Migrating FIM Portal configuration?

May 15, 2014, 7:33 pm

≫ Next: Creating an approval workflow for a customized request form

≪ Previous: Where is the FIM Automation Powershell Module?

Hi,

We have tried the Microsoft approach, but it doesnt migrate everything (http://technet.microsoft.com/en-us/library/ee534906%28v=ws.10%29.aspx) - there is a problem with the MA GUIDs, so all the Sync Rules have to be recreated - and there typically is a lot more errors that I just cant remember at the moment.

Is there a way to export just the MPRs or Sets, or Sync Rules or Workflows by themselves? And in turn import just the MPRs, or Workflows, etc?

Would be great to be able to export them to a Powershell object, for clean import later.

thanks

↧

Creating an approval workflow for a customized request form

May 15, 2014, 8:58 pm

≫ Next: Best way to configure AD MA for SSPR and Guest Provision

≪ Previous: Migrating FIM Portal configuration?

Hello,

I have created a customized request form in FIM that users are to fill up and submit for rights request. A workflow is required for for request process from the requester an escalation of approvers for the request to be approved or denied.

My challenges are:

Adding a control to my xml configuration file that will allow users to select multiple items, a checkbox feature with a list of rights to apply for
Creating a workflow for the customized request form, so that the approvers receive mail with the details filled on the form as the body text of the mail.?

How can I achieve these? I will greatly appreciate your help.

Regards,

Josephine

↧

Best way to configure AD MA for SSPR and Guest Provision

May 16, 2014, 2:04 am

≫ Next: Issue with RCDC for Custom "Department" object type

≪ Previous: Creating an approval workflow for a customized request form

We are looking at achieving the following with FIM, and I'm not 100% on how or if this can be achieved:

Self service password reset for students and staff.( requires importing all AD users into metaverse?)
Provision and de-provision of guest users within a specific guest OU.
Must not be able to delete or create any users outside of the specific Guest OU.

Is this achievable? and If so what configuration is required?

At this moment in time I have the portal, SSPR portal and password reset portal but have done no further work.

↧

Issue with RCDC for Custom "Department" object type

May 17, 2014, 9:59 pm

≫ Next: Is Passport Still Used?

≪ Previous: Best way to configure AD MA for SSPR and Guest Provision

Hey Guys,

Maybe somebody can point out where the issue is with the RCDC. I have a custom object type called Department in FIM portal and wanted to create a simple interface for it so users can add and edit department fields.

The only two fields that should show on the RCDC is department and divisions(this is the name of the custom field) all the fields work but I keep getting the following error "There's an error in the Department display configuration.Please contact your system administrator"

Below is the RCDC:

