SSPR: How to send OTP email by SMS gateway?

September 29, 2014, 6:13 am

≫ Next: Unable to install Directory Sync tool in windows server 2008 R2 Eneterprise

≪ Previous: Getting error-Creating an mpr with admin account which is service account in fim portal

I'm seeking a way to send OTP email via SMS gateway so that I can have same OTP number from both email and SMS. This make sense to users who do not have OR can't use their mobile when they reset their password.

In order to do that, I need to pass email parameter to SMS gateway, unfortunately the SendSMS class has only mobileNumber and message parameters, is there a way that I could pass email address parameter to SMS gateway too?

namespace OTPServices.FIM.SmsServiceProvider
{
using System;
using System.Collections.Generic;
using Microsoft.IdentityManagement.SmsServiceProvider;

public class SmsServiceProvider : ISmsServiceProvider
{
public void SendSms(string mobileNumber, string message, Guid requestId, Dictionary<string, object> deliveryAttributes)
{
OTPServices.FIM.mySMSProvider.SendSms(mobileNumber, message);
}
}
}

Jason

↧

Unable to install Directory Sync tool in windows server 2008 R2 Eneterprise

September 29, 2014, 10:44 pm

≫ Next: FIM SSPR Email Alerts When Password Reset Attempt Fails

≪ Previous: SSPR: How to send OTP email by SMS gateway?

Hi,

I am unable to install Directory Sync in windows server 2008 R2 Eneterprise.i have joined my machine domain joined computer running Windows Server 2008 r2 enterprise,when i click dirsync.exe then gives below Error.

The Windows Azure Active Directory Sync tool must be installed on a domain joined computer running Windows Server 2008 Service Pack 2 or later,or Windows Server 2008 r2 Service Pack 1 or later

Please help on this why this happing when i try to installed DirSync software.

Regards

Anil Kumar

↧

FIM SSPR Email Alerts When Password Reset Attempt Fails

September 30, 2014, 5:29 am

≫ Next: Setting home folder permissions

≪ Previous: Unable to install Directory Sync tool in windows server 2008 R2 Eneterprise

Hi,

Is it possible to configure FIM to alert or email when a user's attempt to reset their password via SSPR fails? I want FIM to notify the relevant team via email when a user enters their SSPR answers incorrectly 3 times - I'm thinking of a workflow which could email "user notifications@security.com with user x failed to validate".

Is this possible and what's the best way to achieve it?

Thanks

IT Support/Everything

↧

Setting home folder permissions

September 30, 2014, 6:31 am

≫ Next: File MA Outbound sync

≪ Previous: FIM SSPR Email Alerts When Password Reset Attempt Fails

Hi,

We need to configure FIM to set folder permissions for users when their account is disabled. Example:

User leaves the organisation and his account is disabled by FIM, I then need FIM to give full control to that users manager over his home folder. I am guessing the best way would be to use a powershell MA to achieve this. I dont need to create or delete the home folders just give permissions to the users line manager when they leave.

Does anyone have a script that would do this or any helpful advice.

Thanks

↧

File MA Outbound sync

September 30, 2014, 9:14 am

≫ Next: CustomExpression with Nested IIF

≪ Previous: Setting home folder permissions

I need to provide a flat file for our mainframe dept to update user information, ie accountname. The mainframe sends us a delimited text file that is processed each evening with the MFMA(FileMA), FI/FS. I was under the impression that configuring an Outbound attribute flow on this MA would export the deltas to the export file setup during the Run Profile configuration. The Outbound Attr Flow only has two attribute flows, employeeID and accountName. The export file pretty much resembles the file that was used to import. Meaning the header row and ALL the data match. With the exception that it is at least flowing the data into the proper column in the file.

9999999|Aashiyana|Khetani||Khetani, Aashiyana|10|014||20140825|20140825|20150604||1|XanaduHS||Y|N|||||N||AKhetani0215|19991031|20150605||||

What I expected to see ( only adds/renames)

StudentNumber|SummerSchoolEndDate
9999999|AKhetani9999

Any help would be appreciated.

