Distribution Group 1 : Test_Main
Members: M1,M2
Distribution Group 1 : Test_Sub
Members: S1,S2
i want members of Test_Main(M1,M2) to be the members of Test_Sub.
whenever client adds a member to Test_Main automatically becomes the member of Test_Sub.
How to do it?
I knw I can add Test_Main(group) as a member of Test_Sub.
but does it mean its(Test_Main) members automatically becomes the members of Test_Sub..??
On attempting to create large security group (with 35k users) in AD, i get "dropped connection from the domain controller.
The MS AD guy we have attached here tells me that there are some limitations on LDAP and even some known issues with writing 5k+ objects to a DC.
Are there any "best practices" for writing large groups to AD?
/Nicolai
Synchronizing AD DS and AD LDS attributes
A few tips how to follow the procedure here http://technet.microsoft.com/en-us/magazine/2009.04.schema.aspx?pr=blog : This is a great article but it do not cover it all.
Example (type it yourself because WINWORD is making meatloaf code.)
ldifde-i-f-c DeltaADSAttributesLL.ldf dc = X "DC = test, dc = ocg"
ldifde-i-f-c DeltaADSClassesLL.ldf dc = X "DC = test, dc = ocg"
PS: Is there any PowerShell script to automate it all?
GH
Hi,
Looks like the Performance Testing FIM Sync paper (http://technet.microsoft.com/en-us/library/fim-2010-synchronization-testing%28v=ws.10%29.aspx) hasn't been updated since 2010...and Large Profile Performance Testing for FIM Synchronization is still saying"results are pending".
Does anyone at Microsoft know when this paper will be updated, and the results from the larger profiles be shared with the public?
thanks,
DW
Hello,
Does FIM support Sharepoint 2013 as FIM portal? According to to http://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspxthe portal should be Services 3.0 SP1 or Service Pack 2 (SP2).
Thank you.
Br
Csaba
Hi,
I have been trying to enable the Lotus Domino Connector (build 5.3.721.0) to log detailed information into some place. I've seen that this latest build switches to ETW logging. So I've added the following to the miiserver.exe.config file in the system.diagnostics/sources section:
<source name="ConnectorsLog" switchValue="Verbose" switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="LotusNoteTextTraceFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="c:\temp\notesconnector.log" />
</listeners>
</source>
Unfortunately that is not working, I also tried eventlogging, but that didn't work either. Can anyone point me into the right direction?
Thanks in advance
I am following steps in the documentation. Where would I find FimDataProcessingExtension.dll?
http://fimdpe.codeplex.com/documentation
Hi,
So there are a number of built-in MAs that work with PCNS (i cant find the technet link for this, but I think there is one).
From what I recall Password Sync was uni-directional, is that still the case in FIM R2?
Since PCNS is installed on domain controllers, can we safely assume that the originator of any password change can always and only be Active Directory? i.e. we can never have AD LDS, for example, as the source for a password sync?
thanks,
dw
Hi Gurus
I have a couple of quick questions about the FIM Password Reset and Registration Portal. I have a portal that is up and running and I can register users and can update their passwords. I am trying to do the following:
Any help will be greatly appreciated, thanks in advance.
Regards
Can FIM Components be installed on WIN2K12 R2?
It works with WIN2K12 but not sure with WIN2K12 R2.
What is MS official word on this.
Please suggest.
I need to install two FIM servers in an environment. One will be used for Galsync. The requirement is to use an existing SQL cluster.
In the following TechNet link it describes the registry key were you can update the DB name.
http://technet.microsoft.com/en-us/library/ff800821%28WS.10%29.aspx
Could someone confirm if this is a supported Microsoft configuration to rename the DB?
Thanks,
Hello All,
While exporting a user object in Fim Portal, I get few requests having request status as "PostProcessingError" which have display name as "Create Person: '' Request". For these requests no ERE is being applied to the object despite the fact it is coming in set for MPR having transition-in and due to this I have to manually add the ERE to it.
When I open the request I see the error message as "An unexpected error occurred when trying to create the Expected Tule Entry. Inspect the error logs for more information." but whenever I search Logs in Event Viewer, I am not able to fetch any log for the same.
Kindly suggest and all the responses would be highly appreciated.
Please Note : This does not comes always, it comes randomly in the production environment.
Regards,
Manuj Khurana
Hi ,
Is FIM 2010 R2 SP1 compatible with Windows 2012 R2 ?
Thanks~ Giriraj Singh Bhamu
Hey,
I want a user to be able to Register their alternate email address and their Mobile number.
When a re-set request is made, I want to
Email the OTPR code to the email address
Email the OTPR code and the phone number to the SMS email with the number in the subject line. I have an EMAIL to SMS gateway configured and working.
So the user can get 2 notifications, I cannot find any document on how to find this. And the "Password Reset Authn Workflow" SMS registration part has only an activity saying "Your security code is {0}" assuming that I don't want to trigger this.
Is this a supported scenario ?
Rob
Rob
Hi all,
I am currently struggling with deprovisioning in FIM and was looking for some help.
My scenario - I am receiving users from an "HR" database and if they have the employee type of "Full Time" or "Contractor" they automatically get provisioned into the AD via set transition and synchronisation rule. The
DN for the user is built based upon the employee type therefore full time employees go into on OU, contractors into another. This works and all is good - I can even change the type of employment and the user gets moved as expected.
Now I need to deal with the scenario of deprovisioning. The HR database has no state information - a user is either present in the database or not. When a user disappears from the database I would like to first disable the account in AD, move it to a third "Disabled" OU and then stop managing the user in FIM.
I have done lots of reading around the subject including the "Understanding Deletion in ILM 2007" and others. What I can't figure out is which bits I need to put together and in which order.
Some guidance would be brilliant.
Thanks in advance and here is hoping someone has some patience to help :-)
Hi All,
I am implementing SSPR with OTPR via a on premise SMS gateway. It is configured with an email address. I can email it and it relays the message to a user.
I want users to register their mobile numbers as my internal data is not clean.
So, this is ok, I can set the SMS OTPR workflow. However there is no option other than a code extension to simply email the SMS server. Does anyone know how this is implemented for customers with an Email to SMS gateway feature ?
thanks in advance.
Rob
Rob
Hello ,
When i create a new OU in Active Directory, when i run a Delta Import i don't see any changes and i'am obliged to run a full import to see the new imported OU , is it normal !!
Thanks
When changing the value of an user attribute in the FIM Portal, the new attribute value is properly logged. This can be read in the request and in the standard report FIMUserHistory.
The question is, what about the old value that was replaced? Is the old value available in the Data Warehouse somewhere, so one can make a report or is it gone forever (of course one can find the old value by looking at the previous attribute change or creation event, but this could be too long time ago)?
Thanks for helping,
Didier.
Hi all,
I am setting up some criteria based membership rules for security groups and there are going to be a lot of groups. I can predict the rules based on the name of the group and I have a list of group names. Is there a way that I can automate the criteria rules using scripts or SQL statements rather than setting this up by had for literally 1000's of groups?
Thanks.
