Hi,
Got the FIM Portal still running under WSS 3.0.
Is an in-place upgrade from WSS 3.0 to SPF 2010 supported?
Is it straight forward?
Thx,
SK
Is in-place upgrade from WSS 3.0 to SPF 2010 supported?
↧
↧
Disable DeleteAddAsReplace for web service MA
Is it possible to use replace operation instead of delete/add in web service MA?
↧
Could not find permission set named 'ASP.Net' and other errors
On a test machine with FIM 2010 R2, all of a sudden I started receiving an error saying "Could not find permission set named 'ASP.Net'" when I access the FIM portal.
I've tried setting the trust level to "Full" in the web.config file, as described in this technet post, but if I do that I start receiving errors like this one:
The browser or gateway element with ID 'Safari1Plus' cannot be found.
This error points to the C:\inetpub\wwwroot\wss\VirtualDirectories\80\App_Browsers\compat.browser file. If I remove the offending element, it just throws an exception on the following one.
Has someone seen something like this already?
Thanks,
Paolo
Paolo Tedesco - http://cern.ch/idm
↧
Calling all FIM Gurus! Now is your time! Step up and be counted!
Dear clever clogs and smarty pants!
We need YOU to lighten up our dark evenings and warm our hearts with your TechNet Wiki articles!
Yes, it's THAT time of the month again, submissions time!
September has seen a huge amount of amazing content from our community, providing plenty of fresh and fruity facts and figures to fill the tummies of techies, the world over.
We have some new manes. Some legends. Some icons!!
TechNet Wiki Gurus are beloved the world over and treasured by their countries.
Now is your turn.
You've waited all of your life for this.
Mark this moment as where it all began...
This is where your amazing future starts for you!
All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.
Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
HOW TO WIN
1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.
2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!
Winning this award in your favoured technology will help us learn the active members in each community.
Feel free to ask any questions below.
More about TechNet Guru Awards
#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!
If you are a member of any user groups, please make sure you list them in the
Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.
↧
Self Service Password Reset with no network connectivty
I am working with an organisation that utilises both FIM and SSRPM by tools4ever. Now I want to move away from SSRPM so that we
can utilise FIM a lot more (it already provides greater functionality than password reset). However the 1 key difference that apparently is holding this up is that SSRPM offers the ability to log on to a user laptop with SSRPM, without having to be logged
in to the network. So we have a lot of remote users who do not always have internet access but need to get to their laptop and apparently this is a heavily used service! Is this a feature that will come in the next release of FIM or am I stuck with SSRPM?
↧
↧
Change datetime format in FIM CM?
Is it possible to change the datetime format FIM CM uses in the portal and while printing smart cards to something else than mm/dd/yyyy? I'd prefer to use yyyy-mm-dd format instead but haven't figured out where to configure this...
↧
FIM 2010 R2: Security group management by non-administrators
Hi All,
We have a small set of users (belonging to a particular department) who should be able to login to the portal and manage a select set of groups - the users should be able to add and remove members from these said groups. In most of the cases, the groups already exist in Active Directory and we bring them into FIM Portal.
I have done the following so far:
a) Created a set of users based on their departments - works fine
b) Created a set of groups that the users in (a) should be managing - works fine
c) Created 3 MPRs (resembling the MPRs that already exist for Group Management by administrators). 1 of these MPRs allows the set of users to read the attributes of the groups in the set in (b). The second allows the set of users to create and delete groups in the set. The third allows the set of users to "add a value to a multi-valued attribute", "remove a value from a multi-valued attribute", and "modify a single-valued attribute". In the list of attributes, I have included most of the attributes including "Manually-managed membership". All these 3 MPRs have the grant permission box checked.
I (as a member of the set of users in (a)), can login to the portal, view the groups in set (b), modify the description, add an owner, remove an owner etc. When I try to add or remove a member from a group where I am one of the owners, everything is fine. BUT, when I try to add or remove a member from a group where I am not listed as an owner, it gives me an "Access denied" error with these details: "The request included members which the requestor is not authorized to add and/or remove from this group"
I am a member of the set in (a) and can remove/add members from the groups that I am the owner of. My questions are:
A) What else do I need to do to add/remove members from a group that I am not the owner of but this group still belongs to the set (b).
B) Why does the Portal force me to add an owner to every group that of set (b) that I click to view/edit. Isn't there a way around that i.e. not having to put any owner and still be able to add/remove members. For all the groups in set (b), the Join Instruction is set to "None" (i.e. any user can become a member of the group).
I hope someone can shed some light on this. I have seen similar questions on the forum from a few years ago but they hadn't been answered (completely).
Thanks
↧
Notification of any change
I have a connected system; and that system has an application power users group. The Application admin's want to know if any attribute has changed for a member of that group. I would be willing to create a set in the portal, or add an attribute
to the schema to track membership. Then somehow either within the MA or in the portal send a notice to the Application admins of any type of changes to a member of that group. Does anyone have any suggestions?
↧
FIM Synchronization Licence
aconsultation,
I want tocreateaGALamongseveralorganizations,andIplan tourgefimsynchronizationservice2010R2Sp1.
atthetimeofdownloadittellsmethatitis aproductofevaluationfor180 days.
ButifI'm goingtoreviewtheissueoflicensingsaysthat itdoes notneedCALs
MyquestionisifI need tobuytheproductorfimsynchronizationserviceitisfreeanddoes notneed alicense.
asactiveproductfimsynchronizationservicethat hesaysbeonevaluationIneedlicense?
