Articles on this Page
- 06/04/14--06:16: _Problem with synchr...
- 06/04/14--12:13: _Help with XPath Query
- 06/05/14--04:23: _Pre-staging FIM cli...
- 06/05/14--05:56: _All Deleted Sync ru...
- 06/05/14--12:51: _Multiple Matches in...
- 06/05/14--16:05: _FIM 2010 gal sync e...
- 06/05/14--18:21: _Powershell - exchan...
- 06/05/14--21:14: _New FIM Portal User...
- 06/06/14--09:45: _Exception handling ...
- 06/06/14--22:07: _Best way to provisi...
- 06/08/14--16:30: _Unique username gen...
- 06/09/14--07:46: _FIM Service Fails t...
- 06/09/14--10:36: _VB MA extension cod...
- 06/10/14--01:26: _mvextension provisi...
- 06/10/14--01:42: _Home directory prov...
- 06/10/14--05:30: _Criteria group for ...
- 06/10/14--07:31: _Changing FIM Portal...
- 06/10/14--12:20: _FIM export custom g...
- 06/11/14--00:25: _Customising FIM por...
- 06/11/14--11:35: _Exchange Provisioning
- 06/04/14--06:16: Problem with synchronization rule
- 06/04/14--12:13: Help with XPath Query
- 06/05/14--04:23: Pre-staging FIM client in system image
- 06/05/14--12:51: Multiple Matches in Join Rule
- 06/05/14--16:05: FIM 2010 gal sync export fails on exchange 2007 org
- 06/05/14--18:21: Powershell - exchange - Add-MailboxPermission stopped working
- 06/05/14--21:14: New FIM Portal User Approval Workflow
- 06/06/14--09:45: Exception handling with the FIM PowerShell MA
- 06/06/14--22:07: Best way to provision Exchange 2013 / Lync 2013?
- If person get's married, last name changes, this should also change the email address
- 06/08/14--16:30: Unique username generation when creating new user via FIM Portal?
- 06/09/14--07:46: FIM Service Fails to Start
- 06/10/14--01:26: mvextension provisioning code connector object type
- 06/10/14--01:42: Home directory provisioning using the Windows Powershell Connector
- 06/10/14--05:30: Criteria group for employeeid range
- 06/10/14--07:31: Changing FIM Portal, SSPR Portals URLs
- 06/10/14--12:20: FIM export custom group's membership to ADDS
- 06/11/14--00:25: Customising FIM portal - username format
- 06/11/14--11:35: Exchange Provisioning
i have this error when i run a Delta Synchro Profile in FIM MA : The synchronization rule inbound flow rule is invalid.
Any idea ??
I was wondering if somebody can assist me in creating an xpath query to locate the following employees. The criteria is the following. I am looking for a list of all objects of the person object type that has an EmployeeID, and whos Employee Status is not Disabled, and their Employee End Date is not set.
We are beginning to implement FIM 2010 R2 SP1 in our environment.
I want to add the client install to our standard image - is there anything I should be aware of?
I notice that one of the reg keys that is installed contains a GUID. Should I delete this before sealing the image with sysprep?
HKLM\Software\Microsoft\Forefront Identity Manager\2010\GUID
I am trying to implement FIM for one of my Clients,
after following the TECHNET articles I have created two MA's
FIMMA and ADMA
when I run a full import on FIMMA, I see my old sync rules getting added,
also the new sync rule is not getting added and gives a unexpected error message , is it because of the above reason please suggest what is to be done
What's the default behaviour for join rules with multiple matches? I'm looking at implementing a match on a payrollID number between Oracle payroll users and AD users - both objects imported into FIM. I'm updating my AD user attributes with payroll data such as employee manager. AD users have portal and SSPR access.
Due to my data sources being less than 100% reliable some payrollIDs overlap - what is the default action during an import if multiple objects from the data source match? Presumably it's just a matter of various attributes being incorrectly updated for the wrong user or with the wrong values.
Provisioning of contacts to ex07 during export fails. The event log shows events : 6056,6401, and 6500 for FIM. The FIM console shows one account in error (if i remove it, it errors on the next one, so it's not the account). When i click on the export error and 'validate object against schema' it says required attribute 'cn' is missing. The export error tab lists no data under "error". If i click 'prevew tab' then generate privew and commit preview, it seems to work! WHat is going on here? Source forest is ex2010 dest forest is ex2007.
I am calling the command Add-MailboxPermission in a powershell workflow activity. I recently noticed that it stopped working. It was working fine before. The command after that, Set-mailbox still works.Can someone help me?
add-MailboxPermission -Identity $AcctName -User "NT Authority\SELF" -Accessright 'Fullaccess' (stopped working)
set-mailbox -identity $AcctName -HiddenFromAddressListsEnabled $false (working fine)
If someone creates a new user via the FIM Portal, can this go through a typical FIM Approval workflow before the user is provisioned to other target systems like for example AD?
How would you actually do this?
