Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

IODS MA Full Synchronization

0
0

Hi,

We have IODS as data source and we have almost 1400,000 records in IODS which we have successfully imported in IODS MA connector space, Now when we are running full synchronization on IODS MA it just synchronizing 5000 records in 24 ours.So it seems like taking months to synchronize all 1400,000 records.

Is there any way we can speed up the synchronization process.

Thanks,

Rakesh


Error encountered during evaluation of Sync Rule

0
0

I've noticed a big amount of errors like this one in the event log:

The server encountered an unexpected error:"Error encountered during evaluation of Sync Rule: 'ORA2 Persons'. Details: Object reference not set to an instance of an object.

   at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)
   at Microsoft.MetadirectoryServices.Impl.ScriptHost.InvokeExecuteOutboundTransformationWorker(SyncRuleAttributeFlowArguments pArgs)
   at Microsoft.MetadirectoryServices.Impl.ScriptHost.InvokeMA_ExecuteOutboundTransformation(_OCTET octMVPreImage, _OCTET octMVDelta, _OCTET octCSHologram, _OCTET octUnappliedDelta, _OCTET octEscrowedDelta, _OCTET octUnconfirmedDelta, _OCTET octImportDelta, UInt32 nMappings, _SyncRuleAttributeFlowMapping* rgMappings, _OCTET* poctChanges, _MappingResults* pMappingResults, Int32* pOverallResult)

InnerException=>
none"

The problem is that it's pretty hard to understand what's going on, as the event log entry is not providing any information about which object was being exported.
Is there any way I could get some additional information about the error?

Moreover, these errors are present only in the event log, while the console is simply showing "success" as a result of the run
Is this the intended behavior or there is something wrong in my installation?


Paolo Tedesco - http://cern.ch/idm

How to upgrade FIM 2010 R2 version (4.1.3419.0) to FIM 2010 R2 (version 4.1.3510.0 ) in FIM 2010 R2

0
0

Hi,

I have already installed FIM 2010 R2 version (4.1.3419.0) and it is working fine.but now i need to upgrade FIM 2010 R2 version (4.1.3419.0) to FIM 2010 R2 (version 4.1.3510.0) in FIM 2010 R2.So please suggest me what steps we should be follow to upgrade FIM 2010 R2 version (4.1.3419.0) to FIM 2010 R2 (version 4.1.3510.0)   in FIM 2010 R2

Regards

Anil Kumar

The value of the Deparment attribute is not deleted by FIM portal

0
0
I use WSS3.0 as portal of FIM2010.
When I made FIM-MA and exported an account to portal of the FIM from AD of the base, malfunction happened.
I stay once without the value of Department attribute and the Company attribute being deleted on the FIM portal when I synchronize with Department of the account that synchronized after deletion in the information of the Company attribute again on AD.
Is this movement specifications? In addition, please tell me if there is a method to let FIM portal reflect the information that deleted the value on AD.

SharePoint Foundation 2014 MA

0
0

Hi,

I wrote an ECMA2.0 for SharePoint Foundation 2013. There is a Microsoft MA for SharePoint but requires one of the paid versions of SharePoint with the User Profile service application (UPA) running. The MA I wrote works with SharePoint 2013 Foundation Lists without the User Profile Service Application. Is this something anyone would be interested in?


Is there a maximum length for a custom expression?

0
0

Is there a documented maximum length of a custom expression in a sync rule? I have been unable to find one and as of yet, have not hit one. But for curiosity's sake, I was wondering if there is a limit?

Thanks

how to customize SSPR "Password Reset authN Workflow"?

0
0

My customer would like to explore the possibility to customize "Password Reset AuthN Workflow" to have both Email and SMS gate but only one Verification (Email gate-->SMS gate-->Security code verification), not the default one (Email gate-->Security code verification-->SMS gate-->Security code verification). Any suggestion?


Jason

Group Management related to different forest

0
0

Can any one please help me to achieve below goal:

Environment:
Two Forest: ForestA and ForestB
Trust: 2 way

In FIM: 
Created 2 AD MA(ADMA-A and ADMA-B) and pulled users from both forest in MV and then flown to FIM Portal.
Created one more AD MA(ADGroupMA-A) which is connected to Forest A. This MA is used for group management in Forest A.

There is a group in Forest A called GroupA.

Requirement:
We have added few forest A users and few Forest B users in GroupA using FIM Portal and then flown back members of this group to MV.
So in MV we have users from both forest A and B as member of this group.

Now I have to flow these members(Both Forest A and Forest B) to ADGrooupMA-A management agent. However I am not able to do this because 
connector space stores these users as reference and we don't have any reference for Forest B users in ADGroupMA-A connector.(ADGroupMA-A is only connected to Forest A)
How can we resolve this issue so that we will be able to flow users from both forest(A and B) as a member of a group which is existing in Forest A.

Thanks in advance!!


Group Management

0
0
I'm looking to use FIM to replace a customers third party group management solution. Some of their groups have criteria that must be satisfied before a user can be made a member. What options are available in FIM to reproduce this functionality?

Cheers,

Tom Houston, UK Identity Management Practice

Difference and similarity between ADFS and FIM

0
0
WHAT IS THE DIFFERENCE BETWEEN ADFS AND FIM? CAN I USE FIM FOR SINGLE SIGN ON? WHAT ARE THE USE CASES OF FIM?

How can I enable filtering on new Azure Active Directory Sync Tool based o Mail attribute?

0
0

We are testing new Azure Active Directory Sync Tool and want to sync only the users that have mail attribute populated. How can we accomplish it.

