FIM Synchronization Repeat Contacts Exchange 2013 and 2010

December 8, 2014, 12:49 pm

≪ Previous: SQL HA and FIM 2010 R2 SP1 support

Hey how are you?

actualemntestorywithFIM Synchronization2010 R2

I have twoorganizations:

Oraganizacion1:

Exchange 2013S1
FIMServer

organization2

Exchange 2010Sp3

contactsorganizationnumbertwoispossible to see theminorganizavionnumberone

the downside istrying tosincornizar repeatedlycontactsthe organizationtowards eachorganization'snumbertwo beingrepeatedand causes problemswith users.

repeated contact:

contact.dominio.com
contact1.dominio.com
contact3.dominico.com

I can do??

↧

FIM for just SSPR

December 8, 2014, 1:36 pm

≫ Next: RCDC problem

≪ Previous: FIM Synchronization Repeat Contacts Exchange 2013 and 2010

I have an environment with two FIM servers - SSPR reset/registration hosted in one and the rest of sync, fim service, sharepoint foundation installed in the other. The database is hosted in a third server.

The goal is to use FIM for just SSPR. I was following the guidelines as presented inhttp://technet.microsoft.com/en-us/library/hh826057(v=ws.10).aspx. But this has a different scenario where a user is created in FIM and then provisioned in AD. I didn't get much info from SSPR deployment guide.

I need FIM to just SSPR for users in AD. How do I modify the ADMA, FIMMA and MPRs to accomplish just this? I don't want FIM to make any changes in AD except for password reset and I don't want FIM to import anything other than first name, last name, sAMAccountname, display name, objectsid, and description to metaverse from AD (I am assuming the users need to be imported to metaverse first).

Any insights would be highly appreciated. Thanks!

↧

RCDC problem

December 8, 2014, 3:52 pm

≫ Next: Generating unique attributes on import to MV

≪ Previous: FIM for just SSPR

I have a custom object "Computer" and I have a user attribute "Computers" (a multivalued reference attribute), which can reference to one or more Computer objects. However, when I put the following control to the user creation RCDC page, FIM complains that that there is a problem in the DCDC configuration. Any insights on what I am doing wrong? Thanks a lot in advance !!!

      <my:Control my:Name="Computers my:TypeName="UocIdentityPicker" my:Caption="{Binding Source=schema, Path=Computers.DisplayName}" my:Description="{Binding Source=schema, Path=Computers.Description}">
          <my:Properties>
              <my:Property my:Name="ReadOnly" my:Value="false" />
              <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=Computers.Required}" />
              <my:Property my:Name="Mode" my:Value="MultipleResult"/>
              <my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName, ObjectType" />
              <my:Property my:Name="AttributesToSearch" my:Value="DisplayName" />
              <my:Property my:Name="Value" my:Value="{Binding Source=object, Path=Computers, Mode=TwoWay}" />
              <my:Property my:Name="ResultObjectType" my:Value="Computer"/>
              <my:Property my:Name="ListViewTitle" my:Value="Select a Computer" />
              <my:Property my:Name="ObjectTypes" my:Value="Computer" />
              <my:Property my:Name="Hint" my:Value="{Binding Source=schema, Path=Computers.Hint}" />
          </my:Properties>
      </my:Control>

↧

Generating unique attributes on import to MV

December 9, 2014, 6:01 am

≫ Next: FIM 2010 Sync'ed Users not showing in the FIM Portal

≪ Previous: RCDC problem

Hi,

I have read a couple of forum threads on the topic but I still don't know how to solve this in elegant way.

I remember one post referring to calculation & checking for uniqueness during IAF (Extension DLL) and I liked the idea.
It was suggested to check for uniqueness in MV. But wasn't actually describing the way to accomplish that, I was able to do this using a SQL query, but I'm not sure if this is correct. It seems to work correctly, but I'm not sure of consequences it may have.
So the import flow from SQL table to MV would look: if the attribute value (to be generated) in MV is empty, and then generate the value using a pretty simple algorithm (concatenating 2 existing attributes) and checking in MV for uniqueness (SQL Query).

