a

December 18, 2013, 6:10 am

≫ Next: My SG Membership only shows groups with owner/displayedOwner

≪ Previous: Moving config from fim 2010 to fim 2010 R2

I have a production system with some problems for about 40 users.

It started out when I tried to join some users for a new MA. I got the error 'The operation failed because the object cannot be found'.

First I could not figure out what the error was, as this error normally occours in an export.

After som investegation in the DB I found out, that in the 'mms_csmv_link' table there were some references to some cs objects in the mms_connectorspace table, that does not exists.

So, at some point the connecor space object has been deleted or disconnected(and then deleted), but the link was never deleted in the DB.

I'm afraid to just delete the link in the DB, if there is any history or reference in the CS xml.

anyone knows if there is a fix for this?

Thanks,

Søren

↧

My SG Membership only shows groups with owner/displayedOwner

December 18, 2013, 7:17 am

≫ Next: FIM Request approval from Windows Phone client

≪ Previous: a

Hi all,

I've imported existing users and groups from AD to FIM and the FIM Portal.

If I now open one of the groups in the FIM Portal I can see all the members of the group.

I then changed the navigation bar to show the SecurityGroup navigation items to all users. (Usage Keyword BasicUI)

Now if I logon to a client computer and open the FIM portal as a standard user and click on "My SG Membership" I don't see any security group entries. I can see all of my DG memberships.

If I go back to the FIM portal server and change on of the existing security groups and add the owner and displayedOwner to the group I can see this group under my SG membership as a standard user.

Did I forget anything? How can I display all memberships without adding an owner to each group? Why are DGs displayed even without an owner?

Thanks in advance

Chris

↧

FIM Request approval from Windows Phone client

December 18, 2013, 7:38 am

≫ Next: BHOLD RBAC Model Generator

≪ Previous: My SG Membership only shows groups with owner/displayedOwner

Hi,

We have nice Outlook add-ins to accept/reject requests.

How about scenario with mobile client (Windows Phone)? Are there any solutions to approve/reject request form WP?

Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

↧

BHOLD RBAC Model Generator

December 18, 2013, 12:42 pm

≫ Next: LAN Manager

≪ Previous: FIM Request approval from Windows Phone client

I'm using the file upload method with BHOLD (SP1) RBAC Generator. My 3 file format works fine but I'm having a problem with my 5 file format. I get the following error: 'Roles$' is not a valid name. Make sure that it does not include characters or punctuation and that it is not too long.

Since my 3 file import works file, I'm assuming the issue must be in the 'Permissions-Applications' or 'Role' file. Both are rejected. My column names look right. I have values in the columns that require values. I have removed as many special characters as possible. And for the obvious, 'Roles$' is not text within either file.

Any ideas on troubleshooting this? The MG_PC log files don't tell me much more than the error above. Thanks for you help in advance.

↧

LAN Manager

December 18, 2013, 4:12 pm

≫ Next: Delta View vs Delta Table on SQL Server Management Agent

≪ Previous: BHOLD RBAC Model Generator

Is TMG still useful?

↧

Delta View vs Delta Table on SQL Server Management Agent

December 18, 2013, 7:57 pm

≫ Next: Folders created by FIM

≪ Previous: LAN Manager

Hi FIM Experts,

I'd like to ask your opinion on this "Delta View vs Delta Table"

Using Delta View (our current scenario), there are triggers for Add, Edit, Delete that will insert Dd and ChangeType to a "Changes" table. Then an SQL view is used to have a complete data plus the ChangeType. Now the script to run synchronization manages the "Changes" table by getting maxid of changes before delta import, perform delta import, then delete records in "Changes" table where id <= previouslyFetchedMaxId after sync cycle is finished.

Using Delta Table, I implemented it following this article:
http://www.wapshere.com/missmiis/how-to-make-a-sql-delta-table
I have 3 additional tables. And in my powershell script to run synchronization, I just call a stored procedure to populate the Delta table, before the synchronization cycle. this SP just do this in summary (truncate t_snapshot, truncate t_delta, load t_snapshot with current table, load t_delta, truncate t_archive, load t_archive with t_snaphsot). So t_archive contains the data of last synchronization. The SP executes for 17 seconds while processing close to 200K records.

My question:

1. Generally, which is recommended? DV or DT?
2. Using DT, I perform truncate and load to 3 tables every 10 mins (because that's the sync interval), any issues?
3. In terms of synchronization issues (ex. data is not sync), which approach is more prone to that?

