I am populating a DropDownListBox via a lookup of FIM objects.

My createUser rcdc has near the top the line

<my:ObjectDataSource my:TypeName="UocSearchDataSource" my:Name="search"/>

I created a reference attribute departmentRef and bound it to User type objects.

I have a custom Resource called CostCenters.

I am populating my dropdownlist control with this code:

      <my:Control my:Name="departmentRef" my:TypeName="UocDropDownList" my:Caption="Tulosyksikkö" my:Description="{Binding Source=schema, Path=departmentRef.Description}" my:RightsLevel="{Binding Source=rights, Path=departmentRef}">
        <my:Properties>
            <my:Property my:Name="Required" my:Value="True"/>
            <my:Property my:Name="Columns" my:Value="40"/>
            <my:Property my:Name="ItemSource" my:Value="{Binding Source=search, Path=CostCenters}"/>
            <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=departmentRef, Mode=TwoWay}"/>
        </my:Properties>
      </my:Control>

I am very surprised to see the initial row of my List of Options being set to "<Please select an item>"

When I expand the list I see all my CostCenters beneath this "<Please select an item.>" row.

BUT, How do I get rid of this "<Please select an item>"?

I would like either a NULL initial row or the first real CostCenter.

What am I doing wrong?

Should the create rcdc not have the selectedvalue property? I am baffled where this <Please select an item> string comes from!

*HH

Hello Ether,

Hopefully this is a fairly simply request but have been hunting for this for awhile and coming up with nothing. How/where do I change the from email address for the OTP email gate notification?

I have been hunting through config files and reg entries on the portal and service servers but can't find where I can change this.

Thanks!

warks

I have just installed the FIM portal into my test environment.  The synchronisation service was already working perfectly (can provision users from a .csv file).
The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:

Unable to process your request.

Please contact your help desk or system administrator.

Error processing your request: The server was unwilling to perform the requested operation.

Reason: The requester of this operation is invalid.

Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8

Details: The requestor's identity was not found.

>Go to Forefront Identity Manager home page

(The web page header does show the FIM logo, so the portal itself is there).

In the ForeFront logs on SPF1, I get the following:

Log Name:      Forefront Identity Manager
Source:        Microsoft.ResourceManagement
Date:          1/13/2015 5:48:08 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SPF1.testdomain.internal
Description:
GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft.ResourceManagement" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
    <EventRecordID>523</EventRecordID>
    <Channel>Forefront Identity Manager</Channel>
    <Computer>SPF1.testdomain.internal</Computer>
    <Security />
  </System>
  <EventData>
    <Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
  </EventData>
</Event>

Log Name:      Forefront Identity Manager
Source:        Microsoft.ResourceManagement
Date:          1/13/2015 5:48:08 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SPF1.testdomain.internal
Description:
Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft.ResourceManagement" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
    <EventRecordID>522</EventRecordID>
    <Channel>Forefront Identity Manager</Channel>
    <Computer>SPF1.testdomain.internal</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
  </EventData>
</Event>

Further, I note that it has trouble connecting to the web exchange connector.  I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for?  I'm connecting to "mail.testdomain.internal", although that's actually a NLB group between two CAS/HUB servers.
Log Name:      Application
Source:        Microsoft.ResourceManagement.ServiceHealthSource
Date:          1/13/2015 7:43:49 PM
Event ID:      12
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:     SPF1.testdomain.internal
Description:
The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.

Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
    <EventID Qualifiers="0">12</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
    <EventRecordID>7581</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SPF1.testdomain.internal</Computer>
    <Security />
  </System>
  <EventData>
    <Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.

Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
  </EventData>
</Event>

I'm not really sure where to start investigating at this point.  The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could be mistaken).

Hi,

We have an HR system that contains many different objects: Person, Position, Department, etc

Naturally the Person object allows us to create employees; the Position object allows us to create positions, etc. in the HR system.

We have imported the employees to FIM & FIM Portal.

Next we extended the FIM schemas, and now are importing the various Positions into the new Position object in FIM & FIM Portal.

The FIM Portal, however, will be used to create new 'contractors' that do not exist as records in HR. However, the Positions these 'contractors' will be assigned to are to be the ones imported from HR.

Can we therefore expose the Positions available in a drop down / object picker when creating /editing 'Contractors' in the FIM Portal? Also, when new Positions are created/updated/removed in HR, these should be reflected in this drop down/object picker.

If yes, is there an explanation/guide somewhere we could look at?

Thank you,

SK

hi all,

i will install FIM 2010 R2 SP1 with the evaluation copy, can i make it a licensed version with out uninstalling? also i want to deploy another copy as a DR is that possible with the evaluation copy and what about the license when i want to incense both sites, also i will use the SharePoint 2013 foundation version is this require a license also?

Thanks

Teka

Hi,

I am trying to import multi-value reference into FIM (Group object).

I can import all attributes from source SQL, except Multivalue reference (into members attribute on Group object).