I was also considering using a portal workflow to generate the attribute values but it seems to me even more problematic as a lot of workflows run at the same time so it may not guarantee the uniqueness at all.

I would be thankful for any suggestions and comments.

Bart

↧

FIM 2010 Sync'ed Users not showing in the FIM Portal

December 9, 2014, 9:39 am

≫ Next: Applying outbound AD SyncRule ... DN "null()" is not valid

≪ Previous: Generating unique attributes on import to MV

I am running a proof of concept using FIM 2010 R2 SP1 to sync digital identities between eDirectory and AD DS. I have followed the following guide from MS in order to sync AD DS users to give me a feel for what is required.

http://technet.microsoft.com/en-us/library/ff686264(v=ws.10).aspx

The instructions have been followed exactly and when I run the run profiles I can see test objects as Adds. The problem I have is when this has been done the users do not show up in the FIM portal.

This is probably an easy fix for a FIM expert? Any ideas?

↧

Applying outbound AD SyncRule ... DN "null()" is not valid

December 10, 2014, 3:25 am

≫ Next: Retire a Smart Card after deleting a profile template

≪ Previous: FIM 2010 Sync'ed Users not showing in the FIM Portal

Hello

Scenario:

I import a user from my import source (File MA)
User is exported to FIM and the AD outbound provisioning rule is calculated and "pending"
Im using a CN generator workflow to create CN based on firstname and lastname.
User is imported back into MV...with CN... EREs imported also.
Export attribute flow back to FIM portal and provisioning rule dosent apply.

The error is in creating a DN for only 1 category out of the 3 (the contractors)...both staff and students work...the outbound expression is as below (this is fine and has no validation errors)...

IIF(Eq(employeeCategory,"Staff"),"CN="+cn+",OU=staff,OU=Accounts,DC=test,DC=local",IIF(Eq(employeeCategory,"students"),"CN="+cn+",OU=students,OU=Accounts,DC=test,DC=local","CN="+cn+",OU=contractors,OU=Accounts,DC=test,DC=local"))

>> "dn"

The error i get is as below:

Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: '(Sync Rule) Provision Active Directory Users Inbound/Outbound'. Details: DN "null()" is not valid. at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)

hence its returning NULL() and not applying the provisioning rule.

Coincidentally im getting these errors in eventvwr, not sure if these are related...

The server encountered an unexpected error in the synchronization engine:

"BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\sproc.cpp(1571): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\imgbldr.cpp(1226): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\imgbldr.cpp(1086): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\imgbldr.cpp(3176): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\mvobj.cpp(199): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\nsmvimp.cpp(285): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sqlstore\csobj.cpp(1881): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sync\synccore.cpp(548): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sync\synccoreimp.cpp(143): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sync\synccoreimp.cpp(8635): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sync\synccoreimp.cpp(3792): 0x80230405 (The operation failed because the object cannot be found)
ERR_: MMS(2884): d:\bt\800\private\source\miis\server\sync\synccoreimp.cpp(3823): 0x80230405 - CS to MV to CS synchronization failed 0x80230405: [1e4cc3dc-c55e-44be-ad34-d9ab90844969]
BAIL: MMS(2884): d:\bt\800\private\source\miis\server\sync\synccoreimp.cpp(3573): 0x80230405 (The operation failed because the object cannot be found)
ERR_: MMS(2884): d:\bt\800\private\source\miis\server\sync\syncmonitor.cpp(2528): SE: Rollback SQL transaction for: 0x80230405

appreciate any insight

↧

Retire a Smart Card after deleting a profile template

December 10, 2014, 7:39 am

≫ Next: Active Directory, Format of date/time properties in C#

≪ Previous: Applying outbound AD SyncRule ... DN "null()" is not valid

Is there any way to retire a smart card if the profile template has been deleted? testing and thought i had retired it prior to deleting the profile template..

