Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 47 | 48 | (Page 49) | 50 | 51 | .... | 204 | newer

    0 0
  • 03/23/14--04:54: Installing HA Fim SSPR
  • Hey Guys,

    Im now installing the SSPR on a Load Balanced Sharepoint FARM. The Fim Portal works and exists on both servers in the IIS.

    Now the thing is that i installed the SSPR (Reset and Registration portals) on the first node, the IIS sites are there and working, however now on the second node shouldnt SP be replicating those sites like it did with the FIM portal or shall i go and manually install the SSPR portal on the second node as well ? 

    Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: | If this post has been useful please click the green arrow to the left or click Propose as answer

    0 0
  • 03/23/14--23:25: FIM Gropus join restriction
  • Hello,

    Here is a few word about FIM Groups and it is said that the atribute Membership Add Workflow can accept the next values: Owner approval, None and Custom. The behavior of first to values is clear, but what about "Custom"? How can I bind my custom approval workflow in this case?

    Thanks in advance!

    0 0


    I have an issue during the execution of TemporalEventsJob.

    On FIM Service, I have lot of alerts in Event viewer during the evaluation of SET Transitions. Each error is composed of 3 events:

    1/ Error Event ID 3:

    Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTransitionsStatementEvaluation, Line 153, Message: Transaction (Process ID 87) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

    2/ Error Event ID 3:

    Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTransitionsStatementEvaluation, Line 153, Message: Transaction (Process ID 87) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
       at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
       at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
       at System.Data.SqlClient.SqlDataReader.get_MetaData()
       at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
       at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
       at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
       at System.Data.SqlClient.SqlCommand.ExecuteReader()
       at Microsoft.ResourceManagement.Data.DataAccess.EvaluateRequest(RequestType request, RequestEvaluationOptions options)
       --- End of inner exception stack trace ---

    3/ Warning Event ID 2 :

    Microsoft.ResourceManagement.WorkflowDataExchangeException: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ManagementPolicyRule
       at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy)
       at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessPutWorkItem(UpdateRequestWorkItem updateWorkItem)
       at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
       at Microsoft.ResourceManagement.Workflow.Activities.FunctionActivity.FunctionActivityStoreResultComplete(Object sender, QueueEventArgs e)
       at System.Workflow.ComponentModel.ActivityExecutorDelegateInfo`1.ActivityExecutorDelegateOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
       at System.Workflow.Runtime.Scheduler.Run()

    This issue is not constant. For exemple I have no issue during 1 week, and one night, I encounter 4 or 5 errors on different objects.

    Do you see this issue ? Any idea of the origin ?

    I think there are bugs on the SPROC of CalculateRequestSetTransitionsStatementEvaluation, or during the search of MPR to apply. I see that requests on error doesn't have any applied MPR...

    Thank you.


    0 0

    Hi guys,

    Just a quick question. I've set up FIM to create users in AD and they can all log on and have the password registration portal appear as normal. Great! The question is, I have several hundred users in my AD and instead of importing them all into FIM (because I don't need to manage them all in there) can I simply add them to a group and then have any member of that group have to register their security questions? Or will it simply ask them every time they log on? If it can be done does anyone know how?

    Thanks guys!

    0 0

    Hi All,

    Hope you all well.

    I wants to create a connector for windows azure active directory for FIM 2010 r2. I have installed windows online assistance and AAD connector but while creating the connector, i am facing the below issue.

    Any help would be appriciated.

    ajay kumar

    0 0

    Hello All,

        I'm in the process of setting up a new production FIM 2010 R2 server. I have already installed the FIM synchronization service and I was able to install this successfully. I have already installed SharePoint services (WSS 3.0) and configured it for FIM. But when I try to install the FIM Service and Portal. I keep getting and error that says " FIM Service and Portal Installation Ends Prematurely" with no other details. If anybody has any advice please let me know. 

