Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Search Scope XPATH Filter for 'department' and 'manager'?

0
0

Hi,

Is there a way to create a Search Scope Filter, to show all the users in the department that I currently am in? As in, look at my department attribute and dynamically generate a Search Scope Filter?

Or to show all users where I am their 'manager'? (I = the user doing the FIM Portal search)

thanks,

DW



Reporting FIM2010 R2 Error

0
0

Hello, 

I installed SCSM for FIM reporting , i verify that the administration pack are terminated . 

I have and error for the module:   Extract

In the event viewer in the DW Server i have this log 

ETL process type: Extract
 Batch ID: 581
 Module name: Extract_TypedManagedEntity_DW_FIM
 Message: Échec de la conversion de la date et/ou de l'heure à partir d'une chaîne de caractères.

Any idea ? 

FIM GAL sync - custimize the attributes

FIM Password Reg/Reset Portals over Internet marked as PCI Compliance Failure

0
0

Hi,

How have you handled the issue reported by a security audit of FIM2010 R2 Portals for registering and resetting passwords on the 'net. The date on the article is 2008, and the .net assemblies are 1.0 thru 2.0, but the audit is still catching preventing a rollout.

 

Brief Description: Details here: http://xforce.iss.net/xforce/xfdb/44743

Microsoft ASP.NET could allow a remote attacker to bypass ValidateRequest filters and conduct cross-site scripting attacks, caused by a vulnerability that was introduced by the MS07-040 update. A remote attacker could exploit this vulnerability using a query string containing a less-than tilde slash sequence (<~/) appended with a malicious STYLE element, which would allow the attacker to bypass Request Validation and conduct cross-site scripting attacks against a vulnerable ASP.NET application.

TIA

Sunny

FIM 2010 R2 Installation and SharePoint

0
0

I am with a higher education institution and have been task with getting FIM Password Reset Port and Registration Portal installed and configured.  I understand that I will need to also install FIM Portal, FIM Service, and FIM Synchronization.  I am using the FIM 2010 R2 Deployment Guide and Self Service Password Reset Deployment Guide downloaded from Microsoft but I am not clear as to how SharePoint fits into the installation.  Do I need a fully functional version of SharePoint running in order to use SSPR?  We currently do not have SharePoint running. 


Is there an issue with using a local copy of the WSDL versus a direct connect to Configure Web Service

0
0
I would like to build a WS connector to RemedyForce (~ Salesforce).  I am attemptling to use the configuration tool to buid the MSCONFIG file.  Salesforce does not let you connect directly to a wsdl file. you have to download a static copy.  This would seem fine using a "file://" path as the url - but as soon as I attempt to configure any import/synch the utility crashes.  My assumption is it is attemping to reach a true webservice and using file location is not cutting it.

Urgent Help - Criteria Based Set Help

0
0

Hey all,

     I maybe going crazy here but i cant seem to figure out the following set. What I need is to do is create a set for disabled accounts which would consists of the following all users of have expired which is based on a business rule that states if you account "extract_date is older then 90 days from todays date" and your have an "Employee ID" your account will be disabled. Or if the EmployeeStatus dropdown is set to "disabled". 

    Below is a screenshot of what I am trying to do but I am having trouble with the finding employees who have Employee ID's based on that criteria.

     Any advice is greatly appreciated. 

      

FIM.psm1 error

0
0

Hi.

 

I'm trying to import FIM PowerShell module on Powershell V 3 (Import-Module FIM) and the following is the error I get:

 

 

Add-PSTypeAccelerator : You cannot call a method on a null-valued expression.

At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\FIM\FIM.psm1:935 char:1

+ Add-PSTypeAccelerator -Alias 'FIMExportObject' -Type Microsoft.ResourceManagemen ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   + CategoryInfo         : InvalidOperation: (:) [Add-PSTypeAccelerator], RuntimeException

   + FullyQualifiedErrorId : InvokeMethodOnNull,Add-PSTypeAccelerator

 

Import-Module : The specified module 'FIM' was not loaded because no valid module file was found in any module director

y.

