FIM WAL, IIF statement for boolean attribute

December 2, 2014, 9:38 am

≫ Next: Getting the Request origin IP

≪ Previous: Outbound sync of attributes not working

I'm trying to use an IIF function with an attribute that has a Boolean value but I can't get it to work.

Examples:

I have an attribute named DisableNotification, it holds a Boolean value

I have tried the following but they do not seem to work.

IIF([//Target/DisableNotification],Null(),[//WorkflowData/NotificationList])

IIF(Eq([//Target/DisableNotification],True),Null(),[//WorkflowData/NotificationList])

Anyone know how to use a boolean attribute with an IIF statement in a FIM WAL Activity?

↧

Getting the Request origin IP

December 2, 2014, 11:03 am

≫ Next: RCDC not showing existing value

≪ Previous: FIM WAL, IIF statement for boolean attribute

Hi to all,

I'm new to FIM and been stuglling with a task which is to log the IP of the PC which is requesting password reset or the IP of the PC where na "user is changed" in FIM Portal.

I have created na Custom activity by following the

"Walkthrough: Create a Logging Custom Activity and Deploy it to the FIM Portal",

but unfortunatly i could confirm that the "RequestType" object does not contains this IP/Remote Address property.

Does anyone can help me or guide me on how to achive this goal?

Thank You all in advance

Cheers

↧

RCDC not showing existing value

December 2, 2014, 4:16 pm

≫ Next: How to use lastlogontimestamp so it can be used in sets

≪ Previous: Getting the Request origin IP

I modified an RCDC to include a dropdown list for staff to select a state from. Previously they had to enter that manually.

Added an XML datasource to the top of the RCDC page and updated the "State" field to now use the dropdown list.

After upload and IIS restart the dropdown list is visible and working. When I select a state and hit submit on the form the State field gets updated. However, when I open the same employee again for editing, the State dropdown lists shows an initial value of "System.Object[]". What is going wrong?

The FIM attribute name: EmployeeState

Code:

my:XmlDataSource my:Name="ListOfStates">
<ListOfStates>
<State Code="QLD" />
<State Code="NSW" />
<State Code="VIC" />
</ListOfStates>
</my:XmlDataSource>

<my:Control my:Name="EmployeeState" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=EmployeeState.DisplayName}" my:Description="{Binding Source=schema, Path=EmployeeState.Description}" my:RightsLevel="{Binding Source=rights, Path=EmployeeState}">
<my:Properties>
<my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=EmployeeState.Required}"/>
<my:Property my:Name="ValuePath" my:Value="@Code"/>
<my:Property my:Name="CaptionPath" my:Value="@Code"/>
<my:Property my:Name="Hint" my:Value="{Binding Source=schema, Path=EmployeeState.Hint}"/>
<my:Property my:Name="ItemSource" my:Value="{Binding Source=ListOfStates, Path=/ListOfStates/*}"/>
<my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=EmployeeState, Mode=TwoWay}"/>
</my:Properties>
</my:Control>

↧

How to use lastlogontimestamp so it can be used in sets

December 2, 2014, 8:22 pm

≫ Next: Bhold attestation setup if FIM POrtal is already used for Group Membership

≪ Previous: RCDC not showing existing value

I'm looking at a way to put users in certain sets based on the lastlogonTimestamp. What is the best way to do this? I create a "lastlogonTimestamp" attribute in MV and can use it to sync that value from AD into the user's details in FIM's metaverse.
How can I use that to add a user to a specific set e.g. a set with users who have not logged on for 30 days or more??

↧

Bhold attestation setup if FIM POrtal is already used for Group Membership

December 2, 2014, 11:29 pm

≫ Next: Can we create Criteria based groups of computers?

≪ Previous: How to use lastlogontimestamp so it can be used in sets

Background - We had a FIM 2010 deployment in production deployment. Few months ago, we upgraded it to FIM R2. There are already about 4000 Criteria based Groups and Request Based Groups at FIM portal. FIM portal is used as an authoritative source for group membership.