<?xml version="1.0" encoding="utf-8"?><!--Copyright (c) Microsoft Corporation.  All rights reserved.--><my:ObjectControlConfiguration xmlns:xd="http://schemas.microsoft.com/office/infopath/2003" xmlns:my="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><my:ObjectDataSource my:Name="object" my:TypeName="PrimaryResourceObjectDataSource"/><my:ObjectDataSource my:Name="delta" my:TypeName="PrimaryResourceDeltaDataSource"/><my:ObjectDataSource my:Name="rights" my:TypeName="PrimaryResourceRightsDataSource"/><my:ObjectDataSource my:Name="schema" my:TypeName="SchemaDataSource"/><my:XmlDataSource my:Name="summaryTransformXsl" <my:Parameters="Microsoft.IdentityManagement.WebUI.Controls.Resources.DefaultSummary.xsl"/><my:Panel my:Name="page" my:Caption="Default Configuration" my:AutoValidate="true"><my:Grouping my:Name="_caption" my:Caption="Caption" my:IsHeader="true"><my:Control my:Name="_caption" my:TypeName="UocCaptionControl" my:Caption="Create Department" my:Description="" my:ExpandArea="true"><my:Properties><my:Property my:Name="MaxHeight" my:Value="32"/><my:Property my:Name="MaxWidth" my:Value="32"/></my:Properties></my:Control></my:Grouping><my:Grouping my:Name="DepartmentInformation" my:Caption="Department Information"><my:Control my:Name="Department" my:TypeName="UocLabel" my:Caption="{Binding Source=schema, Path=Department.DisplayName}" my:Description="" my:RightsLevel="{Binding Source=rights, Path=Department}"><my:Properties><my:Property my:Name="Required" my:Value="True"/><my:Property my:Name="Text" my:Value="{Binding Source=object, Path=Department, Mode=TwoWay}"/></my:Properties></my:Control><my:Control my:Name="Divisions" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=Divisions.DisplayName}" my:Description="{Binding Source=schema, Path=Divisions.Description}"><my:Options><my:Option my:Value="" my:Caption="" my:Hint="Please Select a Division"/><my:Option my:Value="Division of Academic Affairs" my:Caption="Division of Academic Affairs"/><my:Option my:Value="Division of Administration" my:Caption="Division of Administration"/><my:Option my:Value="Division of Adult &amp; Continuing Education" my:Caption="Division of Adult &amp; Continuing Education"/><my:Option my:Value="Division of Information Technology" my:Caption="Division of Information Technology"/><my:Option my:Value="Division of Institutional Advancement" my:Caption="Division of Institutional Advancement"/><my:Option my:Value="Division of President's Office" my:Caption="Division of President's Office"/><my:Option my:Value="Division of Student Affairs" my:Caption="Division of Student Affairs"/></my:Options><my:Properties><my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=Divisions.Required}"/><my:Property my:Name="ValuePath" my:Value="Value"/><my:Property my:Name="CaptionPath" my:Value="Caption"/><my:Property my:Name="HintPath" my:Value="Hint"/><my:Property my:Name="ItemSource" my:Value="Custom"/><my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=Divisions, Mode=TwoWay}"/></my:Properties></my:Control></my:Grouping><my:Grouping my:Name="summary" my:Caption="Summary" my:IsSummary="true"><my:Control my:Name="summaryControl" my:TypeName="UocHtmlSummary" my:ExpandArea="true"><my:Properties><my:Property my:Name="ModificationsXml" my:Value="{Binding Source=delta, Path=DeltaXml}"/><my:Property my:Name="TransformXsl" my:Value="{Binding Source=summaryTransformXsl, Path=/}"/><my:Property my:Name="Hint" my:Value="{Binding Source=schema, Path=%AttributeName%.Hint}"/></my:Properties></my:Control></my:Grouping></my:Panel></my:ObjectControlConfiguration>

Any advice is appreciated.

↧

Is Passport Still Used?

May 18, 2014, 9:52 am

≫ Next: April's FIM Gurus Announced!!

≪ Previous: Issue with RCDC for Custom "Department" object type

I setup a passport Id years ago in 2001. I'm not sure MS uses passport anymore. Is it still necessary? I couldn't login on Technet here with it - I needewd a seperate new ID.

Should I abandon it?

PJV

↧

April's FIM Gurus Announced!!

May 18, 2014, 2:16 pm

≫ Next: FIM SSPR in different forest?

≪ Previous: Is Passport Still Used?

The results for April's TechNet Guru competition have been posted!

http://blogs.technet.com/b/wikininjas/archive/2014/05/17/the-microsoft-technet-guru-awards-april-2014.aspx

Congratulations to all our new Gurus for April!

We will be interviewing some of the winners and highlighting their achievements, as the month unfolds.

Post your MAY contributions here:

http://social.technet.microsoft.com/wiki/contents/articles/24252.technet-guru-contributions-for-may-2014.aspx

Read all about May's competition, hopefully in a stickied post, at the top of this forum.

Unfortunately the forum won't let me post the full version, or even a drastically trimmed version here, so you'll have to visit the link above to see the results :/

A huge thank you to EVERYONE who contributed an article to April's competition.

Hopefully we will see you ALL again in May 2014's listings?

If you haven't contributed an article for this month, and you think you can create a more useful, clever and better presented wiki article than the winners above,here's your chance! :D

Best regards,Pete Laker

More about the TechNet Guru Awards:

TechNet Guru Competitions
How it works

#PEJL

Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!

If you are a member of any user groups, please make sure you list them in the Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.

↧

FIM SSPR in different forest?

May 19, 2014, 12:02 am

≫ Next: Provisioning MailContact in Exchange2010 is missing some Exchange attributes

≪ Previous: April's FIM Gurus Announced!!

Hi,

Is is possible to have FIM Sync and Service/Portal in our Intranet Forest, and the FIM SSPR server in another DMZ Forest?

Would there be a requirement for any Trust relationship between the Intranet and DMZ forests?

Thanks,

↧

Provisioning MailContact in Exchange2010 is missing some Exchange attributes

May 23, 2014, 10:25 am

≫ Next: Slow FIM Service Management Agent

≪ Previous: FIM SSPR in different forest?

Hello All!

I am using ExchangeUtils.CreateMailEnabledContact to create new MailContacts in Exchange 2010. It seems to work fine because the contact gets created and I can see it in the EMC. However, it is missing many of the Exchange (mxExch*) attributes that are normally populated when I create a contact from the EMC. In fact, the only msExch attribute it populates is msExchPoliciesIncluded.

