    PS: Above top banner came from Vimal Kalathil.

    Kamlesh Kumar

    If my reply is helpful please mark as Answeror vote as Helpful.

    My blog | Twitter | LinkedIn

    0 0

    Hi Dears,

    I did a setup of MIM 2016 Portal & Service on Windows Server 2016 with SharePoint 2016 for SSPR.

    I need to know two things:

    • Is it supported to deploy additional MIM 2016 Portal server for SSPR?
    • Where is Microsoft Guide for deploying additional Portal Server? 

    I did not find the guide, so Please help on this.

older | 1 | .... | 200 | 201 | (Page 202) | 203 | 204 | newer