-Charles

↧

CustomExpression with Nested IIF

September 30, 2014, 4:27 pm

≫ Next: How to configure 'Join a Group' in Portal?

≪ Previous: File MA Outbound sync

Currently I am using this CustomExpression and it works well

I am trying to add one more condition like below, but keep getting error "The function is not correctly formatted."

IIF(Eq(FIMneisdGrade,"01"),FIMneisdEmployeeNumber,IIF(Eq(FIMneisdGrade,"02"),FIMneisdEmployeeNumber,IIF(Eq(FIMneisdGrade,"PK"),FIMneisdEmployeeNumber,IIF(Eq(FIMneisdGrade,"K"),FIMneisdEmployeeNumber,IIF(Eq(FIMneisdGrade,"EC"),FIMneisdEmployeeNumber,IIF(Eq(accountName,Left(FirstName,1)+Left(LastName,10)+Right(FIMneisdEmployeeNumber,5),Left(FirstName,1)+Left(LastName,10)+Right(FIMneisdEmployeeNumber,5),accountName))))))

accountName is normally Left(FirstName,1)+Left(LastName,10)+Right(FIMneisdEmployeeNumber,4)

however because of naming conflicts sometime we need to use last 5 of FIMneisdEmployeeNumber

Left(FirstName,1)+Left(LastName,10)+Right( FIMneisdEmployeeNumber,5)

So im trying to say if the value is set to use the last 5, keep it that way (existing AD users).

Any help would be great.

-Charles

↧

How to configure 'Join a Group' in Portal?

September 30, 2014, 7:16 pm

≫ Next: Azure Active Directory Sync Service tool in a multi-forest environment: which attribute to choose? (Not DirSync)

≪ Previous: CustomExpression with Nested IIF

Hi,

Just trying to verify why my users cannot request to join a group via the Portal. Users can see the Security Groups in the Portal, and when they select a Group & click Join & submit, Access is denied with the following error:

Error processing your request: The operation was rejected because of access control policies.
Reason: The operation failed as a result of insufficient access rights.
Attributes: ExplicitMember
Correlation Id: xxxxxxxxx-39cf-xxxx-8794-xxxxxxxxxxxx
Request Id:
Details: No policy grants the Requestor permission to complete all changes.

Firstly, must the Group join restriction be 'Owner approval required'?
The default 'Group management workflow: Owner approval on add member' MPR is enabled, do we need more MPRs?

Search requests list this MPR as the problem: "Group management workflow: Owner approval on add member"

"Group management workflow: Owner approval on add member" is configured as follows:

- Requestors: All active People (my requesting user is in the group)

- Operation: add a value to a multivalued attribute

- Target Before/After: Owner Approved Groups (my test group is in there)

- Attributes: Manually-managed Membership

What other MPRs must be running for this to work?

Thanks,

↧

Azure Active Directory Sync Service tool in a multi-forest environment: which attribute to choose? (Not DirSync)

October 1, 2014, 3:32 am

≫ Next: FIM Portal and FIM Password Portal may be on the same server?

≪ Previous: How to configure 'Join a Group' in Portal?

Hello all,

I've already asked this question on Office 365 Community Forum http://community.office365.com/en-us/f/613/t/267826.aspx, and as I understand the AAD Sync Service tool is based on the AAD Connector for FIM 2010 R2, so maybe you can help me.

We have a multi-forest environment due to a recent merger, with one forest with resources and some accounts and another forest with accounts only that should be migrated to the first one during time. We're at Wave 15 on our tenant.

We're configuring AAD Sync Service, but we need to choose the attribute to use as sourceAnchor; we think that the approach suggested in http://blog.msresource.net/2014/03/10/windows-azure-active-directory-connector-part-3-immutable-id/ should work.

In short:

if the mS-DS-ConsistencyGuid is empty, we'll generate the sourceAnchor value from objectID, then populate the mS-DS-ConsistencyGuid with the sourceAnchor value
if the mS-DS-ConsistencyGuid is populated, use that as the sourceAnchor (so we can match a user even if it is moved from one forest to the other)

Should that work? How can we get the tool to write back the sourceAnchor value to mS-DS-ConsistencyGuid?