I really appreciate if you can share your experience and expertise. Thanks!!!

Regards,

Joseph

↧

Folders created by FIM

December 18, 2013, 11:34 pm

≫ Next: FIM syncrhonization: slowness during export with ad management agent

≪ Previous: Delta View vs Delta Table on SQL Server Management Agent

Experts,

We are in planning stage of FIM and want to know the folders created by FIM after installation like '//Microsoft Forefront Identity Manager\2010\Synchronization Service'.

I know it is weird but we need to provide the folder list of folders before installation.

Please help if you know the folders or refer to any installation document referring to folders created post-installation.

Thanks,
Mann

↧

FIM syncrhonization: slowness during export with ad management agent

December 19, 2013, 3:07 am

≫ Next: FIM Syncronisation service 2010 R2 sp1 stopped-server on ECMA

≪ Previous: Folders created by FIM

Hello,

We are suffering from very bad performance when exporting updates from metaverse to AD.
The AD management agent takes among one minute per updated account(several days if we have an update on all accounts).
However the synchronization step is quite fast (among a few minutes).

In order to identify the source of the problem, we tried to made an update on all accounts with a VB.NET script.
We have executed this script localy (on the FIM synchronization service server) and it takes only several minutes.
This is why we are convinced that this issue is not relative to AD configuration.

Then, we have made several checks on the database configuration but we didn't find any problem in particulary, regarding the points below.
- table size
- cpu / memory / disk space shortage
- no dead lock
- queries execution time lower than one second

We would be grateful for any help, advice or feedback on the subject

Regards,

Serge Bouchut

↧

FIM Syncronisation service 2010 R2 sp1 stopped-server on ECMA

December 19, 2013, 3:15 am

≫ Next: FIM Collation setting

≪ Previous: FIM syncrhonization: slowness during export with ad management agent

Hello

I have an aleatory exception : stopped-server on all of my FIM sync service 2010 R2 sp1.

I don't have this error on FIM sync service 2010

This exception occurs on different ECMA and different execution profile (Import, Synchro).

With restarting the service, the excption doesn't appear anymore but for an unknow reason it reappears:

in the event viewer I have thos kind of error :

Faulting application name: miiserver.exe, version: 4.1.3419.0, time stamp: 0x511d9c79
Faulting module name: clr.dll, version: 4.0.30319.17929, time stamp: 0x4ffa59b1
Exception code: 0xc0000005
Fault offset: 0x00000000004e5900
Faulting process id: 0xf8c
Faulting application start time: 0x01cefcaa20d1eda1
Faulting application path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 9f8b2bbb-689d-11e3-b2ce-000a30ffa3a5

Faulting application name: miiserver.exe, version: 4.1.3419.0, time stamp: 0x511d9c79
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x0000000000018e3d
Faulting process id: 0xed4
Faulting application start time: 0x01cefc16c915f872
Faulting application path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f00f29a1-6895-11e3-b2ce-000a30ffa3a5

Thanks for your help.

↧

FIM Collation setting

December 19, 2013, 3:52 am

≫ Next: Computed Member in Advance Search in SET

≪ Previous: FIM Syncronisation service 2010 R2 sp1 stopped-server on ECMA

Experts,

Please clarify regarding collation setting used by SQL (used by FIM).

Why I should bother about collation setting in SQL?

Does one need to change collation setting because server where FIM/SQL will be installed can be non-English

Do I need to bother about collation setting because I need to support non-English language FIM Portal?

Please suggest.

Thanks,
Mann

↧

Computed Member in Advance Search in SET

December 19, 2013, 6:18 am

≫ Next: FIM Portal giving Syntax Error "WebResource.axd"

≪ Previous: FIM Collation setting

Hello Expert,

The Computed member option is missing in Advance Search in SET.
In Schema management, Computed member is bind to the Set. Would you please let me know how to bring the computed Member option in the drop down list in Advance Search of the set.

Thanks and Regards,
Anirban Singha
Bangalore-India

↧

FIM Portal giving Syntax Error "WebResource.axd"

December 19, 2013, 6:25 am

≫ Next: How to integrate an application for access administration with Microsoft Forefront Identity Manager 2010?

≪ Previous: Computed Member in Advance Search in SET

Hi Team,

It is fresh installation of FIM 2010 R2. FIM Sync, FIM Service and Portal are installed on the same box.

When opening FIM Portal, it does not load properly. Some boxes are misplaced and on checking the status bar I can see a list of errors.