        I have already installed everything on a stand alone box in a dev environment and it all works correctly however I am unable to now install in a production environment 


    0 0

    Hi; I have downloaded the Granfeldt PowerShell MA and was trying to modify Mr Granfeldt's Office 365 scripts to set licensing on users that have been provisioned into a test tenant. The import script works fine but I am having some issues with the export. It would seem that the line that collects the IsLicensed Boolean value from the connector space is not working and I will be honest, my skills in powershell as it integrates with FIM are not the best...

    What I am finding is that when I run the script, the bolded line always returns false (even though the value in the CS is True):

     $User = $_.'[DN]'
     $User | Out-File -Append $File

     $Action = $_.'[ObjectModificationType]'
     $Action | Out-File -Append $File
     [bool] $IsLicensed = $_.AttributeChanges | where {$_.Name -eq "IsLicensed"} | foreach { [bool] $_.ValueChanges[0].Value }

      $AlreadyLicensed = [bool] (Get-MsolUser -userprincipalname $user -ErrorAction SilentlyContinue | Select -Expand isLicensed)
     "Should License: $IsLicensed"  | Out-File -Append $File
     "Is Licensed: $AlreadyLicensed"  | Out-File -Append $File

    I am assuming that it is just a configuration error on the line and was hoping someone could point out my error. Running the script in the PS ISE returns a conversion error:

    Cannot convert value "System.Management.Automation.PSCustomObject" to type "System.Boolean". Boolean parameters accept only Boolean values

    and numbers, such as $True, $False, 1 or 0.

    Many thanks...

    0 0

    I want to redirect direct to SSPR Registration Page without Browser POPUP. I want solution for Internet not for Domain.

    Is  it  possible to pass our own Credentials automatically to that POPUP ?...or Any other solution if there is.

    ajay kumar

    0 0
  • 03/24/14--22:00: PCNS from Novell eDirectory?
  • I've got a straight forward question. Is there a PCNS service for Novell eDirectory? Can I use Novell eDirectory as a source for password synchronisation in FIM?

    0 0

    Just added some samples for viewing Run History using WMI and the FIM PowerShell module:

    CraigMartin – Edgile, Inc. –

    0 0

    good day , I created a domain user through FIM 2010 , created for the user attribute DN (cn = LastName FirstName middleName, ou = fim2010, dc = company, dc = test).after the user is created, I move it to another OU (named "NewOU") through ActiveDirectory console.After moving I do Delta Import on ADMA in my FIM.Watching Connector Space for ADMA.DN attribute is changed to "cn = LastName FirstName middleName, ou = NewOU, ou = fim2010, dc = company, dc = test".Check changes in the metabase "Distinguished Name (old) - my new DN" and "Distinguished Name (new) - my old DN, which initially creates a user in AD" after synchronization and Export , users are removed from the new OU and move into the old . I think that it is because of Initial Flow Only for Outbound AD rules .But I have created two identical rules declaring attribute DN.first marked as Initial Flow Only second to none.

    0 0


    We are trying to test Forefront Identity Manager that possible to sync Distrubution Group and Contact List between two Exchange Online.

    Can any one able to provide some information or is it possible to do it ?



    0 0


    I am trying to create a simple RBAC using standard objects of FIM Service. So i am associating type "Set" with role, expanding it with multivalue reference attribute "ListOfPermissions". I want to achieve the next behavior: when user dynamically join to the set the MPR is executing custom workflow that adds this user to the members of according permission object. Rather simple, BUT is there a way not to specify MPR for every set manualy, but specify it ones with next logic for example: when someone join to any set with IsRole flag set to 1 the MPR is executed and etc... as described above? The straight-line methods have not yielded results.

    Need any help, thanks in advance!

    0 0

    How do I build a process to select the certificates issued during a certain time, and download the certificate public keys to files on the PC?

    This can be done in .Net, or any other scripting solution.

    Running FIM CM 2010, on windows server 2008.


