FIM 2010 R2 Lotus Domino MA error

August 11, 2014, 9:15 pm

≫ Next: Role Based Access Control and FIM

≪ Previous: Authenticate to FIM Portal using Smart Cards?

$

0

0

Hi,

I'm currently setting up a lab environment with the following configuration:

• a FIM 2010 R2 single server (with FIM Sync and FIM service)
• a Lotus Domino 8.5 server with customized LDAP schema
• Installed Domino Lotus 8.x connector to FIM (http://www.microsoft.com/en-hk/download/details.aspx?id=29038) in FIM server
• Installed Lotus Domino Client 8.5 FP3

I have tried to create a Management Agent (step 2 Connectivity) to Lotus Domino and I got the following error on event log:
 "Microsoft.MetadirectoryServices.ExtensibleExtensionException ---> System.NullReferenceException: Object reference not set to an instance of an object. 
   at Microsoft.IdentityManagement.MA.LotusDomino.NotesClientWrapper.DominoConfig.GetOrganizationalUnit(KeyedCollection`2 configParameters) 
   at Microsoft.IdentityManagement.MA.LotusDomino.Common.DominoConfigParam.GetConfigParameters(KeyedCollection`2 configParameters, ConfigParameterPage page) 
   at Microsoft.IdentityManagement.MA.LotusDomino.LotusDominoMA.Microsoft.MetadirectoryServices.IMAExtensible2GetParameters.GetConfigParameters(KeyedCollection`2 configParameters, ConfigParameterPage page) 
   --- End of inner exception stack trace --- 
   at Microsoft.IdentityManagement.MA.LotusDomino.LotusDominoMA.Microsoft.MetadirectoryServices.IMAExtensible2GetParameters.GetConfigParameters(KeyedCollection`2 configParameters, ConfigParameterPage page) 
Forefront Identity Manager 4.1.3419.0" 

I would like to know if there is any problem during I create the Management Agent?

Regards,
Tonny

---

Tonny

---

Role Based Access Control and FIM

August 11, 2014, 9:56 pm

≫ Next: My FIM 2010 R2 Database move one server to another server.

≪ Previous: FIM 2010 R2 Lotus Domino MA error

$

0

0

Hi,

Would these statements about RBAC and FIM (not BHOLD) be true:

• RBAC in FIM Sync is essentially governed by the built-in FIM Groups (e.g. FIMSyncAdmins, etc)
• RBAC in FIM Portal is essentially governed by FIM Portal Sets & MPRs

Thanks,

SK

PS. not looking at BHOLD above, just FIM

My FIM 2010 R2 Database move one server to another server.

August 12, 2014, 4:55 am

≫ Next: ECMA 2.2 Full Import With AttributeType.Reference

≪ Previous: Role Based Access Control and FIM

$

0

0

Hi

FIM Synchronization Service and FIM Portal 2010 R2 is working fine but clients wants to move FIM Database from one server to another server for in this case FIM Database name has been changed so i want to know how will FIM Synch Service and FIM Service work.will i need to reinstall the FIM Synchronation Service and FIM Portal.

Regards

Anil Kumar

ECMA 2.2 Full Import With AttributeType.Reference

August 12, 2014, 9:16 pm

≫ Next: Outlook calendar sync with FIM

≪ Previous: My FIM 2010 R2 Database move one server to another server.

$

0

0

Hi.

In my system i have a MA with GetSchema method

 Public Function GetSchema(configParameters As KeyedCollection(Of String, ConfigParameter)) As Schema Implements IMAExtensible2GetSchema.GetSchema
        ReadConfig(configParameters)

        Dim personType As Microsoft.MetadirectoryServices.SchemaType = Microsoft.MetadirectoryServices.SchemaType.Create(PersonObjectType, False)

        personType.Attributes.Add(SchemaAttribute.CreateAnchorAttribute(PersonSchema.Personnummer, AttributeType.String))

...

personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("AnsvarigChefRef", AttributeType.Reference))
        Dim sch As Schema = Schema.Create()
        sch.Types.Add(personType)
        Return sch