Problem Statement - The requirement is to attest the existing and ongoing Request Based group membership of users using BHold User Attestation module. We want to continue FIM portal (not Bhold UI) as the end user interface for requesting the group membership. Hence, for metaverse' group object's member attribute, FIM Portal should have higher precedence than Bhold MA.

From available documentation of Bhold, I understand that BHold is more suitable in cases where FIM Portal is not already the Group Membership deciding system. However, in our already existing deployment, both group membership is given by FIM portal. In fact this should be the case with all the FIM deployments before Bhold’ s release.

Please suggest on how to attest the group memberships.

Mayank Vaish

↧

Can we create Criteria based groups of computers?

December 3, 2014, 9:51 am

≫ Next: Calling All Wise Men! FIM Gurus Needed! Apply Within! No One Turned Away!

≪ Previous: Bhold attestation setup if FIM POrtal is already used for Group Membership

Hi Team,

We have imported the computer objects to FIM portal and it has few attributes which can help creating the criteria based group of computers.

But when we tried creating the criteria based security group, we were not able to select any custom object other than Users,Groups in the filter builder.

We have added the computer objects in the Filter permission as well, but no luck.

Any suggestions?

Thanks and Regards, Siva Kumar Balaguru

↧

Calling All Wise Men! FIM Gurus Needed! Apply Within! No One Turned Away!

December 3, 2014, 1:46 pm

≫ Next: RCDC default value

≪ Previous: Can we create Criteria based groups of computers?

Calling all wise men!

Join us and rejoice!

The time for giving is upon us again!

A time for family (community) and gifts of knowledge!

Why not wrap up a little something extra special this year.

After all, tis the season to be generous!

Remember the reason for the season!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

↧

RCDC default value

December 3, 2014, 2:50 pm

≫ Next: FIM 2010 R2 SP1 Mainstream Support Ends 2015

≪ Previous: Calling All Wise Men! FIM Gurus Needed! Apply Within! No One Turned Away!

I posted a similar question (https://social.technet.microsoft.com/Forums/en-US/32497996-6a00-4b2c-b069-856f8e9e669e/rcdc-not-showing-existing-value?forum=ilm2) but thought better to reword my question:

When using RCDC is it possible to use default values? I.e. when editing a user record in FIM, is it possible to use an existing value as the default for a dropdown list? So if I initially set the field State to QLD and edit this later, QLD should be the selected value in my dropdown list.

↧

FIM 2010 R2 SP1 Mainstream Support Ends 2015

December 3, 2014, 5:43 pm

≫ Next: FIM 2010 R2 SP1 Mainstream Support Ends July 2015

≪ Previous: RCDC default value

Hi,

According to http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=forefront+identity+manager&Filter=FilterNO, mainstream support for FIM 2010 R2 SP1 ends on 7/14/2015. While extended support ends on 7/14/2020.

So...

Is Microsoft planning to release SP2 for FIM 2010 R2?
If not, then MIM 2015 has to RTM before 7/14/2015?

And unless you have Extended Support, you shouldn't even consider FIM 2010 R2 at this stage?

So what about customers that are currently planning/testing to deploy FIM in the middle of 2015? Should they continue working with FIM or rather develop/test on MIM?

Comments?

↧

FIM 2010 R2 SP1 Mainstream Support Ends July 2015

December 3, 2014, 5:43 pm

≫ Next: FIM Password Reset Add ins Error - Could not connect

≪ Previous: FIM 2010 R2 SP1 Mainstream Support Ends 2015

Hi,

So...

Is Microsoft planning to release SP2 for FIM 2010 R2?
If not, then MIM 2015 has to RTM before 7/14/2015?

And unless you have Extended Support, you shouldn't even consider FIM 2010 R2 at this stage?

So what about customers that are currently planning/testing to deploy FIM in the middle of 2015? Should they continue working with FIM or rather develop/test on MIM?