At line:1 char:1

+ Import-Module FIM

+ ~~~~~~~~~~~~~~~~~

   + CategoryInfo         : ResourceUnavailable: (FIM:String) [Import-Module], FileNotFoundException

   + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

 

 

Any ideas?


Using FIM Powershell Activity on Windows 2012

0
0

Hi,

I'm using FIM Powershell Activity (http://fimpowershellwf.codeplex.com/)

In my powershell I need to use some module (ActiveDirectory) which appears to be on the server in version 3.0. However powershell activity seams to be executing powershell 2.0. And I'm getting follwing error while trying to load it:

Import-Module : The 'C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDi
rectory\ActiveDirectory.psd1' module cannot be imported because its manifest con
tains one or more members that are not valid. The valid manifest members are ('M
oduleToProcess', 'NestedModules', 'GUID', 'Author', 'CompanyName', 'Copyright',
'ModuleVersion', 'Description', 'PowerShellVersion', 'PowerShellHostName', 'Powe
rShellHostVersion', 'CLRVersion', 'DotNetFrameworkVersion', 'ProcessorArchitectu
re', 'RequiredModules', 'TypesToProcess', 'FormatsToProcess', 'ScriptsToProcess'
, 'PrivateData', 'RequiredAssemblies', 'ModuleList', 'FileList', 'FunctionsToExp
ort', 'VariablesToExport', 'AliasesToExport', 'CmdletsToExport'). Remove the mem
bers that are not valid ('HelpInfoUri'), then try to import the module again.

Did anyone had same problem and have some quick workaround?


Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

SSPR Questions - can I force a mandatory question with several optional?

0
0

Hi,

 I'd like to be able implement the FIM portal in a manner where their password is reset if they answer 3 questions correctly. One of the questions is mandatory and the other two are optional from a pool of 9. So, I'd like to setup the following on registration:

1. User must answer question 1

2. Questions 2-9 are optional to answer, BUT at least 2 of these must be answered.

When a user attempts to reset their password, they must answer Q1 and any 2 questions from 2-7.

Is this possible and straight forward to implement in the SSPR portal?

Cheers

Send notification twice a year

0
0
I want FIM to send some kind of audit notification twice in a year (say on 30th June and 31st December every year). Is it doable? If yes then how?

BHOLD NOTIFICATION

0
0

Hi,

Can we add customized notifications to BHOLD.

And we have a requirement to send a notification email to users whose permissions have been removed after attestation process.

THis notification email will notify him of his permission removal.


shakti

Unable to run Export of Windows Azure Active Directory connector Event ID 6401 followed by Event ID 6301

0
0

Hi ,

I am Unable to run Export of Windows Azure Active Directory connector Event ID 6401 followed by Event ID 6301.

I get STOPPED SERVER error while running Export I have tried to google a lot but could not find any specific answer for this issue

I get following errors: in Event Viewer 

The server encountered an unexpected error in the synchronization engine:
 Event ID 6301:

 "BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\sql.cpp(7337): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\sproc.cpp(799): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\csobj.cpp(17070): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\shared\entry\tower.cpp(11918): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\csobj.cpp(3431): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\csobj.cpp(853): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\csobj.cpp(1047): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\nscsimp.cpp(4948): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sqlstore\nscsimp.cpp(4502): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sync\expbase.cpp(1192): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sync\expbase.cpp(1028): 0x80040e2f (unable to get error text)
BAIL: MMS(6548): d:\bt\5417\private\source\miis\server\sync\expbase.cpp(2676): 0x80040e2f (unable to get error text)

Event ID 6401

 

The management agent controller encountered an unexpected error.

 "ERR_: MMS(6548): d:\bt\5417\private\source\miis\shared\utils\libutils.cpp(10600): Unusual error code reported 0x80040e2f
Forefront Identity Manager 4.1.3451.0"

Troubles with configuring static port for Certsrv.msc

0
0

I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.

I configured a static DCOM port by following this article, including bouncing the service and also rebooting the CA box:

http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx

The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.  On the CA I ran netstat & 'netstat -a' and am not seeing the static port listed anywhere.

It does not appear to me that the static dcom endpoint is working properly & that it is still randomly assigning ports.  We would greatly prefer to not have the whole range opened for random port assignment.  Any suggestions?  Thanks in advance!

How to include disconnectors in a set?

0
0

This is an interesting scenario I haven't got a good answer for at the moment and wondered if anyone else had any good ideas?

As part of meeting a user deprovisioning requirement, when a set of conditions are met, we need to take action and delete the user in the Portal. Pretty simple so far, create a set with dynamic membership and have a MPR fire on transition-in to the set. The problem though is that one of the criteria for the set needs to be "the user has been deleted from the authoritative system", i.e. they've been disconnected from their source system (not the Portal).

There's no way in the set criteria builder to ask that sort of question of the sync engine "do you have a connector for XX MA?" that I know of.

There doesn't seem to be a way to set an attribute in the MV on the user when the user is disconnected to use as a marker either. I did think about trying to hijack the ShouldDeleteFromMV() method on the Metaverse extension but I doubt very much it'll be able to modify the mventry and if it does, it means I have to implement code to determine the object deletion rule.

I could use a reflector MA, something that queries the MV database table directly for all users and then use a rules extension to set the MV attribute that says if they have the connector or not, but it'll be slow due to needing to do full-syncs (80k+ users) and therefore not something we can include in the normal fast-paced cycles, so would have to run say once a day on its own schedule.

I don't suppose anyone else has a nice way to make this kinda of is-connected determination in the portal, ideally with a set?


Licensing cost for Password Change Notification Service?

0
0

We are win2008R2.

Is there a separate software and licensing cost for PCNS?

Do i need to purchase FIM 2010 to have PCNS or Is it a standalone product?

Can PCNS sync passwords between two AD forests? (eg ForestA\samUser1  <-> ForestB\samUser1)

Thanks,


Navgup

Custom gates for Self-Service password reset portal

0
0

Hi All,

Is it possible to create custom gates for Self-service password reset portal through FIM. By default there are just three options Q & A, SMS OTP and OTP email. 

We need to give the password reset option when the user can authenticate using RSA secure-id token.

Regards

Shubham

FIM alternate approvers based on timeframe

0
0

Hi,

Is it possible in FIM to have alternative approvers and an escalation mechanism if/when approvals are not done within a predefined timeframe.

Thanks,

DW

FIM control AD Group membership based on users start and end date?

0
0

Hi,

Can FIM control AD Group membership based on users start and end dates?

Say a user joins the organization on 1 Feb, and the contract will expire 1 Dec...can FIM control this users AD Group membership based on those dates?

Thank you,

DW

Can a user chose their SSPR preference?

0
0

Hi,

When registering for SSPR, can a user also select which is their preferred reset method?

  • answering a number of challenge / response questions
  • receive an OTP on a manually entered email address
  • receive an SMS OTP to a manually entered mobile number

thanks,

DW

Viewing all 4767 articles
Browse latest View live




Latest Images