With "AnsvarigChefRef" attribute i want to save reference value of object maybe is Object Class or CSEntry I don't know >.<

So. In My GetImportEntries Method i try

Dim importReturnInfo As New GetImportEntriesResults
            Dim csentries As List(Of CSEntryChange) = New List(Of CSEntryChange)()

            Dim CountTemp As Integer = 0
            For i As Integer = CountPerson To CollectionPersonResult.Count - 1
                If CountTemp = _pageSize OrElse CountPerson >= CollectionPersonResult.Count Then
                    Exit For
                End If

                Logger.Create.GenerateInfoMessage(String.Format("Processing {0}/{1}", (i + 1).ToString(), CollectionPersonResult.Count.ToString()))


                Dim csentry As CSEntryChange = CSEntryChange.Create()
                csentry.ObjectModificationType = ObjectModificationType.Add
                csentry.ObjectType = PersonObjectType

Dim PersonInfo = CollectionPersonResult(i) //<== this is a collection of PersonInfo return from a service

....

                 

If PersonInfo.AnsvarigChef IsNot Nothing Then
                    csentry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd(PersonSchema.AnsvarigChef, PersonInfo.AnsvarigChef))

Dim personRef = CollectionPersonResult.Where(Function(x) x.Personnummer = PersonInfo.AnsvarigChef).FirstOrDefault
                    If (personRef IsNot Nothing) Then
                        csentry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("AnsvarigChefRef", personRef))
                    End If
                End If

...

Error found here

"System.InvalidCastException: Unable to cast object of type 'ExternPersonInfo' to type 'System.String'.
   at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.AddAttributeToDImage(CDImage* pdimage, String attributeName, AttributeModificationType attributeModificationType, IList`1 attributeValueChanges, Int32 escapeReferenceDNValues)

with "ExternPersonInfo" is a Type of Service Return to my system

Please help me.

Thanks.

Outlook calendar sync with FIM

August 13, 2014, 1:07 am

≫ Next: sidHistory & Portal Authentication (During Migration)

≪ Previous: ECMA 2.2 Full Import With AttributeType.Reference

$

0

0

Hi -

Does anyone knowIs it possible to sync Outlook calender with FIM Sync serverand export it to Sharepoint 2010? I do not find  Exchange MA in FIM.

Any ideas or thoughts please.

Thanks

sidHistory & Portal Authentication (During Migration)

August 13, 2014, 7:11 am

≫ Next: Making checkbox selections/options visible on the request details and email notification details -FIM 2010 R2

≪ Previous: Outlook calendar sync with FIM

$

0

0

This is a follow up to this thread

http://social.technet.microsoft.com/Forums/en-US/058c8521-780b-4526-8301-c4bfbb86cc22/sidhistory-and-fim-portal-authentication-during-domain-migration?forum=ilm2

During a domain migration how can the Portal be utilized to accommodate both Migrated Users & Pre-Migrated Users?? I would not like to duplicate the whole user base by pulling both old domain accounts and new domain accounts.

Even though SharePoint can accommodate sidHistory, it seems the FIM web services cannot. It complains that it can't find the migrated "Domain\User" with {newSid}.

Making checkbox selections/options visible on the request details and email notification details -FIM 2010 R2

August 14, 2014, 4:57 am

≫ Next: Allow assistants to request group membership on behalf of other users

≪ Previous: sidHistory & Portal Authentication (During Migration)

$

0

0

How do I make the checkbox selections made by users in FIM RCDC visible on the email notifications and on the request details on the request in the portal?

---

Phina

Allow assistants to request group membership on behalf of other users

August 14, 2014, 7:07 am

≫ Next: SQL Features for FIM Synchronization Server

≪ Previous: Making checkbox selections/options visible on the request details and email notification details -FIM 2010 R2

$

0

0

Hi,

I have a requirement whereby a user's assistant (and only their assistant) can request group membership for that user on their behalf. For example, if UserA has an assistant called UserB, then UserB should be able to request membership to any group on behalf of UserA (by adding them to the ExplicitMember attribute in the group)

To do this, I created an MPR and selected the Requestor as "Relative To Resource", and the value I supplied in there was "Assistant". It grants permission to Add a value to multivalued attribute, with the target set of "All Groups", with permissions to All Attributes (just to keep things simple for now). To keep things simple for now, I'm not covering Owner approval groups, these are open groups I'm experimenting with. finally, I also disabled the inbuilt MPR "Group management workflow: Validate requestor on add member to open group" so that it doesn't try and authorize the requestor.