I get "there is no such object on the server" when attempting to read the details of the smart card.

Aaron

↧

Active Directory, Format of date/time properties in C#

December 10, 2014, 10:16 am

≫ Next: FIM CM Smart Card centralized management cant execute

≪ Previous: Retire a Smart Card after deleting a profile template

Hello Mate,

I am trying to make a decision at AD Management Agent Sync based on the value of Whencreated attribute in AD on daily basis.

When I import the value whencreated in AD connector space, the value is 20141209193924.0Z

I was believing it follow the format

YYYY -> four digit year
MM -> 2 digit month
DD -> 2 digit day

The code

if (csentry["Whencreated"].IsPresent)

                       {
                          DateTime currentDateTime = DateTime.Now;
                          String dateStr = currentDateTime.ToString("yyyyMMdd");
                          if (csentry["Whencreated"].Value.Remove(8).Equals(dateStr))

{

// Do Something.

}

However if I look whencreated attribute for the user in AD it is 12/10/2014 1:09:24 AM and see there is a difference of 1 day.
Kindly help how to convert the value of the format 20141209193924.0Z to date and time in C#

Thanks and Regards,
Anirban Singha

↧

FIM CM Smart Card centralized management cant execute

December 10, 2014, 12:22 pm

≫ Next: Datetime wrong in FIM portal

≪ Previous: Active Directory, Format of date/time properties in C#

I am testing the process in http://technet.microsoft.com/en-us/library/hh230277(v=ws.10).aspx and i do not get the option to execute the request.. I only have the OK button after submitting and it gives me the one time password.. any suggestions? i have been over the sucurity configuration a dozen times looking for a missed step and can't find a cause..

Aaron

↧

Datetime wrong in FIM portal

December 10, 2014, 2:49 pm

≫ Next: Sample for FIM web services conector MA

≪ Previous: FIM CM Smart Card centralized management cant execute

Hello.

I'm flowing a date "2014-12-31" to the enddate attribute in FIM, iam running it through datetimeformat and when i look at the attribute in database it looks ok, 2014-12-31 00:00:00.

But... when i look at the date in FIM portal it has changed to an earlier occation, IE "2014-12-30 16:00:00" this is causing rules to fail.

How can this be fixed, timezone in Sharepoint seems to be ok.

↧

Sample for FIM web services conector MA

December 10, 2014, 10:11 pm

≫ Next: FIM GINA Client Installation

≪ Previous: Datetime wrong in FIM portal

Hi All,

We have a requirement to create users in FIM portal using web services. User will be created in web application and once Submit button is pressed, a web service is called to retrieve request from web application now this web service has to create user in FIM. Can we use FIM web service MA for this case. If any sample available for same, it will be great help.

Any help will be greatly appreciated.

Thanks,

Ruchir

↧

FIM GINA Client Installation

December 11, 2014, 12:15 am

≫ Next: When new user is created in FIM, an approval mail should be sent to his manager

≪ Previous: Sample for FIM web services conector MA

Hi Team,

We are planning to deploy FIM SSPR GINA Client via SCCM.

Does Add-ins and extensions.msi alone is enough in the package?

Do we need to include the language packs as well in the package?

Thanks and Regards, Siva Kumar Balaguru

↧

When new user is created in FIM, an approval mail should be sent to his manager

December 11, 2014, 2:11 am

≫ Next: FIM License for developmemt environment

≪ Previous: FIM GINA Client Installation

Hi,

We have a requirement that when a new user is created in FIM, an approval mail should be sent to his manager for creation in external source i.e. AD. If the manager rejects the request, the workflow ends and user should not get created in AD.If the manager approves the user creation request then an another request mail should be sent to the user's manager's manager for 2nd level of approval.If the user's manager's manager approves the request then user should get created in AD.