Most I don't really need but one in particular that I want populated is msExchRecipientDisplayType for object identification. It gets set if I perform aSet-MailContact {contact name} -ForceUpgrade. I suppose I can just set it during provisioning but I just want to make sure that this is expected behavior or is something going wrong during creation.

Thank you
Karl

↧

Slow FIM Service Management Agent

May 23, 2014, 7:56 pm

≫ Next: FIM Portal Powershell Get users using wildcard characters

≪ Previous: Provisioning MailContact in Exchange2010 is missing some Exchange attributes

Hey Guys,

I just upgraded our production FIM 2010 setup from FIM 2010 R2 to FIM 2010 R2 SP1 build 4.1.3419.0. I updated both the portal and synchronization service both are running the same version however importing/syncing/exporting using the FIM MA is extremely slow. Any advice regarding speeding it up?

↧

FIM Portal Powershell Get users using wildcard characters

May 25, 2014, 8:53 pm

≫ Next: How to import pwdLastSet and badPasswordTime attribute from Active Directory to FIM 2010 R2 Portal.

≪ Previous: Slow FIM Service Management Agent

Noob at FIM and powershell

If we want to get all users in portal with DisplayName starting with A.. how do we do that?

$PeopleStartingWithA = export-fimconfig `–onlyBaseResources `
    -customconfig "/Person[DisplayName = 'A*']"

This does not work.. So how can we do this?

Just trying to create a powershell to get all those users and delete them..

Thanks

↧

How to import pwdLastSet and badPasswordTime attribute from Active Directory to FIM 2010 R2 Portal.

May 26, 2014, 3:48 am

≫ Next: FIM 2010 R2 & GALSync?

≪ Previous: FIM Portal Powershell Get users using wildcard characters

Hi,

How to import pwdLastSet and badPasswordTime attribute from Active Directory to FIM 2010 R2 Portal.

Regards

Anil Kumar

↧

FIM 2010 R2 & GALSync?

May 26, 2014, 9:32 pm

≫ Next: FIM Password not sync to office 365

≪ Previous: How to import pwdLastSet and badPasswordTime attribute from Active Directory to FIM 2010 R2 Portal.

Hi,

In the past, it was recommended (and I think required) that GALSync run on its own instance of MIIS/ILM/FIM.

I have experienced and seen posts where GALSync MA and FIM MA have issues coexisting on the same server - so is it still required that GALSync have its own instance of FIM 2010 R2 Sync?

Thanks,

↧

FIM Password not sync to office 365

May 27, 2014, 12:59 am

≫ Next: MS SQL MA multivalued attribute removal unexpected behaviour

≪ Previous: FIM 2010 R2 & GALSync?

Case refer to http://community.office365.com/en-us/f/156/t/241373.aspx

A1: Do you mean that all the accounts has been synced to Office 365 online and assigned Lync online licenses, but some of the accounts can't be used to login to Office 365 online portal?

Yes, two OU account synced to Office 365 online, without sync error.

But I don't know how many account can't login , I just test to create a Account in Local AD , after synced and applied licenses. The account still can't login. I tried to use powershell to change password , It can login. So i guess to password is not sync .After that ,I have tried to change password in local AD. and the FIM show the password update success , but can't login using the new password.

↧

MS SQL MA multivalued attribute removal unexpected behaviour

May 27, 2014, 6:36 am

≫ Next: QA Gate - CSV multivalue

≪ Previous: FIM Password not sync to office 365

Hello all

I have a strange situation on a FIM 2010 R2 implementation. Using the out of the box MS SQL MA, we have a multi-valued table set up correctly. One of the multivalued attributes is 'Owner' (or it could be 'Manager' etc.). Now if this attribute is not present in the table, then on an import and sync obviously nothing flows. If the attribute is subsequently populated then this flows into the MV as it should. Adding additional Owners also works properly.

However, if the table values are subsequently deleted (i.e. no Owners) then on the next import the object throws an "invalid-attribute-value" exception, the detail is "the attribute value was not specified".

It feels as though the CS persists with the attribute connection. I have never seen this with a single valued attribute, which FIM quite happily processes through as a deleted attribute. There is nothing special about the attribute, it is not a reference, just a simple string and a direct flow.

We can work around this behaviour by dropping in a dummy string if the table value is not present and then filtering it out on the corresponding export MA, but it just seems to be incorrect.