Thanks

↧

FIM Portal and FIM Password Portal may be on the same server?

October 1, 2014, 11:15 am

≫ Next: FIM Object Visualizer for Synchronization Service

≪ Previous: Azure Active Directory Sync Service tool in a multi-forest environment: which attribute to choose? (Not DirSync)

Hi everyone,

I would like to ask if it is possible deploy both portals on the same server. is it advisable?

Thank you!!

Greetings.

↧

FIM Object Visualizer for Synchronization Service

October 1, 2014, 1:05 pm

≫ Next: Portal Home Page resize issue

≪ Previous: FIM Portal and FIM Password Portal may be on the same server?

Does this tool work if all we are running is the Synchronization Service? It appears that it looks for the FIM Portal:

$uri = "http://" + $args[0] + ":5725/resourcemanagementservice"

I need to be able to extract my IAF and EAF settings. There used to be a set of utilities for MIIS/ILM, but I can't find them on the web now and lost my copy of them when I migrated to FIM.

Thanks.

Ed Bell - Specialist, Network Services, Convergys

↧

Portal Home Page resize issue

October 1, 2014, 1:25 pm

≫ Next: Further User UI Group tab expansion?

≪ Previous: FIM Object Visualizer for Synchronization Service

Hi,

Does anyone know why the Portal Home Page resizing would fail?

The 'Search for:' window is encroaching on the 'Welcom, Tony...' title, when the IE browser is resized.

Thx

↧

Further User UI Group tab expansion?

October 1, 2014, 3:49 pm

≫ Next: Under which .NET version is FIM 2010 R2 running?

≪ Previous: Portal Home Page resize issue

Hi,

We followed the steps outlined in the URL below, to add the 'Group' tab to the User UI that depicts the Groups a user is a member of. Works great.

http://social.technet.microsoft.com/Forums/en-US/4fa60b84-a161-48a8-87d4-46feb0b44d49/show-a-users-group-membership-in-the-user-property-pages?forum=ilm2

Next, we'd like to find out if the following is also possible...could we now add a 'Add to Group' / 'Remove from Group' button to this new 'Group' tab window? This would allow help desk to add/ remove that user to/from a group within the same UI window.

Is this easy, or will this require some fancy code?

Thanks,

↧

Under which .NET version is FIM 2010 R2 running?

October 2, 2014, 1:13 am

≫ Next: Does the FIM Synch Database require an intial load before the FIMPortal will return users?

≪ Previous: Further User UI Group tab expansion?

Hi all,

I'm running a custom ECMA2 MA on FIM 2010 R2 (version 4.1.3510.0), and I got a strange error, a missing method exception about a reflection method that was added in .NET 4.

I thought FIM R2 was running under .NET 4, how can I find out which .NET runtime it's actually using?

Paolo Tedesco - http://cern.ch/idm

↧

Does the FIM Synch Database require an intial load before the FIMPortal will return users?

October 2, 2014, 7:25 am

≫ Next: ECMA 2.0 Select Attributes

≪ Previous: Under which .NET version is FIM 2010 R2 running?

I figured when I search in the portal for a user it hit Active Directory for the information? But the only user it returns is my account.

And is there a VISIO diagram showing the flow of a request from the FIMPortal to wherever it gets the data? Like, what is the hook into Exchange for. I actually thought the info user profile info was pulled through exchange somehow, my second guess was AD and my third was through the FIMSync database.

Thanks,

Phil

↧

ECMA 2.0 Select Attributes

October 2, 2014, 7:56 am

≫ Next: Web service connector to talk to a different target sytem

≪ Previous: Does the FIM Synch Database require an intial load before the FIMPortal will return users?

I am following the ECMA 2.0 example below:
http://msdn.microsoft.com/en-us/library/windows/desktop/hh859566(v=vs.100).aspx

I got the DB created like this:
ECMA 2 Target DB

However, when I try to create the MA, I do not see anything under the "Select Attributes":
ECMA2 Select Attributes

Has anyone else experienced the same problem?

