Trojan
Creating a mandatory field based on another field's input - FIM 2010 R2
Hi Team,
How can one create a mandatory text field based on an input or selected value of another field (boolean) in FIM? OK, here is my case:
I have a custom resource in FIM with a boolean attribute. I also have another field (text box) that is dependent on the boolean's selected value. If yes is selected, the text box should become visible and require input. Otherwise, it should remain hidden.
Else, I could have all the attributes visible but the text box must require an input if Yes on the boolean is selected.
How can this be achieved? This has got my head cracking... any clues?
Error message: cd-existing-object AD MA
Hi,
can you plz help me to resolve this error showed with this error message in Fim Synchronization service: cd-existing-object (with the management AD MA).
how can I resolve it?
Regards
storechk.exe for build 2010 R2 version 4.1.3479.0
Hi
Where can I get storechk.exe for build 2010 R2 version 4.1.3479.0?
Thanks
Stefan
FIM Protal admin account got deleted
Hi All,
FIM portal administrator account got deleted accidentally,Now i am not able to access FIM portal.I tried to create admin account using powershell but i am not able to assign Administrator group membership on the FIM portal.
Please suggest what so i do to get FIM portal working again.
Thanks,
Rakesh
FIM SSPR URL Change
Hi,
I have FIM SSPR URLs configured as :
passwordreset.contoso.com
passwordregistration.contoso.com
I'm running SSPR on a different server to my FIM sync and FIM service servers.
SSPR is up and running, all is working. The customer now wants a URL change so that the URL is sspr.contoso.com? The only way I'm aware of doing this is to do a change mode install on the FIM server and the FIM SSPR - is there an easier, quicker supported way to change the URLs without a change mode install?
User Form Field Attribute mapping
All,
Is there a list of the attributes related to the fields of a user form in the FIM Portal?
For example, for the users Street Address, the attributes available to choose are address, street address, street and postal address.
Which one is used on the user form for the users street address?
If no list, how does one determine which fields are mapped instead of having to use trial and error?
I have read all FIM instructions online I can find and see no info related to this matter.
Provisiong a user immediately from FIM to AD whenever a poassword for that user is changed.
Hi,
I am trying to provision users using FIMSYNC from FIM to AD. It is working fine when i execute the RUN Profiles. Now, my scenario is i have to provision a user account immediately from FIM to AD whenever password of that user account is changed. For that i am triggering a workflow on change in user's password and calling a powershell script from the workflow by passing the user account name.
I am trying to use that passed account name in FIM MA filters.But unabel to find the solution for that.
Could you specify the way to provision only the user accounts whose password is chnaged immediately to the target systems(Ex: AD)
Thanks
Prasanthi
Group RCDC Event Handler Bug?
I have added a field in the Group RCDC in a Tab (grouping) called "Admin" and marked it as Required within the RCDC.
Now, if I were to take an existing group that has a Member Selection of "Criteria-Based" and change it to "Manual" and click "OK" without populating the "required" field in the other tab, I would be re-directed to the field with the note "The required field cannot be empty" as expected. However, if I fill out the field and submit the request, I noticed it doesn't clear the underlying "Filter" attribute and the request fails with "Group validation failed: Static group cannot update membership filter".
I believe this is related to the fact that the Group RCDC has a built-in event handler when the "Member Selection" changes. But doesn't modify the "Filter" attribute unless you go to the "Members" tab? Seems the even handler is ignored or overridden by the event handler that checks for Required fields to be populated?
Anyone else run into this?
Load balance the SSPR Site
Hi,
How can I load balance my FIM SSPR servers? I'd like to run the SSPR service on separate servers to the FIM sync, FIM service and FIM portal servers.
I've ran through the SSPR installer on a single server, but never in a load balanced setup. How do I achieve this?
Thanks
IT Support/Everything
Domino LDAP Export Error (invalid-provisioning-attribute-value)
i am trying to export the users into Domino LDAP, but getting the error "invalid-provisioning-attribute-value"
please suggest any solution.
GAL Synchronization Error
Hisuch?
ForestOne:
A server withActiveDirectory2012R2
a server withWindows2012R2andExchange 2013
a server withWindows 2008R2andFIM2010 R2sp1
ForestTwo:
A server withActiveDirectory2012R2
a server withWindows2012R2andExchange 2013
Between the twoorganizationsnotrust relationshipis configured
I find myselfconfiguring aglobal address listviaFIM
The communicationbetween the two organizationsisrestricted
TheFIMserver onlyhas accessto the portsof the followingservers:
FimServeronly haveopen
the ports to theDCserverorganizationnumber two.
LDAP389
DNS53
Kerberos88
FimServeronly haveopen
the ports to theExchange server inthe organizationnumber two.
Http80
Https443
When you runthe agentsI canimportcontactsorganizationnumbertwo tonumber oneorganization.
When I try toimport contacts fromthe
numberoneorganizationto the organizationnumber two,this is not possible.
I have enabledremote managementpowershellinExchange Serverorganization's numbertwo
IRunEnable-PSRemoting
Performthe communication testfrom the
FIMserverto the Exchangeorganizationtothenumber two.But you can notI logincommandwasrunning:
$ session= New-PSSession-ConfigurationNameMicrosoft.Exchange-ConnectionUrihttp: // hew-dc /$ user
powershell-Credential
I use theupnusuario@dominio.com
YouhavefullExchange permissionsandactive directory.
