Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Installing HA Fim SSPR

March 23, 2014, 4:54 am
$
0
0

Hey Guys,

Im now installing the SSPR on a Load Balanced Sharepoint FARM. The Fim Portal works and exists on both servers in the IIS.

Now the thing is that i installed the SSPR (Reset and Registration portals) on the first node, the IIS sites are there and working, however now on the second node shouldnt SP be replicating those sites like it did with the FIM portal or shall i go and manually install the SSPR portal on the second node as well ? 

Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer

Search

FIM Gropus join restriction

March 23, 2014, 11:25 pm
$
0
0

Hello,

Here is a few word about FIM Groups and it is said that the atribute Membership Add Workflow can accept the next values: Owner approval, None and Custom. The behavior of first to values is clear, but what about "Custom"? How can I bind my custom approval workflow in this case?

Thanks in advance!

SQL Deadlock: CalculateRequestSetTransitionsStatementEvaluation

March 24, 2014, 2:30 am
$
0
0

Hello,

I have an issue during the execution of TemporalEventsJob.

On FIM Service, I have lot of alerts in Event viewer during the evaluation of SET Transitions. Each error is composed of 3 events:

1/ Error Event ID 3:

Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTransitionsStatementEvaluation, Line 153, Message: Transaction (Process ID 87) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

2/ Error Event ID 3:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTransitionsStatementEvaluation, Line 153, Message: Transaction (Process ID 87) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader()
   at Microsoft.ResourceManagement.Data.DataAccess.EvaluateRequest(RequestType request, RequestEvaluationOptions options)
   --- End of inner exception stack trace ---

3/ Warning Event ID 2 :

Microsoft.ResourceManagement.WorkflowDataExchangeException: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ManagementPolicyRule
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessPutWorkItem(UpdateRequestWorkItem updateWorkItem)
   at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
   at Microsoft.ResourceManagement.Workflow.Activities.FunctionActivity.FunctionActivityStoreResultComplete(Object sender, QueueEventArgs e)
   at System.Workflow.ComponentModel.ActivityExecutorDelegateInfo`1.ActivityExecutorDelegateOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

This issue is not constant. For exemple I have no issue during 1 week, and one night, I encounter 4 or 5 errors on different objects.

Do you see this issue ? Any idea of the origin ?

I think there are bugs on the SPROC of CalculateRequestSetTransitionsStatementEvaluation, or during the search of MPR to apply. I see that requests on error doesn't have any applied MPR...

Thank you.

Anthony.

can users in AD DS be in a group for FIM password registration?

March 24, 2014, 2:32 am
$
0
0

Hi guys,

Just a quick question. I've set up FIM to create users in AD and they can all log on and have the password registration portal appear as normal. Great! The question is, I have several hundred users in my AD and instead of importing them all into FIM (because I don't need to manage them all in there) can I simply add them to a group and then have any member of that group have to register their security questions? Or will it simply ask them every time they log on? If it can be done does anyone know how?

Thanks guys!

Windows Azure Actice Directory Connector for FIM 2010 r2

March 24, 2014, 4:14 am
$
0
0

Hi All,

Hope you all well.

I wants to create a connector for windows azure active directory for FIM 2010 r2. I have installed windows online assistance and AAD connector but while creating the connector, i am facing the below issue.

Any help would be appriciated.

ajay kumar

FIM Service and Portal Installation Ends Prematurely

March 24, 2014, 7:58 am
$
0
0

Hello All,

    I'm in the process of setting up a new production FIM 2010 R2 server. I have already installed the FIM synchronization service and I was able to install this successfully. I have already installed SharePoint services (WSS 3.0) and configured it for FIM. But when I try to install the FIM Service and Portal. I keep getting and error that says " FIM Service and Portal Installation Ends Prematurely" with no other details. If anybody has any advice please let me know. 