Now, when I login as UserB and open any Security Group, the "Members to Add" field is not writeable, which means that my MPR didn't get triggered. If I change the MPR from Assistant to the set of "All People" as requestors, then this works fine.

My question then is, why is the MPR not getting triggered? The other idea I had in mind was to make a set of all Assistants and grant that set the rights, but I dont know of a way of making a set of all assistants.

Thanks in advance

---

SQL Features for FIM Synchronization Server

August 14, 2014, 7:19 am

≫ Next: FIMCM - Smartcard enrolment fails after CA certificate renewal

≪ Previous: Allow assistants to request group membership on behalf of other users

$

0

0

Hi,

As we need to Install the FIM Synchronization server  of FIM 2010 R2 SP-1 only. Could you please suggest if all the below sql server features are mandatory to install for FIM synchronization Server. 

• Database Engine Services
• Full-Text Search
• Analysis Services
• Reporting Services
• Business Intelligence Development Studio
• Integration Services
• Management Tools - Basic
• Management Tools - Complete

Thanks

Harry

FIMCM - Smartcard enrolment fails after CA certificate renewal

August 14, 2014, 7:40 am

≫ Next: Populating Custom Drop Down RCDC Control

≪ Previous: SQL Features for FIM Synchronization Server

$

0

0

I have a FIMCM 2010 server which is served by a PKI consisting of Root, Policy and Issuing CA servers. I have just renewed the CA certificate on the Issuing CA server (using same private key) and AD Group policy has pushed the new CA certificate out to the certificate stores of the hosts in my domain.

My problem is that now my smartcard users are unable to enrol for a certificate - they get the error "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider - 0x800B0112". Can anyone tell why the FIM client is unable to trust the CA cert even though it is installed on the client pc ?

Thanks

Populating Custom Drop Down RCDC Control

August 14, 2014, 4:13 pm

≫ Next: Populating Custom Drop Down RCDC Control And Sync Custom Information

≪ Previous: FIMCM - Smartcard enrolment fails after CA certificate renewal

$

0

0

Hello,

 I have a requirement whereby I need to present a list of departments within the FIM portal as a drop down control for end  users. There are around 500 departments and I need to provide admins with a convenient way of keeping this list up   to date. There are several other fields (department head, department cost code and department administrator).

 My initial thoughts were to do the following:

 - Create a new object within MV designer that has a single multi-valued attribute (e.g. "Customdepartment" with multivalued attribute "SiteName").

 - Sync a site CSV file against this object, the CSV file will contain a list of deartment names    (departmentA,departmentB,departmentC,departmentD,etc.)

 - Push my custom department attribute into the FIM portal (mapping onto another custom attribute)

 - Users pick which department they belong to via the drop down control using a method (similar to #4 http://www.fimspecialist.com/fim-portal/rcdc-resource-control-display-configuration/populating-rcdc-dropdowns-uocdropdownlist/#step2)

 - An AD outbound sync rule syncs the department name

 - A PowerShell script is then ran against AD which checks the department name for each user and populates the relevant AD fields for department head, department cost code and department administrator.

The first problem I have is that when I tried to sync my input CSV file of departments into my custom MV object, I simply ended up with multiple records rather than a single object which contained the list of departments. I'm not sure how to overcome this.

In addition, I'm wondering if there's a better way to meet the requirements than what I've proposed. I imagine what I'm trying to achieve is reasonably common, but I'm not sure on the best way to implement it.