Comments?

↧

FIM Password Reset Add ins Error - Could not connect

December 4, 2014, 12:04 am

≫ Next: Powershell not running within an ECMA

≪ Previous: FIM 2010 R2 SP1 Mainstream Support Ends July 2015

Hello All,

The FIM Password Reset Add-ins is showing error Could not connect.

I have checked the configuration settings on the user machine : (FIM Service Server Address and Password Registration Intranet URL). Same settings are working on other machines. Service is running too. But, still on some user machines it's not working.

There must be something which does not allow the computer system to connect. Any suggestions on this ?

Regards

Divye

↧

Powershell not running within an ECMA

December 4, 2014, 2:32 am

≫ Next: Active Passive FIM 2010 R2 Deployment Across 2 DCs

≪ Previous: FIM Password Reset Add ins Error - Could not connect

Hello FIM friends,

I'm trying to embed a simple PS call within an ECMA to enable Lync accounts. I have a form app that works perfectly and can enable the accounts from the cmd line shell using the FIM service account, but the call fails when being run from within the MA.

Here's the method I'm using:

public void enableLync(String cn)
 {
   String pool = getParams("Pool");
   String sipAddress = getParams("SIPAddress").Replace("cn", cn);

   InitialSessionState initial = InitialSessionState.CreateDefault();
   initial.ImportPSModule(new string[] { "C:\\Program Files\\Common Files\\Microsoft Lync Server 2010\\Modules\\Lync\\Lync.psd1" });
   Runspace runspace = RunspaceFactory.CreateRunspace(initial);
   runspace.Open();
   PowerShell ps = PowerShell.Create();
   ps.Runspace = runspace;

   //Enable the user for Lync
   ps.Commands.AddCommand("Enable-CsUser");
   ps.AddParameter("-Identity", cn);
   ps.AddParameter("-RegistrarPool", pool);
   ps.AddParameter("-SipAddress", sipAddress);

   ps.Invoke();

 }

The error is "System.Management.Automation.CommandNotFoundException: The term 'Enable-CsUser' is not recognized as the name of a cmdlet, function, script file, or operable program"

Which looks like a permissions issue, or the "ImportPSModule" call is failing - but I can Import the Lync module fine from the PS cmd line and my test app runs the exact same code as above perfectly well when both are runas the FIM Service account.

Has anyone come across anything like this before? Any ideas?

Cheers,

Dave

↧

Active Passive FIM 2010 R2 Deployment Across 2 DCs

December 4, 2014, 4:34 am

≫ Next: SSPR Answer Constraints Query

≪ Previous: Powershell not running within an ECMA

Hi,

I'm looking into a design for HA across 2 DCs. As far as I'm aware it's not possible to have an Active-Active scenario - the FIM sync service is the limiting factor.

What I'm not sure about is whether it's possible to have a complete FIM 2010 R2 configuration in a passive environment, whereby it's not actually be used, but ready for go live if DC1 fails. Both FIM installations use the same AD. I'm thinking of using something along the lines of the below diagram to configure an active/passive HA environment.

The idea being is that the FIM servers in DC1 and DC2 will have an almost identical configuration and use the same service accounts, but the DBs in DC2 will be read-only until fail over.

Presumably for any fail over scenario, I would need to do the following:

- Update SPNs for the FIM service
- Ensure any web.config files are up to date (customizations on the portal)
- Ensure DNS updated to point at new DC
- Ensure registry keys\FIM sync encryption keys are at hand if needed

The other approach I'm thinking of is using a backup and restore if DC1 goes down, however active/passive is preferred. I'd be really interested to hear from anyone who has gone through a similar setup.

Thanks

↧

SSPR Answer Constraints Query

December 4, 2014, 4:44 am

≫ Next: Search timeout when adding display and group owners.