    I have already installed everything on a stand alone box in a dev environment and it all works correctly however I am unable to now install in a production environment 

   

Granfeldt Office 365 Sample Scripts

March 24, 2014, 8:11 am
$
0
0

Hi; I have downloaded the Granfeldt PowerShell MA and was trying to modify Mr Granfeldt's Office 365 scripts to set licensing on users that have been provisioned into a test tenant. The import script works fine but I am having some issues with the export. It would seem that the line that collects the IsLicensed Boolean value from the connector space is not working and I will be honest, my skills in powershell as it integrates with FIM are not the best...

What I am finding is that when I run the script, the bolded line always returns false (even though the value in the CS is True):

 $User = $_.'[DN]'
 $User | Out-File -Append $File

 $Action = $_.'[ObjectModificationType]'
 $Action | Out-File -Append $File
 [bool] $IsLicensed = $_.AttributeChanges | where {$_.Name -eq "IsLicensed"} | foreach { [bool] $_.ValueChanges[0].Value }

  $AlreadyLicensed = [bool] (Get-MsolUser -userprincipalname $user -ErrorAction SilentlyContinue | Select -Expand isLicensed)
 "Should License: $IsLicensed"  | Out-File -Append $File
 "Is Licensed: $AlreadyLicensed"  | Out-File -Append $File

I am assuming that it is just a configuration error on the line and was hoping someone could point out my error. Running the script in the PS ISE returns a conversion error:

Cannot convert value "System.Management.Automation.PSCustomObject" to type "System.Boolean". Boolean parameters accept only Boolean values

and numbers, such as $True, $False, 1 or 0.

Many thanks...

SSPR Redirection without Browser POPUP.

March 24, 2014, 12:14 pm
$
0
0

I want to redirect direct to SSPR Registration Page without Browser POPUP. I want solution for Internet not for Domain.

Is  it  possible to pass our own Credentials automatically to that POPUP ?...or Any other solution if there is.

ajay kumar

Search

PCNS from Novell eDirectory?

March 24, 2014, 10:00 pm
$
0
0
I've got a straight forward question. Is there a PCNS service for Novell eDirectory? Can I use Novell eDirectory as a source for password synchronisation in FIM?

Using FIM PowerShell Module to View Sync Run History

March 24, 2014, 10:18 pm

DN attribute change after moving the domain user

March 24, 2014, 11:27 pm
$
0
0
good day , I created a domain user through FIM 2010 , created for the user attribute DN (cn = LastName FirstName middleName, ou = fim2010, dc = company, dc = test).after the user is created, I move it to another OU (named "NewOU") through ActiveDirectory console.After moving I do Delta Import on ADMA in my FIM.Watching Connector Space for ADMA.DN attribute is changed to "cn = LastName FirstName middleName, ou = NewOU, ou = fim2010, dc = company, dc = test".Check changes in the metabase "Distinguished Name (old) - my new DN" and "Distinguished Name (new) - my old DN, which initially creates a user in AD" after synchronization and Export , users are removed from the new OU and move into the old . I think that it is because of Initial Flow Only for Outbound AD rules .But I have created two identical rules declaring attribute DN.first marked as Initial Flow Only second to none.

Sync global address book between two Exchange Online

March 25, 2014, 2:58 am
$
0
0

Hi,

We are trying to test Forefront Identity Manager that possible to sync Distrubution Group and Contact List between two Exchange Online.

Can any one able to provide some information or is it possible to do it ?

thanks

Keith

Emulating RBAC using FIM Service and Portal

March 25, 2014, 3:57 am
$
0
0

Hi!

I am trying to create a simple RBAC using standard objects of FIM Service. So i am associating type "Set" with role, expanding it with multivalue reference attribute "ListOfPermissions". I want to achieve the next behavior: when user dynamically join to the set the MPR is executing custom workflow that adds this user to the members of according permission object. Rather simple, BUT is there a way not to specify MPR for every set manualy, but specify it ones with next logic for example: when someone join to any set with IsRole flag set to 1 the MPR is executed and etc... as described above? The straight-line methods have not yielded results.

Need any help, thanks in advance!

Automate downloading certificates from FIM CM

March 25, 2014, 4:57 am
$
0
0

How do I build a process to select the certificates issued during a certain time, and download the certificate public keys to files on the PC?

This can be done in .Net, or any other scripting solution.