↧
↧
License FIM synchronization
aconsultation,
I want tocreateaGALamongseveralorganizations,andIplan tourgefimsynchronizationservice2010R2Sp1.
atthetimeofdownloadittellsmethatitis aproductofevaluationfor180 days.
ButifI'm goingtoreviewtheissueoflicensingsaysthat itdoes notneedCALs
MyquestionisifI need tobuytheproductorfimsynchronizationserviceitisfreeanddoes notneed alicense.
asactiveproductfimsynchronizationservicethat hesaysbeonevaluationIneedlicense?
↧
Custom workflow fails as auth workflow but succeeds as action workflow
Hi all,
I'm building an environment that contains a couple of custom object types - one of which holds details about applications, and the other which contains a request to install a given instance of one of these apps.
Some of the applications are subject to one or two levels of authorisation, with custom escalations and thresholds, so I'm trying to make it as generic and extensible as possible by holding these as attributes on the application object.
So for now, I'm simply firing an approval to the first approver by initially looking up the "ApplicationInstallRequest" for the corresponding application, and then from the latter object reading the approver.
This works as an action workflow, but as an authorization workflow I receive an "access denied" error at the first read resource activity, with:
Error processing your request: The operation was rejected because of access control policies.
Reason: The server workflow rejected the operation.
Attributes:
Correlation Id: df7f8849-3921-48e9-ba75-14ad6298fa79
Request Id: 623c0d79-5594-4ebe-b562-480a4c750959
Details: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType
request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier,
Object redispatchSingleInstanceKey, Boolean isRedispatch) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType
request, Boolean applyAuthorizationPolicy) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem
workItem).
Do I need to specify the resource from the currentRequestActivity, or am I missing something else?
Thanks,
Paul
↧
Error on AD Export
Hi , Export profile of AD is stopping for user with error in event viewer as any body have understanding for such error , please suggest
↧
AD group membership: sync rules vs. MA attribute flows?
Ran across a curious behavior, and I'm wondering if I'm doing something wrong?
The initial configuration (from a consultant) came with an AD MA with a single outbound attribute flow "member => member" for groups. (Member does not flow in from AD, either.) There is also an outbound sync rule with a small number of persistent flows, including "member => member". The sync rule basically works because I can create a group in the portal and AD MA will create a corresponding group. Further, if I change something with another tool (say, change a group's displayName via Powershell) FIM picks up on that and changes it back using the outbound sync rule.
A synchronization preview, however, always shows "Not applied" for the rule's member flow, and "Applied" for everything else.
I removed the AD MA attribute flow for member, and now the synchronization preview says "Applied" for the member flow. The problem is that the membership in the AD group is never updated! Unlike displayName, if I change the membership using an outside tool (ADUC), FIM synchronization will never change it back. And if I create a new criteria-based group in the portal, a corresponding group in AD is created, but members are never added. "View members" in the portal lists members, and the MV object's members match.
I am not using deferred evaluation; and just to make sure, I let things run in this state overnight in my QA system. The AD group's membership never gets in sync with FIM.
Do I really have to specify an attribute flow for member in the MA rather than use a sync rule?
Running FIM 2010 R2. Thanks in advance, -Les
↧
↧
Password Reset Failed
My password reset portal is using SMS gate, it has been working and recently has problem.
FIM Portal Server eventlog shows PermissionDeniedException:
Requestor: urn:uuid:b0b36673-d43b-4cfa-a7a2-aff14fd90522
Correlation Identifier: f0f5c811-a595-4f1b-984d-3e2d8d61dee2
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: SystemConstraint
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteInitialAuthentication(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAuthentication(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest(RequestType request)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
Anyone has any idea for this issue?
Jason
↧
Documenting FIM Sync flows
Hi,
Is there any tool available for download today which can document attribute flow base on configuration (MA or Server) exported directly from FIM Sync (without Portal & FIM Service)?
Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)
↧
Connect FIM to Remedy
Does anyone know if there is a Remedy Connector to FIM? Is there any info out there on sending Remedy requests (Like create new AD account or change attribute etc) to FIM to execute.Thanks
↧
ERE not found
Hi all,
I have problem to create users in AD, using the outbound rule; the user is imported from RH to FIM, and the Expected Rule Entry is not found; the object is not created in AD.
how can I resolve this problem plz ?
Regards
↧
↧
GAL Synchronization FIM 2010
currentlyI haveseveral companies
withexchange2010and 2013
want to create aglobal address list, my question would be:
1I haveto implementFIM Serverineach of theorganizations?
2I have topurchase a license forFIMforeachorganization?
thank you very much
want to create aglobal address list, my question would be:
1I haveto implementFIM Serverineach of theorganizations?
2I have topurchase a license forFIMforeachorganization?
thank you very much
↧
FIM Reporting initial sync running long time
We have installed FIM Reporting last month , afterwards our FIM reporting initial sync powershell script is running from last month to Sync FIM data with SCSM server , but still only half data is synced with SCSM server ,
we have 4 server
1. Server1 --FIM server
2. Server2 -- FIM database
2. Server3 -- SCSM service manager and SQL server Databases for Service manager and Data warehouse
4. Server4 -- Data warehouse server
As FIM initial sync script is taking long time to sync so we found some errors in Server 4 (Data warehouse server) multiple times during ETL jobs running.
Error screen shot
Please give some suggestions to make FIM initial sync faster
↧
Simple Powershell example for FIM
All,
I am new to Powershell and FIM.
To learn Powershell usage in FIM I was studying PS.
Now I want to apply learned concepts.
Is there any source site/blog which explains or have any simple examples to start with?'
Kindly suggest.
Thanks,
Manohar
↧
More Pages to Explore .....