I have searched thoroughly for any other occurrences of this on the 'net but cannot find anything. Anyone?

↧

QA Gate - CSV multivalue

May 27, 2014, 6:58 am

≫ Next: Admin Portal

≪ Previous: MS SQL MA multivalued attribute removal unexpected behaviour

I have an attribute named IDNumbers in FIM Portal & Service. The field contain all the ID numbers that employee have separated by comma (some have just one and some two or more)

Example 1: 123456

Example 2: 234567,987654,246810

I'd like to use QA gate to ask IDNumbers field from user, but I want that users can just type one of those numbers (and it can be any of them).

If I use this to register users, they need to type the whole thing

$userTemplate.GateRegistrationTemplates[0].Data[0].Value="234567,987654,246810"

On the other hand, if I use this, users get multiple questions:

$userTemplate.GateRegistrationTemplates[0].Data[0].Value="234567"

$userTemplate.GateRegistrationTemplates[1].Data[0].Value="987654"

$userTemplate.GateRegistrationTemplates[2].Data[0].Value="246810"

Is there a way to do this so that users can type one and any of those values?

↧

Admin Portal

May 27, 2014, 7:35 am

≫ Next: FIM 2010 R2 SP1 Selfe Service Password reset

≪ Previous: QA Gate - CSV multivalue

Is there any documentation regarding setting up an admin portal?

↧

FIM 2010 R2 SP1 Selfe Service Password reset

May 28, 2014, 3:10 am

≫ Next: Synchronization: Attributes Not Applied

≪ Previous: Admin Portal

Hi all,

if we have FIM 2010 R2 SP1 can we use an SMS gateway as a way of verification instead of the questions? so the user add his phone number on the portal and when he forget his password and ask for a new password an sms with a code to verify his identity then once it's verified he received an SMS with a new password which he is forced to change it once he login.?

Thanks

Tarek Khairy

↧

Synchronization: Attributes Not Applied

May 28, 2014, 6:01 am

≫ Next: Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "blah" is not present.

≪ Previous: FIM 2010 R2 SP1 Selfe Service Password reset

Hello,

Scenario: I have two Directory services.

The first Directory service is an Active Directory and the other is a OpenLDAP. I’m trying to synchronize the User inclusive they attribute from LDAP to Active Directory with Forefront Identity Manager 2010 R2. My OpenLDAP is as follows constructed “ou=people,dc=ldap,dc=de”. In the organizational Unit are my Users which I want to synchronize. As Example which attributes my Users have:

“cn=Marcel Leukel;

sn=Leukel;

givenName=Marcel;

uid=mleukel”

My Problem: I didn’t get all attributes in a full synchronization by the step from the Metaverse to the Connector Space from the FIMMA. That attribute “LastName” is the only one that I can synchronize. I get the value of the LastName from the LDAP attribute “sn”. If I create a preview after a full synchronization run than are all attributes on “Not Applied”. Only the attribute LastName was Applied.

Sincere regards,

Marcel Leukel

↧

Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "blah" is not present.

May 28, 2014, 12:10 pm

≫ Next: Automate SSPR OTP registration

≪ Previous: Synchronization: Attributes Not Applied

Hi,

I am trying to write a custom extension in Visual Basic that creates Exchange mail-enabled users (MEUs) in my target directory, for each mailbox in my source directory. I have the code below in my source MA extension, and have specified "targetAddress" as the flow rule name under the advanced attribute flow on the source MA. However, when I run a sync on the source MA, it returns the error "Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "targetAddress" is not present."

Any idea what I could be doing wrong?

Thanks in advance,

Adam

Case "targetAddress"
                If csentry("targetAddress").IsPresent Then
                    mventry("targetAddress").Value = csentry("targetAddress").Value
                Else
                    mventry("targetAddress").Value = ("SMTP:" & csentry("mailNickname").Value & "@contoso.com")
                End If

↧

Automate SSPR OTP registration

May 28, 2014, 5:31 pm

≫ Next: Is FIM 2010 R2 SP1 supported for Windows Server 2012 R2

≪ Previous: Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "blah" is not present.

Hello Friends,

I am using an script to register all my users with Password Rest Auth. WF for OTP. It is a manual process and need to run it to register all those users who are not register with Password Rest Auth. WF. But there are two things which should removed:

1- When I run the script it register all the users in the FIM including already registered users.

2- I have to run it manually and it register everyone in FIM DB.

I am trying to find a mechanism either to register them automatically when users are imported /created in FIM or if run the script it should register only those who are not registered.

I hope you guys must have a solution.

Regards
Stestman

↧

Latest Images