I've been experimenting with Søren Granfeldt PowerShell MA and so far I'm liking what I see. However, I'm wondering how the MA handles exceptions being thrown from the PowerShell script, especially on an import. From what I see, it ignores anything thrown from the script, and the MA returns with a complete-no-objects status, which is not ideal as you have no indication what the error actually is. I have implemented event log handling, so the exception will end up there, but I'd rather see a more appropriate error status come up in the Sync service.
I can see that the actual objects you return can accept an error message, etc., but if the error is on a global level (i.e. can't connect to the target system), what is the recommended approach?
Marc Mac Donell, VP Identity and Access Solutions, Avaleris Inc.
I'm trying to figure out which would be the best way to provision user accounts to have Exchange 2013 and Lync 2013 -enabled to their AD user account. I have one requirement for this:
For Exchange we're currently using a custom powershell activity (not the one everyone else is using...) to accomplish this with two sets and workflows, one for the provision (1st time) and one for the modification (if the name changes...). Although, this
custom PS activity isn't so accurate as it should be... Is anyone else provisioning Exchange 2013 through workflow activity? If so, would someone care to throw some examples?
Is it better way to do the Exchange / Lync with their own MA:s rather than using workflows to just enable the account with these two? If so, would someone please kindly help me to find some examples about Powershell MAs that can be used with Exchange / Lync?
Is it possible to create a new user using the FIM Portal, and have FIM create the unique username upon submission of the request in the Portal?
So effectively, when you create a new user in the Portal, the 'accountName' attribute would not be a mandatory field and therefore removed from the GUI using RCDC , and instead be generated based upon the unique AD username rules.
The FIM service on my FIM portal server fails to start if I reboot the FIM portal server by itself - if I try to restart the service manually I get a generic "cannot start service" message.
If I power down my synchronisation server, FIM service DB server and fim portal server, then power them on in sequence with a delay of a few minutes between each server, the FIM service on my portal server works fine and I can access the portal. Has anyone else come across this - I would have thought you could independently reboot the FIM portal server without any issues.
I am trying to modify some extension code for a management agent that will do the following:
If a user object in my "target" Active Directory connected data source has a proxyAddresses value that contains a certain sting of characters (i.e. "/o=ExchangeLabs/"), then I want to take only that proxyAddresses value, and write it back to that same user object in my "source" Active Directory connected data source.
Normally, I am flowing all proxyAddresses from the source AD to the target AD, but there may be this one proxyAddress in the target that I want to flow back to the source. It would be just this one value, and I want to write it back without affecting any of the other values that are already there. I would prefer that that code be in VB, if possible.
Thanks in advance,
Are connector object types defined in mvextension provisioning code essentially just labels?
e.g. csentry = ManagementAgent.Connectors.StartNewConnector("person");
Reason is that I am debugging some ops panel errors on a dev system and there are fixed width file MAs which are exporting groups for consumption by a legacy system. The file just contains: Group Code, Group Description, but in file MA connector space these are classified as person objects. Looking at the MVExtension code I can see that they are provisioned as csentry = ManagementAgent.Connectors.StartNewConnector("person");
This looks wrong to me and I think it could be changed by altering the object type in the MA and also in the provisioning code, but I'm trying to gauge whether there is any other impact except in terms of having been incorrectly labelled and making debugging data errors extremely confusing.
I was just wondering if anyone has used or documented the use of the Windows Powershell Connector for creating/moving/deleting users' home directories on remote fileservers? I have been unable to find any examples myself.
I have a couple of up-coming FIM jobs which will require some home directory automation and I'm currently determining whether the PSMA or Windows PS Connector would better suit my needs.
Any advice re/my question or home directory management with FIM in general would be much appreciated.
I'm trying to create a criteria group for all our company emplyees that have employeeid between 1 and 8999 + between 20000 sn 29999.
from what i have mahaged to find it should work with 2 range rules
"employeeid is [1-8999]"
"employeeid is [20000-29999]"
but this criteria does not return any users when i press view memebers.
how should i set the criteria so the users will be included ?
Is this possible to configure FIM Portal and SSPR Portals as :
If yes, Then please help.
If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu
we currently facing a problem with group's membership management.
We created our own resource type which represents a group, it has the same binding than native Group for group's management exept explicitMember and computedMember but we created a multivalued attribute for the members management. Moreover we have created the mandatory MPR and so on... In ADDS we are able to create the group but we have a problem to populate the member attribute and the displayedOwner. All other parts are working. We don't have any error in the event log or in FIM.
What have we missed ?
Does anyone have an idea ?
I've found this article on portal customisation with a whole heap of strings to play with but I can't seem to get username format to work -http://technet.microsoft.com/en-us/library/jj134312(v=ws.10).aspxg
The default value is domain\username and I want this to just display username without exposing domain, or use samaccountname instead. What would the string be for this?
Thanks in advance.
I like to set default values for POP3, IMAP4 but there are no multivalued constants to pass to Exchange's ProtocolSettings
What to do other than running a power shell script.