Regards

Anil Kumar

↧

FIM License for developmemt environment

December 11, 2014, 2:16 am

≫ Next: Log4net is not logging a service.log file in code based provisioning of users from FIM to AD using FIM SYNC.

≪ Previous: When new user is created in FIM, an approval mail should be sent to his manager

Hi,

Could anyone please suggest if we need the FIM CAL's license for developmet, SIT and UAT environment also.

Thanks

Harry

↧

Log4net is not logging a service.log file in code based provisioning of users from FIM to AD using FIM SYNC.

December 11, 2014, 5:13 am

≫ Next: Change to rules provisioning not being processed

≪ Previous: FIM License for developmemt environment

Hi,

For Provisioning users from FIM to AD, we are going with code based provisioning i.e we are using metaverse rule extension. So, we are using MVExtension.dll in FIMSYNC ADMA for writing custom rules. We are trying to use logging for understanding the state of MVExtension.dll, for that i am using log4net.dll. But the log file i.e. service.log is not getting created. I am unable to see logs.

I have added log4net.dll in References, and gave log4net.xml refernce in AssemblyInfo.cs and using the log methods Debug,Info and Error in my MVExtension.cs

Could you please help me out how to use log4net.dll for logging in MVExtension.dll in code based provisioning.

Thanks

Prasanthi.

↧

Change to rules provisioning not being processed

December 11, 2014, 6:19 am

≫ Next: Importing attributes from an external data source to existing AD user objects

≪ Previous: Log4net is not logging a service.log file in code based provisioning of users from FIM to AD using FIM SYNC.

I updated a import rules extension, but the change is not being processed when the MA runs.

Example: mventry["attribute"].Value = "A";

Changed to: mventry["attribute"].Value = "B";

Run full sync, the value remains A. New accounts also continue to get "A". Disable/enable metaverse rules extensions under options, no difference.

Any ideas?

↧

Importing attributes from an external data source to existing AD user objects

December 11, 2014, 9:42 am

≫ Next: Replacement for the free FIM 2007 FP1 product

≪ Previous: Change to rules provisioning not being processed

I have an Oracle DB with ~1000 users records. Approximately 300 of those users exist in my local AD. I want to use FIM to import several data elements (employeeID, manager, and few custom fields) from the oracle DB user records into the 300 respective AD accounts only, I don't want to import all 1000 users into AD. Further, some of the data I wish to import will require custom attributes to be added to the AD user object schema. Can FIM handle all of this on a recurring basis (weekly replication)?

↧

Replacement for the free FIM 2007 FP1 product

December 11, 2014, 12:03 pm

≫ Next: Using SMTP Mail Relay instead of Exchange

≪ Previous: Importing attributes from an external data source to existing AD user objects

I want to setup a GALSYNC between two Exchange 2010 environments for two merging companies. To overcome a coexistence period of 1yr+ we want to setup GALSYNC for this to provide them with contacts and availability-lookup functionality. I used to be able to do so using FIM 2007 FP1 which was free, but now I learn from MS that that product is now only available as a 180 days evaluation and as the full FIM product is very expensive and apparently planned to be phased out as well I wonder if there are any other free alternatives other than writing some scripts manually that sync mailboxes to remote contacts.

Any suggestions?

Many thanks

Eric

Best regards and many thanks in advance, Eric Vegter

↧

Using SMTP Mail Relay instead of Exchange

December 11, 2014, 3:39 pm

≫ Next: Send email to external email address

≪ Previous: Replacement for the free FIM 2007 FP1 product

I am trying to use an SMTP Mail Relay instead of Exchange (due to licensing issue) for the FIM Service to send out notification and approval e-mails. So, in the FIM config file, I changed the Mail Server configuration from:

to:

Then I restarted the FIM Service. However, the mail feature has stopped working after switching to the mail relay. Is there any further configuration work needed somewhere else?

↧