First error in the list is "Syntax error" "WebResource.axd" Code: 0 URL: http://FIMPOrtal/webresource.axd?.......

It is followed by several "The value of the property 'WebForm_GetElementByTagName' is null or undefined, not a Function object" error for ScriptResource.axd file.

I have sharepoing 2010 installed. There is no NLB installed. I get the same error when accessing portal using "localhost" or IP.

Kindly help me fix this error. Any help would be greatly appreciated.

↧

How to integrate an application for access administration with Microsoft Forefront Identity Manager 2010?

December 19, 2013, 7:49 am

≫ Next: FIM Export Fails - Fault Reason: The endpoint could not dispatch the request. FIM Account Issue?

≪ Previous: FIM Portal giving Syntax Error "WebResource.axd"

Greetings Techies,

How to integrate an application for access administration with Microsoft Forefront Identity Manager 2010?

Requirements:
Basically, we want to provide and manage access to users for a particular application (can be any application(s)) through Microsoft Forefront Identity Manager 2010.

I would really appreciate suggestions of individuals for this. If you have any documents for the above said implementation please do share.

Many thanks.

↧

FIM Export Fails - Fault Reason: The endpoint could not dispatch the request. FIM Account Issue?

December 19, 2013, 10:08 am

≫ Next: Microsoft TechNet Wiki Gurus - Winners for November!!

≪ Previous: How to integrate an application for access administration with Microsoft Forefront Identity Manager 2010?

Hi,

I have 3 fim servers:

fimportal - has fim service & portal running (uses account service.fim & service.sharepoint)
fimsync - has synchronisation service & synchronisation DB (uses account service.fimsync)
fimsql - holds portal DB for server fimportal

I've created an AD MA, FIM MA and an inbound AD sync rule. On my FIM MA I've used account svc-fim (i.e. the account I've used to install FIM). This is not the same account that runs the synchronisation service on fimsync (account svc-fimsync is used for this).

I've ran a FIM MA import and full sync without issue (I can see my built in, admin account and the sync rule brought into the metaverse). When I do an export I receive an error as shown below.

What I'm not sure about is if it's because I'm using the wrong account for the FIM MA. If so, which account should I use and what's the best way to change my config (without a total reinstall)?

I've selected domain (as a text value), accountname and objectsid in my attribute flow, but I may have configured something wrong here.

Thanks

Fault Reason: The endpoint could not dispatch the request.\r\n\r\nFault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Exception: Other
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.GetDomainConfigurationIdentifiersFromDomain(String domainName)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.AddDomainConfigurationFromDomain(CreateRequestParameter domainNameParameter, RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
   --- End of inner exception stack trace ---</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource><AdditionalTextDetails>Request could not be dispatched.</AdditionalTextDetails></DispatchRequestAdministratorDetails><CorrelationId>0c7141ca-63a2-42ae-92c3-a0c95de0d940</CorrelationId></DispatchRequestFailures>

Below shows separate MA account and separate FIM Sync Account

IT Support/Everything

↧

Microsoft TechNet Wiki Gurus - Winners for November!!

December 19, 2013, 12:10 pm

≫ Next: FIM Service and Portal Installation Ends Prematurely

≪ Previous: FIM Export Fails - Fault Reason: The endpoint could not dispatch the request. FIM Account Issue?

The results for November's TechNet Guru competition have been posted!

Sorry for the delay copying over to the forums, busy times indeed!

http://blogs.technet.com/b/wikininjas/archive/2013/12/16/technet-guru-awards-november-2013.aspx

Congratulations to all our new Gurus for November!

We will be interviewing some of the winners and highlighting their achievements, as the month unfolds.

Post your DECEMBER contributions here:

http://social.technet.microsoft.com/wiki/contents/articles/21343.technet-guru-contributions-for-december.aspx

Read all about December's competition in the stickied post, at the top of this forum.

Below is a summary of the medal winners for November. The last column being a few of the comments from the judges.

Unfortunately, runners up and their judge feedback comments had to be trimmed from THIS post, to fit into the forum's 60,000 character limit, however the full version is available on TechNet Wiki.

Some articles only just missed out, so we may be returning to discuss those too, in future blogs.