≪ Previous: Active Passive FIM 2010 R2 Deployment Across 2 DCs

I am attempting to use an answer constraint to force users to enter two letters, followed by six numbers, followed by an optional letter, all the letters should be in capitals and no spaces allowed. I am using the following regex:

^[A-Z]{2}[0-9]{6}[A-Z]{0,1}$

Could anyone shed any light as to why this is not working?

Many thanks

↧

Search timeout when adding display and group owners.

December 4, 2014, 12:14 pm

≫ Next: Sharepoint WebService Connection

≪ Previous: SSPR Answer Constraints Query

We have made some customizations to our RCDC to allow security groups to be owner and display owner of groups. Everything works as expected until you type in the fields and press enter. The search query timeouts and you must close the creation window and reopen. This only happens on the dynamic search. If you browse you can find the groups with no issues. The timeout also happens regardless of if you search users or group. Hoping someone has an idea why the dynamic search causes a timeout.

<my:Grouping my:Name="GroupingOwners" my:Caption="%SYMBOL_OwnersTabCaption_END%"><my:Help my:HelpText="%SYMBOL_OwnersTabHelpText_END%" my:Link="5d8daa86-efd0-48f8-bb91-8f8eebc9897f.htm#bkmk_grouping_GroupingOwners"/><my:Control my:Name="OwnerList" my:TypeName="UocIdentityPicker" my:Caption="{Binding Source=schema, Path=Owner.DisplayName}" my:RightsLevel="{Binding Source=rights, Path=Owner}"><my:Properties><my:Property my:Name="Mode" my:Value="MultipleResult"/><my:Property my:Name="Rows" my:Value="3"/><my:Property my:Name="Required" my:Value="true"/><my:Property my:Name="ObjectTypes" my:Value="Person,Group"/><my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, AccountName, Department"/><my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName"/><my:Property my:Name="Value" my:Value="{Binding Source=object, Path=Owner, Mode=TwoWay}"/><my:Property my:Name="UsageKeywords" my:Value="Person,AllSecurityGroups"/><my:Property my:Name="ResultObjectType" my:Value="Person,Group"/><my:Property my:Name="ListViewTitle" my:Value="%SYMBOL_OwnerListListViewTitle_END%"/><my:Property my:Name="PreviewTitle" my:Value="%SYMBOL_OwnerListPreviewTitle_END%"/><my:Property my:Name="MainSearchScreenText" my:Value="%SYMBOL_OwnerSearchText_END%"/></my:Properties></my:Control><my:Control my:Name="DisplayedOwner" my:TypeName="UocIdentityPicker" my:Caption="{Binding Source=schema, Path=DisplayedOwner.DisplayName}" my:RightsLevel="{Binding Source=rights, Path=DisplayedOwner}" my:Description="%SYMBOL_DisplayedOwnerDescription_END%"><my:Properties><my:Property my:Name="Required" my:Value="true"/><my:Property my:Name="ObjectTypes" my:Value="Person,Group"/><my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, AccountName, Department"/><my:Property my:Name="AttributesToSearch" my:Value="DisplayName, AccountName"/><my:Property my:Name="Value" my:Value="{Binding Source=object, Path=DisplayedOwner, Mode=TwoWay}"/><my:Property my:Name="UsageKeywords" my:Value="Person,AllSecurityGroups"/><my:Property my:Name="ResultObjectType" my:Value="Person,Group"/><my:Property my:Name="ListViewTitle" my:Value="%SYMBOL_DisplayedOwnerListViewTitle_END%"/><my:Property my:Name="PreviewTitle" my:Value="%SYMBOL_DisplayedOwnerPreviewTitle_END%"/><my:Property my:Name="MainSearchScreenText" my:Value="%SYMBOL_DisplayedOwnerSearchText_END%"/></my:Properties>

↧

Sharepoint WebService Connection

December 4, 2014, 2:34 pm

≫ Next: FIM & SQL IOPS examples?

≪ Previous: Search timeout when adding display and group owners.

How will I get data from Sharepoint.

We have been provided with a webservice that includes Lists.

