Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

FIM CM Certificate Recovery on Behalf

0
0

Cannot find the place on FIM CM Portal where I could recover the profile of the subscriber.

I guess that should go to "Find a user to view or manage their information" and after type the subscriber username name and get his profile info, there should be an option to recover his profile.

But not. 

Found this link with kind of the same question.

http://social.technet.microsoft.com/Forums/en-US/e4478fe8-238b-4723-89c2-a52a22125ae5/certificate-recovery?forum=ilm2

By the way, I guess that KRA is working fine because the Recover Management Policy is working fine.

not sure if I am lost on the Portal Interface because I am pretty sure that My Recover on Behalf account have enough permissions on AD.

Andres Z.


andresz


What is "Use as existence test" ?

0
0

Hi,

Besides bloating the FIM database with DREs, what is the "Use as existence test"checkbox really for and how is it meant to be used?

Thanks you,

sk

FIM Portal visualization/documentation?

0
0

Hi,

Is there a way to visualize/view/document how all the MPRs, Sets, Workflows, Sync Rules are all interconnected on the FIM Portal?

Would be great if there was a tool to document the relationships between all the building blocks.

Regards,

SK

Can I answer these Questions with FIM Reporting out of the Box?

0
0

Hi all
For which of the following questions can FIM Reporting provide an answer out of the box?

1. Which groups was a secific user member of at a given day? Provide me a list of Groups.

2. Was User "A" member of Group "B" at a given day? Provide an empty list of groups or a list with one entry. Or provide a Y/N. But I think this would not be the way.

3. Who was member of a given Group at a specific data. Provide me a list of users and / or groups.

4. Who was member of a given Group during a period of time. Provide me a cumulative List.

5. Who was able to change membership of a given group at a given date? Provide me a list.

6. who was able to change membership of a given group during a period of tine. Provide me a cumulative List.

If these answers cannot be provided out of the box, is the data required to answer it collected by default and only the reports must be created or is it also necessary to export more data to Data Warehouse?

Thanks to you all. Henry.

(No displayName) and precedence

0
0

Hello,

I have a requirement where AD users should be able to update some of their attributes in the FIM portal. Users are created in AD.

If I set AD as being precedent for displayName the FIM portal changes for displayName are not reflected in AD. If I set FIM as being precedent for display Name as new users are imported into AD their display names are shown as "(no DisplayName)".

I need the FIM portal to reflect the actual AD display name, but also give users the ability to set their AD display name. Would using equal precedence be the correct way to go? I'm suspicious that one change could be over written by another.

Thanks


IT Support/Everything

Intermittent outage when accessing the FIM portal

0
0

Hello all,

We are seeing a very strange FIM Portal issue at a current customer.
Basically intermittently the portal stops working showing the good old "Service not available" error message.

The strange thing is after 10 minutes the service returns.
The configuration is not crazy, there are two servers running SharePoint 2013 Foundation, FIM Portal and FIM Service.

DNS is only pointing at the first server at the moment and the Portal works fine on both servers when browsing locally.
Build number 4.1.3496.0.

Loadbalancing is not configured, and all SPN's are correct (as demonstrated by the fact that it works okay 90% of the time.)

We have double checked all the FIM config files to make sure everything is ok, otherwise we would never be able to access the FIM portal in the first instance. The trouble only happens intermittently, and no error logs are generated in the event viewer (even with extra error logging). The error can happen mid-session when browsing the portal, and happens for all user accounts.

Worth mentioning that when the portal is down, it often DOES work directly on the FIM Portal server. The DNS records are all updated to point to the FIM Service and the FIM portal and there are no "localhost" entries in the configuration files. Also, when the portal goes down, we can still see the XML file when we type http://fimservice:5725 in IE.

We are quite stumped by this, any ideas/clue much appreciated. This is quite an urgent issue

Thanks


How to do provisioning in Active Directory multiple lavel OU structure from FIM 2010 R2 with Country basis.

0
0

Hi,
 
I want to do provisioning in Active Directory multiple level Organization Unit(OU) from FIM 2010 R2  with country name basis.

Suppose i have Asia,Europe,UK,USA region OU and they have another OU in Asia OU like India,china etc if country name is India then Users should be go in India OU and if  if country name is China then Users should be go in China OU.so please give me any idea on this this would be very helpful for me

Regards
 
Anil Kumar

Daily Password Expiration Reminder? Multiple Sets associated with single Management Policy Rule?

0
0

We want to send a daily reminder to users that their password is expiring in X Days starting 14 days out

I've got the expiration date in the portal (using the PowerShell MA - Thanks Søren Granfeldt!!!) 

I've got a set built one for each day so the users can Transition from 14 days to 1 day and each transition cause a temporal MPR to fire resulting in an email being sent to the user. 

Instead of making 14 MPR's to correspond to the 14 Sets can we have the 14 sets associated with 1 MPR that fires off the email?

Is there another way to go about this?

Thanks;

Jonathan


Assign edit permission to multiple admins dynamically

0
0

I have multiple franchises(>200) in my FIM environment. Each franchise can have multiple admins(User objects) and yes obliviously multiple users.

Now I want to allow franchise admins of a particular franchise to edit each and every user under that franchise. e.g. Suppose there is Franchise "California" which is having two admins (say A and B) and five users (Say C, D, E, F and G). I want admins (A and B) should be allowed to edit users (C,D,E,F and G). 

I know I can create two sets (One having franchise admins and another having franchise users) and then create request MPR which allow admin set to edit users under franchise user set. This is for single franchise. In my case there are 200 franchises that means 400 sets and 200 MPRs. 

Can someone please suggest another neat approach or workaround?

