Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Member management not working when Group edit opens in secondary window

0
0

I have a very strange issue I have started to troubleshoot and would like some assistance if possible.

I have a "typical" RCDC where I have a tab showing Groups that a user is a member of.

It looks similar to this one:

   <my:Control my:Name="Groups" my:TypeName="UocListView" my:Caption="Groups" my:ExpandArea="false" my:RightsLevel="{Binding Source=rights, Path=DisplayName}">
    <my:Buttons>
     <my:Button my:Name="Edit" my:Caption="Edit" my:ImageUrl="/_layouts/images/MSILM2/details.png" my:ClickBehavior="ModalDialog" my:EnableMode="OnlyOne" my:RedirectUrl="../customized/EditCustomizedObject.aspx" />
    </my:Buttons>
    <my:Properties>
     <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,Description" />
     <my:Property my:Name="ResultObjectType" my:Value ="Group" />
     <my:Property my:Name="ShowSearchControl" my:Value="false" />
     <my:Property my:Name="ShowActionBar" my:Value="true" />
     <my:Property my:Name="ShowTitleBar" my:Value="false" />
     <my:Property my:Name="ShowPreview" my:Value="false" />
     <my:Property my:Name="EnableSelection" my:Value="true" />
     <my:Property my:Name="EmptyResultText" my:Value="This Campus have no groups." />
     <my:Property my:Name="ListFilter" my:Value="/Group[ecaParentCampus='%ObjectID%']" />
    </my:Properties>
   </my:Control>

I select a group in the list and click my nice litte Edit button. I can now successfully modify owners, or other attributes but NOT explicit member. The ui accepts all changes and even gives me the Submit in the end and looks like it is doing something. BUT nothing happens and the request history shows no request being made.

Really funny is that if I open the Advanced View in the Group edit window I can succesfully manage and submit the manually managed membership.

Does anyone have a clue what's in the "default" Group.Edit RCDC that would make explicit membership management fail whe opened in a secondary window like this?

The Group.Edit RCDC works perfectly normal if I open it directly.


Web Service integration MA

0
0

Hi,

Does the Web Service MA still have a Connector Space that we can review data in and do confirming imports on...or does the MA simply connect to a Web Service, do its thing, and not store anything in the Connector Space?

Hope my question makes sense.

Thanks,

SK

Performance factors for criteria based groups

0
0

I am trying to understand what factors impact the performance of a criteria based group. I have read that member size has direct impact, but it does not make much sense, When a resource is updated, FIM looks for all criteria based groups that have criteria containing the attributes updated in the resource and recalculates the membership of those groups. So my understanding is that the performance of criteria based group is dependent on the criteria, not on the member size of the group. If you have a lot of criteria, then FIM will spend more time on evaluating the criteria and the chance of matching the attribute with the attributes updated in a resource will increase. The member size should not have much impact here.

Yes, member size can be an issue, but that will not be limited to a criteria based group - that should apply to any groups with large number of members. Because that impacts the memory footprints and complexity of membership calculation both in Sync and in AD.

Is my understanding correct, or I am missing something?




SQL 2012 Compatibility Level for FIMSynchronizationService db

0
0

I note that FIM 2010 R2 deploys its SQL database to a 2012 SQL server in 2008 compatibility level.  A customer is asking if the level can be upgraded to 2012.  I am unable to find any documentation to say if this is supported or unsupported, and am curious as to why the database isn't installed to 2012 level by default anyway.  

This post on the Server & Cloud blog lists supported platforms, but doesn't mention compatibility level.

Can anyone please advise?  Thanks.


Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

Performance Monitoring Tools-FIm

0
0

Hi 

we are looking for a performance monitoring tool for FIM.Are there any available in the Market.

can't create MPR to remove sync rule

0
0

I botched a sync rule, so I created a new one to replace it.  Since there are objects with the rule applied, I tried to create a MPR to remove it from everything.  Unfortunately, the sync rule is not listed as an available rule to perform an action with when I'm creating the MPR.  Does anybody have suggestions on how to extract the wrongly-functioning rule from my setup?  I don't want to just delete the rule from the portal if there are going to be references left hanging around to it.

-Robert

Multiple Site FIM configuration

0
0

Hi,

I'm looking into FIM2010r2 as a replacement for are current method of creating accounts for are college users.