My question is:
1.there is aneed tofurtheraddport, soit does not workis to importcontactsorganizationnumberone atnumber twoorganization.
Upgrade FIM 2010 R2 Sp1 Databases from SQL 2008 R2 to SQL 2012
Hi,
I want to upgrade my SQL from 2008 R2 to SQL 2012.
FIM Databases
1) FIMService Database
2) FIMSynchronizationService Database
Mentioned above are my FIM databases running on SQL server 2008 R2 . Now I was looking for some article which could tell me if SQL can be upgraded without affecting my existing databases of FIM or if i can move these databases to a new server having SQL 2012
Activity I want to perform : Create a fresh Server of SQL 2012 and move my FIM 2010 databases over it by restoring the backups. but as per the link below it seems not possible!
http://social.technet.microsoft.com/wiki/contents/articles/5465.fimilm-how-to-move-the-backend-sql-server-synchronization-service-database.aspx
Send email to unregistered users who try to perform password reset and face error.
Hi,
I am trying to configure FIM to send email to user when an unregistered user tries to perform reset without registering.
Mail him to register first and then go for reset. But, thing is the workflow i am trying to design for this is allowing to only select the requests where status is denied, but there is no way to compare it against the unregistered userlist.
Please help me out.
Regards
Divye
Confused on FIM Service MA. It does not seem to be pulling my AD users into the correct place for the Portal
I ran a full AD import which gave me about 20K of adds.
Per the FIM Book I have I set a connector filter to filer out the admin and built in sync accounts
After running that MA I got 2 adds.
How do I get my AD users into the portal if FIM service does not import them. Is it a synch? I don't want to synch anything from the FIM DB back into AD, so I am being cautious
ADFS2012R2 Install: Why does this need Active Directory Domain Admin Account as one of the pre requisites for installating AD FS server
Team,
We were trying to configure AD FS through ADFS Wizard on Windows 2012 R2 box as part of ADFS upgrade from ADFS 2.0 to ADFS 3.0. But the installation got stuck in between as the domain account which we were using does not have admin privileges on the AD side. We have to raise to AD team to elevate the rights of the service accountb we are using.
Can any one please tell me why having an admin AD account is pre requisite for the AD FS configuration, what are the "Write" changes which occur at Active Directory side post ADFS installtion, we need this details to supply to AD team for the justification purpose.
Would appreciate any detailed response on this query
thanks
Lav
AD MA cd-error on deleted users as previous Group members
Hi,
We are running FIM 2010 R2 SP1 and Windows 2008 R2 AD with Recycle Bin enabled.
A user gets deleted from our HR system, and it turn gets deleted from FIM Portal, AD and FIM MV.
In AD, this user gets moved to Recycle Bin; and removed from the AD Groups they were a member of (in FIM Portal, AD and FIM MV).
This deleted user exists in AD Connector Space as: Placeholder CN=username\0ADEL:<some GUID>\CN=Deleted Objects,DC=....
When Exporting (Run Profile) the AD MA, we now get the following error on the Group object the user used to belong to:
Error: cd-error
Source Error Code: 1168
Source error: Element not found
Group membership modification is trying to occur, and we can also see the following in the error:
Changes: Delete
Value: CN=username\0ADEL:<some GUID>
Any idea on how to resolve this?
Thank you.
Do all workflow approvals appear in Outlook?
Hi,
In the past I have used the FIM add-ins for Outlook to approve or reject Group Join Requests.
However, if someone changes their mobile number, for example, and this needs to be approved by their manager - does this request by default also appear in Outlook with the Approve/Reject button? If yes, do we also need to deploy FIM add-ins for Outlook?
Thanks,
SK
FIM Self Signed Certificate in the personal store
Hi,
I've noticed on my 4 FIM servers (SQL, sync, portal and SSPR) I have a self signed cert in the personal computer store similar to that shown in the pic. I never specifically installed these and I don't know what they are used for (if at all). One of the issues is that the certificates are being flagged as self signed and insecure by Nessus scans - before I remove them I wanted to ask if anyone else has seen this. I'm wondering if the FIM or SQL installer installs the cert into the personal store without informing the admin - looking at the certs I can't ascertain a purpose as the friendly name and SAN simply matches the server name.
I'd be interested to hear the thoughts of others on this.
Thanks
Export error on AD cd permission issue
Hi,
Let me explain the Problem:-
As a part of the ongoing project, we had some ERP structural changes to be implemented in FIM.This led to New OU creations in AD and also OU movement of users.
As a requirement of project there were certain users(groupA) which needed to be exported first in AD and some users later(Group B) depending on their current OU structure.Export also included OU movement of these users.
To manage this we modified the permission on the OUs for users of Group B.
So that on export these users get "permission issue" errors and the export remains successful for other users group A.
But the export gets stuck on one such user with the permission issue throwing "stopped entry export error" .when we change the OU for the user so that it belongs to group A.the export again runs for some time and shows permission issue for another user and shows "stopped entry export error" .
Event viewer also gives permission issue with AD.But can anybody explain why the export is getting stopped.As per my understanding the export should move to the next user after encountering permission issue.
shakti