BizTalk Technical Guru - November 2013

Gold Award Winner

Steef-Jan Wiggers

Windows Azure BizTalk Services EAI Bridges – Diagnostics

Mandi Ohlinger: "Anyone and everyone who's using BizTalk Services needs this topic. Well done!"
TGN: "WABS, I LOVE YOU! and I love this article! well described and a bunch of good images to help the explaination! Great work Steef-Jan!"
Ed Price: "I love the large and thorough Introduction section!"

Silver Award Winner

Suleiman Shakhtour

BizTalk Server: How to Extract Email Attachments By Pipeline

Mandi Ohlinger: "A great solution to a common problem. We need more of these. Thank you for the source code links!"
Ed Price: "This is a fantastic topic! Thanks for this great contribution!"

Bronze Award Winner

Tomasso Groenendijk

How to use Business Rules in the ESB Toolkit and test them with the BRE TestTool

Ed Price: "Great use of images to clearly express each step. Congratulations Tomasso, in winning your first Guru medal!"

SharePoint 2010 / 2013 Technical Guru - November 2013

Gold Award Winner

Brandon Atkinson

Use the XML Viewer Web Part, HTML, and JavaScript to Build Custom Web Parts

TVG: "No full-trust solutions, brilliant. But make sure that the injected JavaScript never impacts the functionalities on the page."
GO: "Excellent article! The GOLD medal winner for me! This article is well written with small images and a very fluent english. You'll read and understand every word. Technical but for each level. An excellent resource for the SharePoint Community! Thanks Brandon! "
Craig Lussier: "Fantastic article. Superb walk through with commentary, images and code. Well done!"

Silver Award Winner

Matthew Yarlett

A Complete Guide to Getting and Setting Fields using PowerShell

Jinchun Chen: "It is really a good article for getting start on using field in PowerShell."
Craig Lussier: "Excellent reference with high reuse value. Great work Matthew!"
GO: "Powershell, Powershell and again Powershell. The message here is clear. Everything is possible with Powershell. This article deserves absolutly a medal."
TVG: "Excellent! I would create a PowerShell command library so that I can simply download this script from this page and reuse it directly with the correct parameters.."

Bronze Award Winner

Benoit Jester - MTFC

SharePoint 2013: Search - User Segmentation

Jinchun Chen: "Nice article."
TVG: "Very interesting!"
Ed Price: "Benoit does a great job telling the story through images. It was an incredibly competitive month for SharePoint. We also need to mention Steven Andrews' amazing Deep Zoom Image article."
Craig Lussier: "Highly detailed and insightful walk through of this new SharePoint 2013 search feature. Great article!"
GO: "Again a great article from Benoit. Well Done!"

Small Basic Technical Guru - November 2013

Gold Award Winner

litdev

Dynamic Graphics

Ed Price: "Incredibly detailed. A fantastic resource to keep coming back to! From the comments: "Wanted to say WOW - this is great!" and "Awesome. Thanks""

Silver Award Winner

Nonki Takahashi

How to Make a Check Box

Ed Price: "Well formatted and in-depth how-to article! Great job!"

Bronze Award Winner

Joe Dwyer

Why Small Basic is a great programming language for beginners

Ed Price: "A well-articulated value statement for Small Basic! Thanks, Joe!"

SQL BI and Power BI (SSAS, SSIS, SSRS, Power Pivot) Technical Guru - November 2013

Gold Award Winner

johnsom

How to add JPEG and PNG report export when SSRS 2012 is integrated with SP 2013

Jinchun Chen: "Good sharing."
Ed Price: "Although this article could benefit from improved formatting, formatting on the code, and an image... the clarity and quality of the topic are what earns this article a prominent placing. Johnsom earns his first medal!"

Silver Award Winner

Tim Pacl

SSRS: Converting Between Tablix Controls (Matrix, Table List)

Ed Price: "Tim proves consistency with another fantastic article that is very thorough! We have a strong showing from SSRS in the BI category for November!"

Bronze Award Winner

Michael Amadi

Calculating the % difference between the same measure evaluated in two user selected contexts

Ed Price: "Michael earns his first Guru medal and gives us a Power Pivot article for BI! Great use of images and code!"

Transact-SQL Technical Guru - November 2013

Gold Award Winner

Naomi N

T-SQL: Create Report for Last 10 Years of Data

Richard Mueller: "Excellent article solving a common problem."
Ed Price: "Good details in the Solutions section!"
Samuel Lester: "Handy code and very slick solution!"

Silver Award Winner

Ronen Ariely

Random String

Samuel Lester: "Great comparison and VERY useful information in the application testing space as you mentioned."
Ed Price: "Great detail and depth!"
Richard Mueller: "I disagree with several statements in the article. For example GUID values will be random."