Running FIM CM 2010, on windows server 2008.

Thanks!

Group Memberships not Flowing into Metaverse

March 25, 2014, 7:39 am
$
0
0

Hello,

I'm trying to figure out why the group member attributes in the CS are not flowing into the MV.  Here's what I have:

An HR system running on SQL Server
A staging database that extract data from the HR system
The staging database has a table representing person object
The stating database has a table representing person multi-valued attributes (i.e location, job code, etc)
The staging database has a table representing group objects
The staging database has a table representing group memberships (mult-valued)

A SQLMA connected to the person and person multi tables
A SQLMA connected to the group and group membership tables

All group memberships are based on job codes and locations.  There are no approval process in place.  If they have this job code, they get certain groups.  That's all calculated in the staging database and the memberships are in the group membership table

This system does connect to AD (and a few other things), but I'm not concerned with that, right now.

I've read 100 articles on this, most of them over 5 years old, and tried the ones that made sense.  The flow from the database into the CS works well.  No issues there.

But, a search of the metaverse for the group shows an empty member attribute.  The sync process is not throwing any errors.  At least they're not showing up in the sync service app or the event logs.

Where allowed, I'm using rules extensions for everything.  I can't use a rules extension to set the member attribute because it's an rdn.

I'm going to move forward with this by extending the metaverse schema and adding a multi-valued string attribute named "memberOf" to the person object.  Then, I'll modify my existing MA to use that attribute instead of the member attribute.  I'm not sure what kind of issues I'm going to run into when exporting that to AD.  I'll cross that bridge when I come to it.  I don't anticipate that being an issue as the dns for all these objects will be calculated by the ADMA based on locations, group functions and person types (bascially, I don't care about the MV rdn).

Anyway, I'm looking for some real world insight on this.  This whole effort is to migrate off an existing IDM system that works very, very well but quite expensive to license.

Thanks,

Greg Wilkerson

Search

Where have the fim labs from technet disappeared?

March 25, 2014, 7:51 am
$
0
0

Hello everybody

There were approximately 11 labs in technet related to FIM 2010, however only 4 still work and the others have disappeared

I was particularly interested in the ones regarding the Security Groups management

I really need them, and they are nowhere to be found.

Thank you 

Error Installing FIMService_x64_KB2870703.msp when FIM Service and FIM Portal (SharePoint) are on two different servers!

March 25, 2014, 10:37 am
$
0
0

I'm trying to install KB2870703 however I have our servers setup this way:
Server A: FIM Service & Sync Service

Server B: SharePoint 2013, Password Reset Portal, Password Registration Portal

When attempting to install FIMService_x64_KB2870703.msp It starts and dies almost instantly

The errors from the log:

Action 12:27:15: CheckSharepointAdminServiceRunning.
Action start 12:27:15: CheckSharepointAdminServiceRunning.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIEE5B.tmp-\
SFXCA: Binding to CLR version v2.0.50727
Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
File name: 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' or one of its dependencies. The system cannot find the file specified.
File name: 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value  (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value .

   at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)


   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
   at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 12:27:15: CheckSharepointAdminServiceRunning. Return value 3.
Action ended 12:27:15: INSTALL. Return value 3.
Property(S): Data = C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\

Looking for feature list

March 25, 2014, 1:44 pm
$
0
0

I am looking for a feature list for Forefront Identity Manager.  We are in the beginning phases of evaluating identity management solutions and have a wish list of functionality.  I am looking for high level documentation that describes what Forefront is designed to do.

Thanks

Chris


FIM 2010 R2 SSPR Licensing

March 25, 2014, 4:45 pm
$
0
0

How does the licensing works when the client only need to use Sync service, PCNS and SSPR ( no FIM portal).

Thanks, John


filtering during full import

March 26, 2014, 12:14 am
$
0
0
good day, whether it is possible to FIM2010 filtering during full import (SQL MA)?? "Configure Connector Filter" does not suit me. Also, I was wondering whether you can use the function during a full import, for example "StringReplace" for what some attribute.
Viewing all 4767 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am
New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am