We have a windows 2008 domain enviroment across two sites. We currently use Powershell to create are accounts and depending on what site the user is always based at the profile and homedrive points to the file server on that site. The users can move between the sites as we have a 10GB link between are two sites.

We currently create accounts at are main site but when we have to create a student or staff account for a secondary site there is always an issue when it comes to applying permissions to there home drive as the DC at are secondary site hasn't replicated to see the new account. I was looking at running a script at each site to resolve this but i thought FIM might be able to help.

Which leads onto my question how does FIM work best across multiple sites? i'm currently working though a guide but i havent found an answer to my question yet unless i'm missing something.

Thanks in advance for any help with this :)

J

PCNS Service doesn't start. PCNS Filter EventID 6004

0
0

I've installed the Password Change Notification Service ( x64 ) version 4.1.3114.0.  This was installed on an Active directory Domain Controller running Microsoft Windows Server 2008 R2 Enterprise version 6.1.7601 Service Pack 1 Build 7601.

I followed the directions to run the SCHEMAONLY=TRUE first then run the installer and restart.

After reboot I checked the logs and found the following error log below.

I've read various things including installing the version I already have or removing "" from the name of the executable listed in the registry--all of which have not resolved the issue.

Log Name:      Application
Source:        PCNS Filter
Date:          9/18/2014 10:05:26 AM
Event ID:      6004
Task Category: Error
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      dc02xx.xxxxx.xxx
Description:
The Password Change Notification service executable "C:\Program Files\Microsoft Password Change Notification\pcnssvc.exe" failed while verifying the file signature. The service will not be started and password notifications will not be sent.
pcnsfltapi.cpp (526): The revocation process could not continue - the certificate(s) could not be checked.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="PCNS Filter" />
    <EventID Qualifiers="49152">6004</EventID>
    <Level>2</Level>
    <Task>4</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-09-18T14:05:26.000000000Z" />
    <EventRecordID>76262</EventRecordID>
    <Channel>Application</Channel>
    <Computer>dc02xx.xxxx.xxx</Computer>
    <Security />
  </System>
  <EventData>
    <Data>pcnsfltapi.cpp (526): </Data>
    <Data>The revocation process could not continue - the certificate(s) could not be checked.
</Data>
    <Data>C:\Program Files\Microsoft Password Change Notification\pcnssvc.exe</Data>
    <Binary>0E010B80</Binary>
  </EventData>
</Event>



FIM 2010 virtual labs

0
0

I just login to FIM Virtual Lab most of them are offline and the one able to login is performance death, FIM Virtual lab is not upgrade since it is there. Many of us have Virtual lab and can do the test in them, However for the new beginner it is difficult for them to install all the FIM component and have overview of the product.
Do not retire FIM Lab.

Regards,
Anirban Singha



BHOLD Model Generator Membership Roles

0
0

Hi,

I am trying to run BHOLD Model Generator for Role Mining for about 1600 users. I have used a 3 file input for loading the data in to Model Generator and when I run Membership Role in the wizard, it is generating over 2500 Membership roles. When I check the details randomly, there are neither permissions nor users for most of the membership roles. However there are certain membership roles that match the criteria that I specified (95% of departments with minimum of 10 users). 

I would like to know if there is any criteria that I missed out specifying which has resulted in creating more membership roles? Or is there any way to reduce the membership roles that Model Generator creates?

Has anybody faced this situation? Any help provided is appreciated !!

Thanks

Kris


Kris

PCNS -- forest Subdomain -- the SPN you Specified could not be found on any accounts in this domain

0
0

Hello there Fim lovers,

i'm having few issues with PCNS hope you can help out,

so my Active directory Infrastrucutre is made out of a Root Domain "company.net" and lots of subdomains"sub1.company.net", "sub2.company.net" ....

the FIM Server and service accounts are all in the Root domain and my users are in the subdomains as is the case usually...

i ran the setspn on the service account in the root domain then ran the pcnscfg on the subdomain DC where my users are stored...

i get the following warning : 

The Service Principal Name you specified could not be found on any accounts in this domain. (which is normal since the service account is in the root domain)

did i do smthn wrong ? or can i ignore this warning ?

thanks for any help !!!

 


Hitch Bardawil


FIM PCNS Two Way Password sync between two distinct forests

0
0

Hello Everyone,

i was wondering if anyone had any idea on a way to synchronize passwords with PCNS for 2 AD Forests both ways (from forest 1 to forest 2 and from forest 2 to Forest 1)

thanks !