Bronze Award Winner

Saeid Hasani

Simplified CASE expression

Ed Price: "Incredibly clear and detailed explanations. Great job taking Carsten's advice (in the comments) and giving it good code formatting. It helps a lot!"
Samuel Lester: "Extremely thorough and a great read! Good addition!"

Visual Basic Technical Guru - November 2013

Gold Award Winner

Reed Kimble

Generate Color Sequences using a RGB Color Cube in VB.Net

Richard Mueller: "I love the color cube. Very well explained."
MR: "Great article and well written."
SB: "Article has narrative and text and shows concept well"
Ed Price: "Once again, Reed delivers an astonishingly thorough article that's easy to read and understand. Great topic!"

Silver Award Winner

.paul.

Shapes - Areas + Volumes

SB: "This had narrative, code and practical usage for beginners to VB. THis would get people going quickly using VB and I can see it being useful for beginners to VB."
Ed Price: ".paul. earns his first Gold Guru medal! The code could be formatted better, but as SB mentions, this is very informative and the perfect article for a new coder! Could benefit from a TOC and headers."
Richard Mueller: "Good explanation. I would like to have seen the missing classes without downloading the source code."
MR: "Good example of OOP. Maybe include a GetArea returning a Double as well?"

Visual C# Technical Guru - November 2013

Gold Award Winner

Jaliya Udagedara

Thread.Sleep vs. Task.Delay

NN: "Short and swift and very informative article. I like all articles by Jaliya and this is no exception"
Ed Price: "Great formatting with thorough explanations!"

Silver Award Winner

Deeptendra

Difference between Static Class, Sealed Class and Abstract Class in C#

NN: "This article explains some basic C# concepts, but it will be much better if it would provide examples"
Ed Price: "Good comparison for starters, but it could go deeper on each class."

Bronze Award Winner

Muralidharan Deenathayalan

Learn about Class,Object and Constructors

NN: "Good and simple article that is helpful for C# beginners"
Ed Price: "As NN mentions above, this is a good article for new coders. As Carsten mentions in the comments, it would benefit from better code formatting."

Windows Phone and Windows Store Apps Technical Guru - November 2013

Gold Award Winner

mcosmin

Various Media Objects for Windows Phone and Their Roles

RC: "A few interesting additions to the Media for Windows Phone docs. For completeness it should also address how Media Foundation fits in. Also please update the MediaElement link to point at Windows Phone docs rather than Silverlight."
Ed Price: "Great explanations of the classes! This article could benefit from a TOC."
AN: A good article, and useful subject!

Windows Presentation Foundation (WPF) Technical Guru - November 2013

Gold Award Winner

dev hedgehog

Custom Tree Virtualizing Panel

Ed Price: "The introduction sets expectations very well, and then the sections are divided very clearly. Great code formatting. Per the comments, thanks for adding the TOC!"
Peter Laker: "Love this tip. Great contribution hedgehog!"

Silver Award Winner

Magnus (MM8)

WPF: Programmatically Selecting and Focusing a Row or Cell in a DataGrid

Peter Laker: "Great subject, very informative, lots of explanation."
Ed Price: "Very thorough and well formatted!"

Bronze Award Winner

Ayyappan

WPF Treeview Using Self Reference Table and Entity Framework

Peter Laker: "Great article, great walk through and nice presentation."
Ed Price: "Great topic! It would benefit from a TOC and Headers. Some great TreeView articles this month!"

SQL Server General and Database Engine Technical Guru - November 2013

Gold Award Winner

Uwe Ricken

When Foreign Keys will conflict with FILLFACTOR

Jinchun Chen: "Nice! I love it."
NN: "Great article, very comprehensive. Few drawbacks - it doesn't explain in details what the correct solution should be. Also, the code samples to the article include line numbers which make them harder to copy"
Ed Price: "As Saeid in the comments wrote, "I love this article. This article defines the quality!" Between the explanations, code, comments, and diagram, the story is told well."
Samuel Lester: "Outstanding explanation, format, and write-up! Superb again Uwe!"
DB: "Very interesting both in content and technique. "
DRC: "Very nice article, well documented with sample script and sample output. If we add the references to few of the topics discussed, would be helpful to understand the concept better so that the reader will get the complete picture of the blog talks about. Definitely a TechNet WIKI article. "