Thanks in advance

Populating Custom Drop Down RCDC Control And Sync Custom Information

August 14, 2014, 4:14 pm

≫ Next: Populating Custom Drop Down RCDC Control And Sync Custom Information

≪ Previous: Populating Custom Drop Down RCDC Control

$

0

0

Hello,

 I have a requirement whereby I need to present a list of departments within the FIM portal as a drop down control for end  users. There are around 500 departments and I need to provide admins with a convenient way of keeping this list up   to date. There are several other fields (department head, department cost code and department administrator).

 My initial thoughts were to do the following:

 - Create a new object within MV designer that has a single multi-valued attribute (e.g. "Customdepartment" with multivalued attribute "SiteName").

 - Sync a site CSV file against this object, the CSV file will contain a list of deartment names    (departmentA,departmentB,departmentC,departmentD,etc.)

 - Push my custom department attribute into the FIM portal (mapping onto another custom attribute)

 - Users pick which department they belong to via the drop down control using a method (similar to #4 http://www.fimspecialist.com/fim-portal/rcdc-resource-control-display-configuration/populating-rcdc-dropdowns-uocdropdownlist/#step2)

 - An AD outbound sync rule syncs the department name

 - A PowerShell script is then ran against AD which checks the department name for each user and populates the relevant AD fields for department head, department cost code and department administrator.

The first problem I have is that when I tried to sync my input CSV file of departments into my custom MV object, I simply ended up with multiple records rather than a single object which contained the list of departments. I'm not sure how to overcome this.

In addition, I'm wondering if there's a better way to meet the requirements than what I've proposed. I imagine what I'm trying to achieve is reasonably common, but I'm not sure on the best way to implement it.

Thanks in advance

Populating Custom Drop Down RCDC Control And Sync Custom Information

August 14, 2014, 4:15 pm

≫ Next: restrict user search access based on created user

≪ Previous: Populating Custom Drop Down RCDC Control And Sync Custom Information

$

0

0

Hello,

 I have a requirement whereby I need to present a list of departments within the FIM portal as a drop down control for end  users. There are around 500 departments and I need to provide admins with a convenient way of keeping this list up   to date. There are several other fields (department head, department cost code and department administrator).

 My initial thoughts were to do the following:

 - Create a new object within MV designer that has a single multi-valued attribute (e.g. "Customdepartment" with multivalued attribute "DepartmentName").

 - Sync a department CSV file against this object, the CSV file will contain a list of deartment names    (departmentA,departmentB,departmentC,departmentD,etc.)

 - Push my custom department attribute into the FIM portal (mapping onto another custom attribute)

 - Users pick which department they belong to via the drop down control using a method (similar to #4 http://www.fimspecialist.com/fim-portal/rcdc-resource-control-display-configuration/populating-rcdc-dropdowns-uocdropdownlist/#step2)

 - An AD outbound sync rule syncs the department name

 - A PowerShell script is then ran against AD which checks the department name for each user and populates the relevant AD fields for department head, department cost code and department administrator.

The first problem I have is that when I tried to sync my input CSV file of departments into my custom MV object, I simply ended up with multiple records rather than a single object which contained the list of departments. I'm not sure how to overcome this.

In addition, I'm wondering if there's a better way to meet the requirements than what I've proposed. I imagine what I'm trying to achieve is reasonably common, but I'm not sure on the best way to implement it.

Thanks in advance

restrict user search access based on created user

August 14, 2014, 8:38 pm

≫ Next: MA's no longer show updated statistics

≪ Previous: Populating Custom Drop Down RCDC Control And Sync Custom Information

$

0

0

I have 2 questions

1. We have a scenario  where certain users can create users in the FIM portal. When user logs into the portal. He should be able to search only users created by him. What kind of MPR is required for this case.
2. Also if i have 2 MPR's where 1 MPR grants permission and 2nd MPR denys permission for same user. Is there a precendence like which MPR will win??

---

Raj-Shpt

MA's no longer show updated statistics

August 15, 2014, 9:34 am

≫ Next: How to Provision contact Objects

≪ Previous: restrict user search access based on created user

$

0

0

Hi,

 I have FIM configured to do the following every 10 minutes:

FIM MA - delta import
FIM MA - delta sync
AD MA - export and delta import
AD MA - delta sync
FIM MA - export and delta import

 This sequence of run profiles used to show me updates within the operations tab of the sync application, i.e. if I changed a display name from "geoff" to "tom" it would show me the old and new values. I've made two changes

1. Configured MV deletion rules so that if an account is disconnected from the AD MA, it is deleted in the FIM portal.
2. Configured attribute precedence for attribue "office location" so that the FIM portal is precedent over AD for the attribute.

