can anyone advise how to edit attribute "msidmOneTimePasswordMobilePhone" validation value? Its grey out by default.
Jason
how to edit validation patern for
↧
↧
FIM 2010 R2 another kerberos-no-logon-server Error!
Hello everyone,
i've read through the other posts but couldn't find anything that could help me solve my issue,
i hope someone here can help !
i have the same basic problem:
kerberos-no-logon-server error on export when setting the password for those created accounts,
the FIM 2010 server is in the domain 1 and i'm exporting to domain 2
we user LDAPS for communication
we have a firewall between the domain 1 and the domain 2 but the logging shows nothing is blocked (the only traffic going through is LDAPS)
users are created as disabled
i enabled kerberos logging, check the time, the DNS name resolution,
disabled netbios on the NIC
checked the firewall and nothing !
any ideas on what else i can do ?
thanks !!
Hitch Bardawil
↧
FIM 2010 - the anchor change
Hi guys,
I´ve FIM 2010 server in place (no portal, using Extension rules = own .dll). FIM is doing sync from AD -> Microsoft SQL database. Means I have Active Directory management agents (AD MA) and I have SQL database management agent (SQL MA).
Actual anchor is user principal name (UPN). I must change the anchor as it´s a technical requirement now.
If I simply change the anchor to another attribute this will makes me duplicity in SQL DB same as in the Connector space and the Metaverse, right? If I´m right the new anchor equals the new object for FIM.
What I have to do to avoid any issue? Here are details about my AD and SQL MA configuration:
AD MA has configuration in tab Configure Deprovisioning like MAKE THEM DISCONNECTORS and it´s checked DO NOT RECALL ATTRIBUTES CONTRIBUTED BY OBJECTS FROM THIS MANAGEMENT AGENT WHEN DISCONNECTED.
SQL MA has following configuration in tab Configure Deprovisioning: MAKE THEM DISCONNECTORS
Thank you very much for ideas!
PW
Petr Weiner
↧
FIM 2010 R2 Upgrade - media question
Hi, I am looking to upgrade our FIM 2010 server to FIM 2010 R2 SP1. I was able to acquire an MSDN copy of FIM 2010 R2 SP1, that was super easy. I upgraded my test/lab, and although it required the complete de-installation of FIM on the lab, after the upgrade the lab server makes no indications that it's an MSDN copy. I'm also aware that on a non-MSDN copy of FIM 2010, the upgrade should work without a de-installation of FIM (is that true??).
In the past, there was a clear delination between the MSDN and non-MSDN versions of FIM. But this has me confused. Can I apply that MSDN-acquired media on my production server? For 2 months I've been trying to get my corporate licensing office to deliver"official" FIM 2010 R2 SP1 media and it has been a nightmare, possibly incompetence on the part of the licensing office, but I'm wondering if their difficulty is maybe because Microsoft no longer distinguishes this FIM 2010 R2 SP1 "official" license-copy for this upgrade (similar to other update rollups).
↧
Is modifying the Navigation Bar and creating new .aspx pages supported?
Hi,
Been trying to add new items to the Navigation Bar, and the resultant .aspx pages - only to find out that its not about just creating another .aspx page with Notepad, but requiring something like Sharepoint Designer.
However, is modifying the Navigation Bar and creating new .aspx pages even supported?
How much of the FIM Portal customization is actually supported?
Thx,
SK
↧
↧
How to modify Title on page (FIM Portal)
Hi,
If you click on 'Security Groups', on the main page the title says: 'Security Groups'.
If you click on 'My DGs', on the main page the title says: 'My Distribution Groups'.
Where do you change this title?
Thx,
SK
↧
Custom Group Scope?
Hi,
There are 3 Group Scopes: Universal, Global and Domain Local...is there a way to add another custom Scope in the FIM Portal?
Looking under the 'Scope' attribute, the String Regular Expression is greyed out (but it does depict the 3 different scope types).
Thx,
SK
↧
Is in-place upgrade from WSS 3.0 to SPF 2010 supported?
Hi,
Got the FIM Portal still running under WSS 3.0.
Is an in-place upgrade from WSS 3.0 to SPF 2010 supported?
Is it straight forward?
Thx,
SK
↧
Disable DeleteAddAsReplace for web service MA
Is it possible to use replace operation instead of delete/add in web service MA?
↧
↧
Could not find permission set named 'ASP.Net' and other errors
On a test machine with FIM 2010 R2, all of a sudden I started receiving an error saying "Could not find permission set named 'ASP.Net'" when I access the FIM portal.
I've tried setting the trust level to "Full" in the web.config file, as described in this technet post, but if I do that I start receiving errors like this one:
The browser or gateway element with ID 'Safari1Plus' cannot be found.
This error points to the C:\inetpub\wwwroot\wss\VirtualDirectories\80\App_Browsers\compat.browser file. If I remove the offending element, it just throws an exception on the following one.
Has someone seen something like this already?
Thanks,
Paolo
Paolo Tedesco - http://cern.ch/idm
↧
Calling all FIM Gurus! Now is your time! Step up and be counted!
Dear clever clogs and smarty pants!
We need YOU to lighten up our dark evenings and warm our hearts with your TechNet Wiki articles!
Yes, it's THAT time of the month again, submissions time!
September has seen a huge amount of amazing content from our community, providing plenty of fresh and fruity facts and figures to fill the tummies of techies, the world over.
We have some new manes. Some legends. Some icons!!
TechNet Wiki Gurus are beloved the world over and treasured by their countries.