Silver Award Winner

Ronen Ariely

SQL Server: Create Random String Using CLR

NN: "This article can not be read by its own without reading the article it refers to. The code is not explained, the process of creating CLR function is also not explained. So, it is not clear how this C# code is used in SQL Server at all"
Ed Price: "This could benefit from much more explanation. "
Samuel Lester: "Very good article and a great in-depth break-out that compliments your broader random string tech-net Wiki article. Great read!"
DRC: "It would have been better if the code would also provide the below details: 1. How to load the dll generated in SQL Server memory 2. Sample T SQL script to use the function and a sample output for the same. "

Windows Server Technical Guru - November 2013

Gold Award Winner

Mr X

How to protect your Active Directory from RID Pool Depletion

GL: "Good background and procedures."
JH: "great diagram, great topic. well written"
Richard Mueller: "Great information that could prevent a disaster."
JM: "Very good article"

Silver Award Winner

Mr X

How to extend the Delegation of Control Wizard templates in Active Directory Users and Computers

Richard Mueller: "Very valuable information. Needs a TOC. The tables and images help a lot."
GL: "Good detail in this article. I'd like to see a use case added."
JH: "very useful, nicely illustrated"
JM: "Very good article, but it would be good to improve readability by fixing minor errors in grammar (missing articles, pluralization sometimes incorrect)"

Bronze Award Winner

Mr X

Delegate moving user, group and computer accounts between Organizational Units in Active Directory

JM: "This is an excellent article and I'm sure a lot of Admins will find it very helpful."
JH: "good topic, well organized table, easy to read"
Ed Price: "Great table and good use of cross-linking to related Wiki articles!"
Richard Mueller: "A great table and great references."
GL: "Good article."

As mentioned above, runners up and their judge feedback were removed from this forum post, to fit into the forum's 60,000 character limit.

A great big thank you to EVERYONE who contributed an article to last month's competition.

Hopefully we will see you ALL again in this month's listings?

As mentioned above, runners up and comments were removed from this post, to fit into the forum's 60,000 character limit.

You will find the complete post, comments and feedback on the main announcement post.

Please join the discussion, add a comment, or suggest future categories.

If you have not yet contributed an article for this month, and you think you can write a more useful, clever, or better produced wiki article than the winners above, here's your chance! :D

Best regards,
Pete Laker

More about the TechNet Guru Awards:

TechNet Guru Competitions

#PEJL

Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!

If you are a member of any user groups, please make sure you list them in the Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.

↧

FIM Service and Portal Installation Ends Prematurely

December 19, 2013, 5:48 pm

≫ Next: FIM Organisational Unit renaming

≪ Previous: Microsoft TechNet Wiki Gurus - Winners for November!!

Hey Everyone, I've been installing FIM components on a customers production environment and I've run into a problem that I cannot solve. Before I get into the problem, let me give you a background of their environment. We recently installed FIM Sync on a separate machine. We have a DC machine. We have a SQL machine. On the machine I am working on, it is a Windows Server 2012. It has SharePoint Foundation 2013 and we are trying to install FIM Service and Portal on it.

The problem is that whenever we try to install the Service and Portal, the installation will start and will stop near the end, rollback, and says that the installation ended prematurely. I run a verbose logging because we are not receiving any errors anywhere and everything seems to be working. The error that I found in the verbose log is as follows:

CustomAction SetPolicyforServiceAccount returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 15:59:41: InstallExecute. Return value 3.

After that, the system starts to roll back the installation. Does anyone have any idea what the issue is/how to fix it? If you need any clarification, please dont hesitate to ask. I'll try and respond as quick as I can.

Thanks a lot!

↧

FIM Organisational Unit renaming

December 20, 2013, 12:50 am

≫ Next: Eventlog: Given key not found and resource missing

≪ Previous: FIM Service and Portal Installation Ends Prematurely

Hello,

I had done an MVExtension to provision Organisation Unit from AD to AD LDS.

When i create an OU it's OK, but when i rename it and i run a synchro i visualise that the OU is renamed but when i run an export i have un error to modify attribut owned by system.

Has anyone a solution for this

Thanks.

↧

Eventlog: Given key not found and resource missing

December 20, 2013, 3:32 am

≫ Next: The SharePoint Timer Service

≪ Previous: FIM Organisational Unit renaming

Hello at all,

I having a strange issue in one of my customers environments.

My eventlog is filled with many many error saying either "The given key was not present in the dictionary." and "Resource is missing".