Hitch Bardawil

FIMCM Custom Policy Module not showing in the GUI

0
0

I created a custom module on my CA that uses the FIMCM plugin, however the module doesn't show up in the CA Properties -> Policy Modules Properties -> Custom Modules. I though that the server didn't save my module so I tried re-creating it again, this time I get a error message that the module by that name already exists, however it doesn't show up in the GUI! Where does CA store this information so that I could manually delete the module and try again?

FIMCM Policy Module version is 4.1.3559.0


how to create new password policy in FIM

0
0
Can anyone assist me is there any way to create a new password policy in fim similar to creating password policy in OIM.Any related inforamtion is useful and appreciated.

How to return a CSEntryChange with ObjectModificationType Delete in an ECMA2 MA

0
0

I'm trying to return a CSEntryChange with ObjectModificationType Delete in my implementation of IMAExtensible2CallImport.GetImportEntries:

var entry = CSEntryChange.Create();
entry.ObjectType = "SomeObjectType";
entry.DN = "SomeDN";
entry.ObjectModificationType = ObjectModificationType.Delete;

However, when that entry is returned, I get a "missing-anchor-component" error in the console. The anchor attribute, in this case, is called "Name".

However, if I try to add the attribute to the AttributeChanges collection with CreateAttributeAdd, I get an exception:

System.ArgumentException: AttributeModificationType Add is invalid when the ObjectModificationType is set to Delete.

Example:

entry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("Name", "SomeName"));

However, the "CreateAttributeDelete" operation does not let me specify a value for the attribute.

How am I supposed to pass the anchor attribute value in this case?

I could not find any example in the documentation.


Paolo Tedesco - http://cern.ch/idm


Grandfelt Powershell Management Agent...synch rules..joins?

0
0

Sorry for the newbie question.

I am following Kent's posting for managing O365 using the Powershell MA https://konab.com/managing-office-365-licenses-using-fim-2010/

However, I am guessing I am missing something either in my synchronization rule or my understating of the PSMA.

Eventhough, I have setup a relationship of email to UPN on my Outbound Synch Rule I am unable to get any joining.  It seems that joins do now work, unless I create a explicit join within the PSMA itself.

Do I need both the Sync rule and the join in the MA?  Or I am just not understanding correctly?  Any help would be appreciated.

FIM mail Notification

0
0
I have a user who who was registering in FIM and accidentally deleted the confirmation email. How do I go about resending the email?

Powershell MA 5.5 for Office 365 importing ProxyAddresses or Licenses to connector space invalid-attribute-value error

0
0

Hi,

Im using Granfeldt PowerShell MA 5.5 on Office 365.

Trying to import some multivalued attributes from O365 into PowerShell MA CS. For example ProxyAddresses or Licenses attribute from O365.

The Get-Schema.ps1 and Import.ps1 Should look like this by the specs.

 Get-Schema.ps1

$Obj|Add-Member-TypeNoteProperty-Name"ProxyAddresses|String[]"-Value("","")

Import.ps1

   $obj.Add("ProxyAddresses",$User.ProxyAddresses)

Im getting Full Import(Stage Only) - invalid-attribute-value.

I konw the attributes are multivalued and it should be string[]. Maybe theres something missing or O365 multivalued attributes are somehow different. Cant figure it out. Other single valued attributes import into connector space fine.

Please help.

Edit Profile Page

0
0
I am trying to display the edit profile page in an IFrame however I get an error, "This content cannot be displayed in a frame". From what I have found on-line this is disabled with SharePoint to prevent clickjacking, but can enabled by adding a control to the aspx page, <WebPartPages:AllowFraming runat="server"/>. Since FIM overlays SharePoint I am assuming that SharePoint is the cause of the problem. I am just not sure where the aspx page is that I need to modify or if I can modify it. I certainly don't want to break my environment.

FIM Reporting alternative

0
0

Hi,

So we are aware of the FIM Reporting option using SCSM & SCDW. Do we need to use System Centre?

I am not really that clued up on SC or SQL ...so what are other alternatives if we need

1) FIM Reporting

2) Long term storage of records for audit purposes (and report on these)

Thx

SK

Viewing all 4767 articles
Browse latest View live




Latest Images