Now is your turn.
You've waited all of your life for this.
Mark this moment as where it all began...
This is where your amazing future starts for you!
All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.
Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
HOW TO WIN
1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.
2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!
Winning this award in your favoured technology will help us learn the active members in each community.
Feel free to ask any questions below.
More about TechNet Guru Awards
#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!
If you are a member of any user groups, please make sure you list them in the
Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.
↧
Self Service Password Reset with no network connectivty
I am working with an organisation that utilises both FIM and SSRPM by tools4ever. Now I want to move away from SSRPM so that we
can utilise FIM a lot more (it already provides greater functionality than password reset). However the 1 key difference that apparently is holding this up is that SSRPM offers the ability to log on to a user laptop with SSRPM, without having to be logged
in to the network. So we have a lot of remote users who do not always have internet access but need to get to their laptop and apparently this is a heavily used service! Is this a feature that will come in the next release of FIM or am I stuck with SSRPM?
↧
Change datetime format in FIM CM?
Is it possible to change the datetime format FIM CM uses in the portal and while printing smart cards to something else than mm/dd/yyyy? I'd prefer to use yyyy-mm-dd format instead but haven't figured out where to configure this...
↧
↧
FIM 2010 R2: Security group management by non-administrators
Hi All,
We have a small set of users (belonging to a particular department) who should be able to login to the portal and manage a select set of groups - the users should be able to add and remove members from these said groups. In most of the cases, the groups already exist in Active Directory and we bring them into FIM Portal.
I have done the following so far:
a) Created a set of users based on their departments - works fine
b) Created a set of groups that the users in (a) should be managing - works fine
c) Created 3 MPRs (resembling the MPRs that already exist for Group Management by administrators). 1 of these MPRs allows the set of users to read the attributes of the groups in the set in (b). The second allows the set of users to create and delete groups in the set. The third allows the set of users to "add a value to a multi-valued attribute", "remove a value from a multi-valued attribute", and "modify a single-valued attribute". In the list of attributes, I have included most of the attributes including "Manually-managed membership". All these 3 MPRs have the grant permission box checked.
I (as a member of the set of users in (a)), can login to the portal, view the groups in set (b), modify the description, add an owner, remove an owner etc. When I try to add or remove a member from a group where I am one of the owners, everything is fine. BUT, when I try to add or remove a member from a group where I am not listed as an owner, it gives me an "Access denied" error with these details: "The request included members which the requestor is not authorized to add and/or remove from this group"
I am a member of the set in (a) and can remove/add members from the groups that I am the owner of. My questions are:
A) What else do I need to do to add/remove members from a group that I am not the owner of but this group still belongs to the set (b).
B) Why does the Portal force me to add an owner to every group that of set (b) that I click to view/edit. Isn't there a way around that i.e. not having to put any owner and still be able to add/remove members. For all the groups in set (b), the Join Instruction is set to "None" (i.e. any user can become a member of the group).
I hope someone can shed some light on this. I have seen similar questions on the forum from a few years ago but they hadn't been answered (completely).
Thanks
↧
Notification of any change
I have a connected system; and that system has an application power users group. The Application admin's want to know if any attribute has changed for a member of that group. I would be willing to create a set in the portal, or add an attribute
to the schema to track membership. Then somehow either within the MA or in the portal send a notice to the Application admins of any type of changes to a member of that group. Does anyone have any suggestions?
↧
FIM Synchronization Licence
aconsultation,
I want tocreateaGALamongseveralorganizations,andIplan tourgefimsynchronizationservice2010R2Sp1.
atthetimeofdownloadittellsmethatitis aproductofevaluationfor180 days.
ButifI'm goingtoreviewtheissueoflicensingsaysthat itdoes notneedCALs
MyquestionisifI need tobuytheproductorfimsynchronizationserviceitisfreeanddoes notneed alicense.
asactiveproductfimsynchronizationservicethat hesaysbeonevaluationIneedlicense?
↧
License FIM synchronization
aconsultation,
I want tocreateaGALamongseveralorganizations,andIplan tourgefimsynchronizationservice2010R2Sp1.
atthetimeofdownloadittellsmethatitis aproductofevaluationfor180 days.
ButifI'm goingtoreviewtheissueoflicensingsaysthat itdoes notneedCALs
MyquestionisifI need tobuytheproductorfimsynchronizationserviceitisfreeanddoes notneed alicense.
asactiveproductfimsynchronizationservicethat hesaysbeonevaluationIneedlicense?
↧
↧
Is modifying the Navigation Bar and creating new .aspx pages supported?
Hi,
Been trying to add new items to the Navigation Bar, and the resultant .aspx pages - only to find out that its not about just creating another .aspx page with Notepad, but requiring something like Sharepoint Designer.
However, is modifying the Navigation Bar and creating new .aspx pages even supported?
How much of the FIM Portal customization is actually supported?
Thx,
SK
↧
How to modify Title on page (FIM Portal)
Hi,
If you click on 'Security Groups', on the main page the title says: 'Security Groups'.
If you click on 'My DGs', on the main page the title says: 'My Distribution Groups'.
Where do you change this title?
Thx,
SK
↧
Custom Group Scope?
Hi,
There are 3 Group Scopes: Universal, Global and Domain Local...is there a way to add another custom Scope in the FIM Portal?
Looking under the 'Scope' attribute, the String Regular Expression is greyed out (but it does depict the 3 different scope types).
Thx,
SK
↧
More Pages to Explore .....