Now, if I change a user in the FIM portal and run my run profiles in the above sequence, AD is updated correctly and the FIM MA operation statistics are correctly showing the right number of users updated, however at no point do I see an old and new value. Instead all I see is changes "none" - eventhough AD and the FIM portal are correctly updated.

I haven't come across this before, essentially everything but the feedback on updated attributes works as it should.

For example, I've updated and synced the account below, but at no point do I see the actual update, even though the display name has changed and successfully been reflected in the portal and AD, all I see no changes.

I'd be interested to hear if anyone else has seen this?

Thx

 

---

How to Provision contact Objects

August 16, 2014, 1:17 am

≫ Next: EMAIL CONUNDRUM-I CANT PROVE THAT I AM I

≪ Previous: MA's no longer show updated statistics

$

0

0

Hi ,

I have created custom object type in FIM portal as "Contact" and in Metaverse as well. Mapping AD contact type object with my custom object I have successfully imported these contact objects in FIM portal.

I have created MPR and workflow to provisioning contact type object in AD and I am using following attributes for Contact provisioning in from FIM portal to AD in my outbound sync rule

When I run export to provisionion the contact created at FIM portal with above attributes then I get following error :

I think I am missing some attribute that are necessary for Contact provisioning .... 

Thanks

Shivam Singh

EMAIL CONUNDRUM-I CANT PROVE THAT I AM I

August 17, 2014, 10:48 pm

≫ Next: FIM Service and Portal Language Pack installation failed

≪ Previous: How to Provision contact Objects

$

0

0

i am told that my security code is being sent to an email address, i.e.,(@4mailonline.com)
Unfortunately i have not used this address for 7 years & have no access too.
Therefore i cant use my email

FIM Service and Portal Language Pack installation failed

August 18, 2014, 12:55 am

≫ Next: Regarding "Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference"

≪ Previous: EMAIL CONUNDRUM-I CANT PROVE THAT I AM I

$

0

0

Hello,

I'm trying to install, for the second time (I uninstalled it in order to install SharePoint Foundation Language Pack), FIM Service and Portal Language Pack and I have the following error :

With the following event in eventvwr : Error : microsoftilmlanguagepackeses.wsp already exists

Does anyone have an idea ?

Thank you in advance

---

Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

Regarding "Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference"

August 18, 2014, 3:30 am

≫ Next: Search for resorce

≪ Previous: FIM Service and Portal Language Pack installation failed

$

0

0

The mentioned article is inadequate for building a FIM based Azure Directory synchronization solution as it is not explaining how to set up the attribute flows required for the synchronization.

The wiki article referred (http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-windows-azure-active-directory-sync-tool.aspx) to create the attribute flows based on is only listing Active Directory attributes and there is no mentioning of to what and from what attribute to synchronize these attributes in Azure AD...

Is there any publication that is completely describing the attribute flows as they are defined in DirSync?

Do I really have to deploy the test lab example (which requires a separate FIM instance as it is overriding metaverse and management agent definitions with the imports) and reverse engineer it? :(

Thanks for any suggestions regarding this!

Search for resorce

August 18, 2014, 6:17 am

≫ Next: How to Sync GAL between two forest

≪ Previous: Regarding "Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference"

$

0

0

Hello,

i need to find all groups that start with "MR_" and modify their name but i could not find an xpath filter to use that will return all of those groups.

i have tried this filters but it did not wok at all.

$filter = "/Group[DisplayName='MR_*']"
$fimgroup = Export-FIMConfig -Uri $uri -CustomConfig $filter -OnlyBaseResources

$filter = "/Group[DisplayName='MR_%']"
$fimgroup = Export-FIMConfig -Uri $uri -CustomConfig $filter -OnlyBaseResources