Here are the full details on both eventlogs:

Requestor: urn:uuid:e1603551-065e-4f84-a236-acb00d1c8e18
Correlation Identifier: 3fdbcc5d-45d2-4541-830d-a7ccffed9327
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
   at System.ThrowHelper.ThrowKeyNotFoundException()
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes()
   at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString()
   at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecutePullActionImpl(PullRequestParameter pullParameter)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteEnumerateAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
   --- End of inner exception stack trace ---

Requestor: urn:uuid:b3694817-313e-449f-b471-6484b3917c02
Correlation Identifier: 3fae4696-f7de-490f-bb77-a3603fce43f0
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Get(Message request)

and also some short snippet from the FIM Service trace in verbose mode:

Microsoft.ResourceManagement Verbose: 0 : Request '' status was updated in-memory from 'NotFound' to 'Validating'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4651988Z
Microsoft.ResourceManagement Verbose: 0 : Request created: ''

    ThreadId=16
    DateTime=2013-12-19T14:14:23.4671990Z
Microsoft.ResourceManagement Verbose: 0 : Entered RequestDispatcher with Request Object; RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4681991Z
Microsoft.ResourceManagement Verbose: 0 : Add request 'dd715f67-ccba-4496-bb6e-1fba39283358' to cache with RequestStatus 'Validating'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4681991Z
Microsoft.ResourceManagement Information: 1 : RequestDispatcher enter processing pipeline;  RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358'; Operation 'Get'; Object ''; RequestStatus 'Validating'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4691992Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358' for a 'Get' operation on object '' with RequestStatus 'Validating'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4701993Z
Microsoft.ResourceManagement Verbose: 0 : Request 'dd715f67-ccba-4496-bb6e-1fba39283358' status was updated in-memory from 'Validating' to 'Validated'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4761999Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358' for a 'Get' operation on object '' with RequestStatus 'Validated'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4772000Z
Microsoft.ResourceManagement Verbose: 0 : Executing initial authentication.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4782001Z
Microsoft.ResourceManagement Verbose: 0 : Request 'dd715f67-ccba-4496-bb6e-1fba39283358' status was updated in-memory from 'Validated' to 'Authenticating'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4792002Z
Microsoft.ResourceManagement Verbose: 0 : Request 'dd715f67-ccba-4496-bb6e-1fba39283358' status was updated in-memory from 'Authenticating' to 'Authenticated'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4802003Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358' for a 'Get' operation on object '' with RequestStatus 'Authenticated'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4802003Z
Microsoft.ResourceManagement Verbose: 0 : Request 'dd715f67-ccba-4496-bb6e-1fba39283358' status was updated in-memory from 'Authenticated' to 'Authorized'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4812004Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358' for a 'Get' operation on object '' with RequestStatus 'Authorized'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4822005Z
Microsoft.ResourceManagement Information: 1 : WS: Action.Get.Execute.Enter
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4822005Z
Microsoft.ResourceManagement Verbose: 0 : XPathDialectParser.ParseXPathExpression.Enter(/Person[ObjectID='fb89aefa-5ea1-47f1-8890-abe7797d6497'])
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4842007Z
Microsoft.ResourceManagement Verbose: 0 : XPathDialectParser.Enumerate.BuilderResult(/Person[ObjectID = 'fb89aefa-5ea1-47f1-8890-abe7797d6497'])
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4872010Z
Microsoft.ResourceManagement Verbose: 0 : XPathDialectParser.ParseXPathExpression.Exit(/Person[ObjectID = 'fb89aefa-5ea1-47f1-8890-abe7797d6497'])
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4872010Z
Microsoft.ResourceManagement Information: 1 : Query: QueryProcessor.ExecuteQuery.ExecuteReader.Enter
    ThreadId=16
    DateTime=2013-12-19T14:14:23.4882011Z
Microsoft.ResourceManagement Information: 1 : Query: QueryProcessor.ExecuteQuery.ExecuteReader.Exit
    ThreadId=16
    DateTime=2013-12-19T14:14:23.6252148Z
Microsoft.ResourceManagement Verbose: 0 : Request 'dd715f67-ccba-4496-bb6e-1fba39283358' status was updated in-memory from 'Authorized' to 'Denied'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.6282151Z
Microsoft.ResourceManagement Information: 1 : RequestIdentifier 'dd715f67-ccba-4496-bb6e-1fba39283358' exited RequestDispatcher with RequestStatus 'Denied'.
    ThreadId=16
    DateTime=2013-12-19T14:14:23.6282151Z
Microsoft.ResourceManagement Information: 1 : WS: Get:PermissionDenied
    ThreadId=16
    DateTime=2013-12-19T14:14:23.6302153Z
Microsoft.ResourceManagement Error: 3 : Requestor: urn:uuid:0aac2c9a-5a8b-44c7-ba8b-909d459a3d66
Correlation Identifier: 771ee212-67a9-410a-bffe-fef76a78e366
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Get(Message request)
    ThreadId=16
    DateTime=2013-12-19T14:14:23.6312154Z
Microsoft.ResourceManagement Information: 1 : WS: Get: exit
    ThreadId=16
    DateTime=2013-12-19T14:14:24.0012524Z
Microsoft.ResourceManagement Information: 1 : WS: Get: enter
    ThreadId=16
    DateTime=2013-12-19T14:14:24.0792602Z
Microsoft.ResourceManagement Information: 1 : WS: ObjectType,ObjectID,DisplayName,Locale
    ThreadId=16
    DateTime=2013-12-19T14:14:24.0822605Z
Microsoft.ResourceManagement Information: 1 : WS: GetCurrentUserFromSecurityIdentifier.Enter: S-1-5-21-1343024091-790525478-839522115-44293
    ThreadId=16
    DateTime=2013-12-19T14:14:24.0832606Z
Microsoft.ResourceManagement Information: 1 : WS: GetCurrentUserFromSecurityIdentifier.Exit
    ThreadId=16
    DateTime=2013-12-19T14:14:24.0842607Z
Microsoft.ResourceManagement Information: 1 : Get(fb89aefa-5ea1-47f1-8890-abe7797d6497)
    ThreadId=16
    DateTime=2013-12-19T14:14:24.0852608Z