 

Cant Synchronize initial Active Directory Password on Office 365

0
0

Hi Team,

I want to synchronize my initial AD password on office 365 and i have followed the following link

https://www.cogmotive.com/blog/migration/setting-up-dirsync-between-active-directory-and-office-365

but after performing all the step i am not able to login into the office 365 wth the user account name and password of AD.

Please suggest some solution.

Your response will be highly appreciated.

Regards,

Aman Khanna


Exchange Migration

0
0

Hi,

I am currently developing a migration plan for a Cross-Forest Exchange migration.

Forest A is our existing domain and Forest B is our new forest we are migrating into. 

The plan is to have a period of coexistence between both forests. 

Our core business web application will be the first application to be migrated as we need the resources in the new environment for it. 

I used the Exchange script that creates the user object from Forest A into Forest B and then used ADMT to migrate the associated attibutes, Password and SID History. This means that my users appear in both Forest A and B and as far as the user is concerned, they use the same account to log onto our business app.

My query is what is the best way to do the cross forest coexistence? I have read many articles online about using GalSync to create a centralised GAL  using contacts. Can I still do this bearing in mind that both Forests will have Mail User accounts and not Contacts??

Im a bit confused as to how I should do it.

The goal here is to allow cross-forest calendar delegation and also display free/busy information.

Reference attributes from different CS

0
0

Hi!

I have the following situation: There are two Oracle MA, that imports data from HR-system. The first MA imports persons, the second one imports departments.  It isn't suitable for me to combine them. The department object has an atribute "chiefID", where is set an identifier of the person. So the question is: how can I flow chiefID as Reference atribute? AFAIK, to be able to flow reference attributes - both objects should be in one CS.

Thanks for any help!

what is Pro’s and Con’s to install FIM 2010 R2 SP1 in window server 2012

0
0

Hi,

what is Pro’s and Con’s  to install FIM 2010 R2 SP1 in window server 2012.

and also want to know there is any issue if i installed FIM 2010 R2 SP1 in window server 2012 with Sharepoint 2013 and SQL Server 2012.if  anybody have any document or link for above requirement.

Regards

Anil Kumar 

Granting permission to users using MPR

0
0

Hi All,

I have created MPR with set of requestors which gets triggered whenever manual-managed membership of a security group is changed. The MPR inturn has an authorization workflow configured. When a user who belongs to the set of requestors raises a request for group membership, the authorization workflow is triggered. But when a user who doesnot belong to that set raises a request, the user immediately becomes a member of the group without any authorization. If the requestor doesnot belong to set of requestors specified in the MPR he should not be able to raise the request. How can I acheive this?


Dolly

OTP SSPR

0
0

Hello , 

I want to use the OTP mail gate , anyone knows the duration validity of the OTP ? 

In the XOML WF there is a ResponseTimeout anyone knows more about it ? 

Thanks 


Change a Metaverse value when object is deleted in Connector Space

0
0

I have a scenario where we are syncing PIN numbers from a Mobile messaging server (SQL datasource) to an extension attribute in Active Directory.  When users are removed from the mobile messaging server it stages a delete on the Connector Space object which in turn recalls the attribute for the PIN from the Metaverse entry.  The Export sync rule is then broken because of the dependency on the PIN value.  It continues to hold and Export the value that was last synced from the mobile messaging MA.

Is there any way to change the extension attribute in the Metaverse based on the Connector Space object being deleted?  i.e. change the PIN value to '0' or null based on the CS object being deleted?

Password Registration Portal Next Button Dimmed

0
0

Hi Guys,

I have 2 SSPR Portals hosted on 2 different servers and load balanced, they are configured with and APP Pool account and proper SPNs. The issue I have is when both of the servers are up and running sometimes when the user logs on, the Next button is dimmed and I get the below errors from the Credential Manager.

System.Web.Extensions: System.Web.HttpException: This is an invalid script resource request.

   at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext context)

   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

------------------------

Session is null at Application_Error

-----------------------

When 1 server only is up, IIS stopped on the second one, everything works as expected. I have been into this for 2 days and tried almost everything. any ideas why this might be happening ?


Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer

FIM Guru needed! Apply within...

0
0

April fools out of the way, now let's find an April genius!

The name "April" is derived from the Latin verb "aperire", meaning "to open" in reference to being the season when trees & flowers start to "open".

And I have to say, judging from the quality of contributions in recent months, I can't wait to OPEN and read this month's community gold!

Things are hotting up in TechNet, and the Wiki has become a shining example of what the community has to offer.

If you can find the time to enrich us with your latest revelations, or some fascinating facts, then not only will you build up a profile and name for yourself within the gaze of Microsoft's very own glitterati, but you will be adding pages to the most respected source for Microsoft knowledge base articles. This could not only boost your career, but would benefit generations to come!

So don't be an April fool. Please realise the potential of this platform, realise where we are going, and join us in growing this community, learning more about you, and opening the minds of others!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker


#PEJL

Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!

If you are a member of any user groups, please make sure you list them in the Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.

unlock

0
0

help me please connect to server and  unlock passcode and reset factory settings please my son locked his sony xperia

PowerShell registration problem

0
0

Hi,

I've got a problem with registering users for password reset in FIM - they are created in FIM Portal and they are populated with accountName, Domain and ObjectSID attributes.

I don't have registration portal as my company doesn't need to use this - instead of we have OTP SMS gate. I wanted to test registration of one account through script listed in TechNet article: Register-AuthenticationWorkflow

But I have "Denied" status thrown on "Create GateRegistration (...) Request". Why is that so? I am an administrator...


Viewing all 4767 articles
Browse latest View live




Latest Images