Regards,

Atul

Creating users and setting Passwords on other AD forrests => Kerberos-no-logon-server error

0
0

We are investigating the possiblility of FIM supporting multiple independent customer ADs i.e. one FIM instance but several AD MAs targetting many forests.

In our dev environment we have 3 separate virtual domains and I can get them talking to each other by editing the hosts file.

When I try to set the Password or userAccountControl via FIM I get the Kerberos error. OK. I guess we are forced into putting a complete DNS setup for development.

HOWEVER,

if I start a Powershell shell on the FIM server (fim002dfim.fim002d.local) and use ADSI calls I can set the password OK!!! e.g.

#hunt for user and set password

$MYobjDomain = New-Object System.DirectoryServices.DirectoryEntry "LDAP://cust1dc.cust1.local", "cust1\Administrator", "P@ssW0rd"

$MYobjSearcher = New-Object System.DirectoryServices.DirectorySearcher
$MYobjSearcher.SearchRoot = $MYobjDomain
$MYobjSearcher.PageSize = 1000
$MYobjSearcher.Filter = "(&(objectClass=user)(employeeID=$employeeid))"
$MYobjSearcher.SearchScope = "Subtree"


$MYuser = $MYobjSearcher.findone()
if ($MYuser -eq $null -or $MYuser.count -eq 0) {
    $x = "No user found on Cust1 with employeeID =" + $employeeid
    $x
    exit
}
$MYuserDN = $MYuser.path
                


$MYuserObj = [ADSI]$MYuserDN
$x = $MYuserObj.psbase.invoke("SetPassword",$newPass)
$x = $MYuserObj.Put("pwdLastSet",0)
$x = $MYuserObj.SetInfo()

$xx = "Password reset"
$xx

I am curious why FIM access via the AD Management Agent is so different from ADSI

Gal Sync not working

0
0

started a new install of Identity manager 2010 R2 evaluation on server 2008 r2 and sql 2012 for a cross-forest trust using exchange 2007. I'm primarily looking for free/busy synchronization to work.

Q. Do I just need to install 'Identity Manager synchronization service' component?

I installed Management agents for both domains but I get sync errors on some of the objects. What an I missing?

SSPR Configuration with more than one AD

0
0

Hello,

In our environment we are having user provisioning to multiple AD. We are using Password Reset functionality (SSPR) in "ABC" AD. The Service Accounts used by FIM are in "ABC" AD and majorly the AD being used is "ABC".

Is there any way to setup the SSPR in "DEF" AD as well without affecting the existing functionality.


Regards,
Manuj Khurana

SharePoint Connector ReferenceValue Sync Issue

0
0

Hi,

we use the FIM SharePoint Connector to sync user properties to the UserProfileStore to SharePoint on premise. As soon as we sync multiple ReferenceValues per UserObject the MA mismatches attributes during export (dispite of a confirming import).

For example:

Attribute A with Value A is exported into Attribute B and vice versa in the UPS. We discovered if we only export one ReferenceValue or none the attribute mapping is ok.

We confirmed the issue on multiple FIM instances, installations and MA configurations.

Has anybody experienced the same behavior with this connector?

Thanks for your suggestions and help.

Thomas


Management Agent error during Sync

0
0

Hi all,
during Delta Sync operation where I synchronize AD contacts from remote forest I receive this error:

System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.

   at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate)

   at System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate)

   at System.Diagnostics.EventLogInternal.VerifyAndCreateSource(String sourceName, String currentMachineName)

   at System.Diagnostics.EventLogInternal.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)

   at System.Diagnostics.EventLog.WriteEntry(String source, String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)

   at System.Diagnostics.EventLog.WriteEntry(String source, String message, EventLogEntryType type, Int32 eventID)

   at Mms_ManagementAgent_EHA_ContryRuleExtension.MAExtensionObject.Microsoft.MetadirectoryServices.IMASynchronization.FilterForDisconnection(CSEntry csentry)

The Zone of the assembly that failed was:

MyComputer - ERROR UNKNOWN

I've tryed to search for resolution but I haven't found any usefull notice to solve the issue.

Do you have any suggestion to resolve it?

Windows 2008 R2  - FIM 2010 R" 4.1.3419.0

FIM 2010 GAL over internet

0
0

Dear team, 

We are in the start of the project where we need to implement GAL Sync and common GAL for two exchange organisation in different forests. Please note that there is no AD trust or network connectivity between these two forests. We have chosen federated sharing for exchange free busy while FIM for common GAL. 

i want to know FIM 2010 can provision GAL over the internet , If answer is yes, what all are the prerequisite in terms of security, ports and access or is it suggested or recommended from Microsoft. 

Please suggest with details. Thanks for your support in advance


Satpal Kataria

SQL MA: Non-Nullable Attribute as Reference

0
0

Why can't you have a non-nullable attribute as a reference?

Is this built due to performance reasons, or the fact that the Sync Engine might encounter a value that isn't a valid reference (which would make it a place holder anyways right?).

Custom Field In User Registration Portal

0
0

Hello,

Is there a way I can add a custom field during user password registration in FIM 2010 R2? I want to have a field to set a User PIN where user can enter a value and it can be used in future by user or helpdesk when user is not able to answer other secret questions.  I can not add it as one of the questions in QA gate as I don't want it to appear in initial Q&A when a user tries to reset his password. It should only appear when he is not able to answer other questions.

Any ideas are welcome

Thanks,

Nagendra

attributes to NULL

0
0

Hi,

Am learning FIM, Can any help me to understand when to declare the attributes as NULL? Does the error "exported-change-not-reimported" clears if we make the attributes as null.

Thanks.

Viewing all 4767 articles
Browse latest View live




Latest Images