Tracelog is nearly identical on the "key not present" error, after authorized, the request (which i can see is a read/get) is switched back todenied.

The only thing that in common in all errors in the tracelog is that it occurs on a get of a guid/reference.

In Portal everthing is working like expected i see no errors, all data is displayed like it should, not resources oder value are missing.

But at the most places I click in portal it generates one of the to event, even if I switch from one user tab to another, but only this ones which holds group reporting controls (no errors on tab where manager and assistant are displayed).

Eventlogs also apperas on displaying all users or searching for them and even in request history and MPR list.

I am the initial administrator and in addition give (for testing) explicit read to all objects with all attributes to the admin set

So the problem is not that urgent as all is working like expected but it fills up my eventlog, making it hard to seperate this errors from real issues.

Environment ist FIM 2010 R2 Sp1 with latest Hotfix (4.1.3496.0) running on SharePoint Foundation 2013 on a Server 2008 R2. SP2013 was installed with the help on the guide from FimSpecialist.

Anyone a hint on how to solve this ?

Regards
Peter

Peter Stapf - Doeres AG - My blog:JustIDM.wordpress.com

↧

The SharePoint Timer Service

December 20, 2013, 4:44 am

≫ Next: Custom FIM PORTAL to provide Special privilege to a Specefic User( eg. Sub-Administration) or a Set of Users

≪ Previous: Eventlog: Given key not found and resource missing

Hello ,

In FIM Server, i put the account FIMwssSvc for Sharepoint Timer but i had errors in event viewer ?

Insufficient SQL database permissions for user 'Name: xxxxxxxxxxx SID: S-x-x-xx-xxxxxxxx-xxxxxxxxx-xxxxxxxxxxx-xxxxxxxxxxx ImpersonationLevel: Impersonation' in database 'SharePoint_Config_31388a75-...........' on SQL Server instance 'xxxxxxxxx\Sharepoint'. Additional error information from SQL Server is included below.

The EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config_31388a75-......', schema 'dbo'.

Is anyone has this issue ?

↧

Custom FIM PORTAL to provide Special privilege to a Specefic User( eg. Sub-Administration) or a Set of Users

December 22, 2013, 11:32 pm

≫ Next: Custom FIM PORTAL to provide Special privilege to a Specefic User( eg. Sub-Administrator) or a Set of Users

≪ Previous: The SharePoint Timer Service

If an Organisation wants a User (lets Say- Paul Walker) to act as a Sub-Administrator, Who can see the Security Groups or My SGs or My SGs Membership in its Naigation Resource Bar in Fim Portal and the Search Scope as well to view that Data.

Found a Solution.

↧

Latest Images