The url looks something like this:

http://SHAREPOINT_WEBSITE/_vti_bin/ListData.svc

Can I create a management agent or something else?

Thanks

↧

FIM & SQL IOPS examples?

December 4, 2014, 7:44 pm

≫ Next: Is it possible to populate readOnly text box(es) on a FIM 2010 R2 RCDC User create form with the details of the logged in user?

≪ Previous: Sharepoint WebService Connection

Hi,

Would anyone have any example FIM SQL & FIM Reporting IOPS, to give us some indications?

Thanks,

↧

Is it possible to populate readOnly text box(es) on a FIM 2010 R2 RCDC User create form with the details of the logged in user?

December 5, 2014, 5:57 am

≫ Next: GALSync issue with FIM 2010 RTM - Don't get exported contacts in the other forests :-(

≪ Previous: FIM & SQL IOPS examples?

Hello

I am curious if this can be done. I guess its a Person object I need to fetch, but how can I refer to it?

What would the XPath look like?

*HH

↧

GALSync issue with FIM 2010 RTM - Don't get exported contacts in the other forests :-(

December 5, 2014, 11:32 pm

≫ Next: SQL HA and FIM 2010 R2 SP1 support

≪ Previous: Is it possible to populate readOnly text box(es) on a FIM 2010 R2 RCDC User create form with the details of the logged in user?

Dear FIM Masters,

I'm running FIM 2010 RTM on top of Windows Server 2008 R2 Enterprise with SQL Server 2008 R2.

I've try to migrate the old MIIS 2003 database and keys that responsible for Exchange 2003 cross-forest GAL sync. but nothing happens.

Right now, I'm using ForestA with Exchange 2010 SP3 Rollup 6 and Exchange 2003 SP2 & 2010 SP3 Rollup 6 at Forest B. The FIM is installed at Forest B.

I'd try to install a new server with the FIM and try configure the management agents from scratch. but no luck. This is my situation at every step at both of the management agents:

1. Full Import (Stage Only) - sucess (no errors).

2. Full Synchronization - completed-sync-errors, after that there's list of users at the Operations view, and when I'm clicking on each object I see the "extension-attribute-not-present" on Data source attributes - proxyAddress, homeMDB, targetAddress.

3. Export (at Forest A) - stopped-extension-dll-exception (with no details)

Export (at Forest B) - completed-export-errors (with "ma-extension-error).

After that I got no new contacts in both of the forests of mailboxes, so I can't see them at the Active Directory Users and Computers and at the Exchange Contacts :-(.

I tried to migrate the old MIIS, and to install a fresh FIM - but no luck. Also, I'm afraid that when I'll set it everything up it will duplicate the contacts from the old MIIS instead of overwrite/update them - can I avoid that?

Please assist,

Thanks.

Netanel Ben-Shushan, MCSA/E, MCTS, MCITP, Windows Expert-IT Pro MVP. IT Consultant & Trainer | Website (Hebrew): http://www.ben-shushan.net | IT Services: http://www.ben-shushan.net/services | Weblog (Hebrew): http://blogs.microsoft.co.il/blogs/netanelb | E-mail: msilforums@ben-shushan.net

↧

SQL HA and FIM 2010 R2 SP1 support

December 7, 2014, 4:19 pm

≫ Next: FIM Synchronization Repeat Contacts Exchange 2013 and 2010

≪ Previous: GALSync issue with FIM 2010 RTM - Don't get exported contacts in the other forests :-(

hi,

according to a forum post - "The only supported HA back-end for FIM is SQL Cluster, AlwaysOn or another replications (for example log shipping) are not supported." https://social.technet.microsoft.com/Forums/en-US/f2b1a9e7-c327-485e-86fc-f1b89017d3fd/active-passive-fim-2010-r2-deployment-across-2-dcs?forum=ilm2&prof=required

is this true?

and where could we find this as an official MS statement for FIM 2010 R2 SP1 & SQL 2008/2012?

thanks,

↧

Latest Images