Thanks,
John

↧

Web service connector to talk to a different target sytem

October 2, 2014, 9:33 am

≫ Next: Web Service MA and Logging

≪ Previous: ECMA 2.0 Select Attributes

Hi,

I have a requirement whereby we are getting some data from a custom developed Web Service, and that data needs to be consumed by FIM.

The FIM Web Services connector states that it only works with the SAP and Oracle target systems. So, my question is if its possible to use the out of the box web services connector to talk to our custom web service, or will we have to create a new ECMA connector to do that?

Thanks

↧

Web Service MA and Logging

October 2, 2014, 1:18 pm

≫ Next: Multiple AD forest loging into one (1) office 365 Tenant

≪ Previous: Web service connector to talk to a different target sytem

Hi,

I have heard rumors that the FIM Web Service MA does not do error handling or logging that well. is that true?

Thx

↧

Multiple AD forest loging into one (1) office 365 Tenant

October 2, 2014, 1:47 pm

≫ Next: FIM Portal server trying to talk to exchange on 443?

≪ Previous: Web Service MA and Logging

I have two forest with two diffrent office 365 tenants.

forest A office 365, services exchange & Lync

Forest B office 365, services sharepoint

How do I get forest A to login to forest B office 365 Sharepoint services with their current office 365 account name. I was reading a forum for FIM for AZure. Could this connector work?

Thustle

↧

FIM Portal server trying to talk to exchange on 443?

October 2, 2014, 4:49 pm

≫ Next: Trouble customizing Portal for new Group management

≪ Previous: Multiple AD forest loging into one (1) office 365 Tenant

Hi All,

Just installed FIM 2010 and the portal is working correctly. However the event logs show the following event occurring every minute. The address that is is trying to hit on https is my exchange hub transport? Any thoughts as to why FIM would be trying to do this and how I can fix it?

Thanks,

Joe

System: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems)
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object state)

↧

Trouble customizing Portal for new Group management

October 2, 2014, 5:06 pm

≫ Next: how to edit validation patern for

≪ Previous: FIM Portal server trying to talk to exchange on 443?

Hi,

We are looking to manage UNIX group memberships from the FIM Portal.

We have exported UNIX groups to FIM Portal with the following Portal Group characteristics:

accountname
description
displayname
domain = UNIX (this is for differentiation purposes)
membershipaddworkflow = None
membershipLocked = false
scope = Global (didn't really know what else to use here)
type = Security (didn't really know what else to use here)
member

We have created a new UNIX Group Search as follows:

Search scope filter /Group[Domain='UNIX'] and this shows the right groups in the preview
Keywords: BasicUI, AllUNIXGroups

Have added the following to the navigation bar (following same pattern as existing groups):

UNIX Groups (UGs) - ~/IdentityManagement/aspx/groups/UNIXGroups.aspx (keyword: BasicUI,AllUNIXGroups)
My UGs - ~/IdentityManagement/aspx/groups/UNIXMyGroups.aspx (keyword: BasicUI,AllUNIXGroups)
My UG Memberships - ~/IdentityManagement/aspx/groups/UNIXMyMemberships.aspx (keyword: BasicUI,AllUNIXGroups)

The .aspx files above are simply copies of the existing files: Groups.aspx, MyGroups.aspx, MyMemberships.aspx

Additionally we have followed this guide to ensure that the right Sets have access to the right resource via MPRs for NavBar, Homepage and Search Scopes: http://blog.kloud.com.au/2012/10/12/controlling-home-page-and-navigation-bar-resources-with-sets-in-fim-2010/

And here are the problems:

when we click: UNIX Groups (Navigation bar link) we get this error: 'The webpage cannot be found' 404 error:
when we click My UGs (Navigation bar link) we get this error: 'The webpage cannot be found' 404 error:
when we click My UG Memberships (Navigation bar link) we get this error: 'The webpage cannot be found' 404 error:
when we Search within 'All UNIX Group' search scope item, we get this error 'The webpage cannot be found' 404 error

Why have they made this so complicated...could someone please advise on how to troubleshoot and resolve this (what should be a minor) Portal configuration.

Thanks,

↧

Latest Images