    0 0


    I'm trying to figure out why the group member attributes in the CS are not flowing into the MV.  Here's what I have:

    An HR system running on SQL Server
    A staging database that extract data from the HR system
    The staging database has a table representing person object
    The stating database has a table representing person multi-valued attributes (i.e location, job code, etc)
    The staging database has a table representing group objects
    The staging database has a table representing group memberships (mult-valued)

    A SQLMA connected to the person and person multi tables
    A SQLMA connected to the group and group membership tables

    All group memberships are based on job codes and locations.  There are no approval process in place.  If they have this job code, they get certain groups.  That's all calculated in the staging database and the memberships are in the group membership table

    This system does connect to AD (and a few other things), but I'm not concerned with that, right now.

    I've read 100 articles on this, most of them over 5 years old, and tried the ones that made sense.  The flow from the database into the CS works well.  No issues there.

    But, a search of the metaverse for the group shows an empty member attribute.  The sync process is not throwing any errors.  At least they're not showing up in the sync service app or the event logs.

    Where allowed, I'm using rules extensions for everything.  I can't use a rules extension to set the member attribute because it's an rdn.

    I'm going to move forward with this by extending the metaverse schema and adding a multi-valued string attribute named "memberOf" to the person object.  Then, I'll modify my existing MA to use that attribute instead of the member attribute.  I'm not sure what kind of issues I'm going to run into when exporting that to AD.  I'll cross that bridge when I come to it.  I don't anticipate that being an issue as the dns for all these objects will be calculated by the ADMA based on locations, group functions and person types (bascially, I don't care about the MV rdn).

    Anyway, I'm looking for some real world insight on this.  This whole effort is to migrate off an existing IDM system that works very, very well but quite expensive to license.


    Greg Wilkerson

    0 0

    Hello everybody

    There were approximately 11 labs in technet related to FIM 2010, however only 4 still work and the others have disappeared

    I was particularly interested in the ones regarding the Security Groups management

    I really need them, and they are nowhere to be found.

    Thank you 

    0 0

    I'm trying to install KB2870703 however I have our servers setup this way:
    Server A: FIM Service & Sync Service

    Server B: SharePoint 2013, Password Reset Portal, Password Registration Portal

    When attempting to install FIMService_x64_KB2870703.msp It starts and dies almost instantly

    The errors from the log:

    Action 12:27:15: CheckSharepointAdminServiceRunning.
    Action start 12:27:15: CheckSharepointAdminServiceRunning.
    SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIEE5B.tmp-\
    SFXCA: Binding to CLR version v2.0.50727
    Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
    Exception thrown by custom action:
    System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
    File name: 'Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c' ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
    File name: 'Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c'

    WRN: Assembly binding logging is turned OFF.
    To enable assembly bind failure logging, set the registry value  (DWORD) to 1.
    Note: There is some performance penalty associated with assembly bind failure logging.
    To turn this feature off, remove the registry value .

       at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)

       --- End of inner exception stack trace ---
       at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
       at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
    CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 12:27:15: CheckSharepointAdminServiceRunning. Return value 3.
    Action ended 12:27:15: INSTALL. Return value 3.
    Property(S): Data = C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\

    0 0
  • 03/25/14--13:44: Looking for feature list
  • I am looking for a feature list for Forefront Identity Manager.  We are in the beginning phases of evaluating identity management solutions and have a wish list of functionality.  I am looking for high level documentation that describes what Forefront is designed to do.



    0 0
  • 03/25/14--16:45: FIM 2010 R2 SSPR Licensing
  • How does the licensing works when the client only need to use Sync service, PCNS and SSPR ( no FIM portal).

    Thanks, John

    0 0
  • 03/26/14--00:14: filtering during full import
  • good day, whether it is possible to FIM2010 filtering during full import (SQL MA)?? "Configure Connector Filter" does not suit me. Also, I was wondering whether you can use the function during a full import, for example "StringReplace" for what some attribute.

older | 1 | .... | 47 | 48 | (Page 49) | 50 | 51 | .... | 204 | newer