I have defined schema like this:

$obj = New-Object -Type PSCustomObject
$obj | Add-Member -Type NoteProperty -Name "Anchor-axs_profid|String" -Value ""
$obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "role"
$obj | Add-Member -Type NoteProperty -Name "name|String" -Value ""
$obj | Add-Member -Type NoteProperty -Name "member|Reference[]" -Value ""
$obj

On source attribute I have members defined in one attribute, divided by ",". 

Import script:

$Obj = @{}

    $Obj.Add("objectClass", "role")
    $Obj.Add("[DN]", "Role_"+$Object.$("axs_profid"))
    $Obj.Add("axs_profid",   $Object.$("axs_profid").ToString())
    $Obj.Add("name", $Object.$("name").ToString())
    if($Object.$("member").ToString() -ne "")
    {
        [string[]]$members = $Object.$("member").ToString().Split(',')
        $Obj.Add("member", $members)
    }

    $Obj
    

When Full import is triggered, I get following error for roles with multiple users:

FIM Sync = staging-error

Event log = 

The server encountered an unexpected error in the synchronization engine:

 "BAIL: MMS(9588): d:\bt\32669\private\source\miis\shared\utils\libutils.cpp(7045): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\utils.cpp(229): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\nscsimp.cpp(5348): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\nscsimp.cpp(5753): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\nscsimp.cpp(686): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\csobj.cpp(12876): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\csobj.cpp(13976): 0x8023040e (The distinguished name is invalid)
BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\csobj.h(1252): 0x8023040e (The distinguished name is invalid)
ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(2018): ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(612): ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(647): Staging failed 0x8023040e: [21]ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncmonitor.cpp(2528): SE: Rollback SQL transaction for: 0x8023040e
Forefront Identity Manager 4.1.3559.0"

If I change the script to return only first member:

$Obj.Add("member", $members[0])

import is successfull and I can see referenced member in Group.

I have also tried to specify DN for both users and roles with the same outcome.

$Obj.Add("[DN]", "Role_"+$Object.$("axs_profid"))

I am using the latest version of  PSMA: 5.5

Thanks for your help guys!

Hello,

I am trying to use FIMto provision Distribution groups, but whenever I try to export new groups (created with FIM Portal), I get the following error: 

The certificate is valid (has 9 months left), and has been issued by a valid CA, but the CRL info on the Certificate is in LDAP Format, and apparently, the revocation list cannot be retrieved from the server (Server cannot be found).

I know I can bypass this problem when connecting to Exchange 2010 using PowerShell by including the following option: 

 -SessionOption (New-PSSessionOption -SkipRevocationCheck)

I have even added the host "myExchangeServer" to the WinRM trustedHosts configuration, but it did not work.

Is there any way to bypass the CertificateRevocationList checking with FIM for its Powershell Exchange Connection?

Hello,

In a POC environment, I installed the last release of FIM 2010 R2 with BHOLD modules.

I installed and configured BHOLD Self Service.

A manager of a specific OU can activate or revoke proposed roles for all managed users (the manager is a member of the supervisor role linked to this OU). This action can be done through FIM portal with the BHOLD Self Service navigation bar.

Unfortunately, when I check on BHOLD Core portal, roles are not added or deleted on users.

Does anybody know what it is necessary to check or to configure in order to synchronize all actions from FIM portal to BHOLD Core ?

I see a specific attribute on BHOLD roles called “Managed by FIM”?  Is this attribute important? What is the expected value in this attribute ?

Anything else ?

Moreover, in “Manage Users” tab of BHOLD Self Service, “Status request” is always empty.  Is it normal ?

Thanks for your help.

Greetings,

My Windows Azure Active Directory Connector management agent shows nothing under Connection Status. Is this normal? See attachment.

Thanks in advance

I need to develop an web service (which must be REST FULL ) which will do the following action on FIM Service DB using .NET C#

-Creating New Object

-Updating

-Deleting etc.

Can you please suggest how I can achieve this? Please do help here.

We are using the FIM Portal to manage "Manual managed" distributions  groups. My users want to be able to add AD DS contacts to their distribution groups via the FIM Portal. Currently I am syncing users/person and groups from AD DS to FIM Portal. In the FIM MA, I do not see a object type for contacts. How can I do this?

Thanks,

Steve

Hi.

My config is as follow.

windows 2012 R2

FIM 2010 R2 sp1

Sharepoint Foundation 2013

I have followed this guied to install my portal http://www.harbar.net/articles/fimportal.aspx

after all is installed and I try to access https://FIMPortal.Domain.com/IdentityManagement/ I get a Service is not Available.

After changing some web.config files and geting alot mor in the log I found this.

<E2ETraceEvent xmlns="<System">http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="<EventID>0</EventID><Type>3</Type><SubType">http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>0</EventID><Type>3</Type><SubType Name="Verbose">0</SubType><Level>16</Level><TimeCreated SystemTime="2015-01-14T21:56:24.3641921Z" /><Source Name="Microsoft.ResourceManagement" /><Correlation ActivityID="{f5c9df9c-de11-3019-e85e-c6f2da7b5263}" /><Execution ProcessName="w3wp" ProcessID="3404" ThreadID="13" /><Channel/><Computer>FIM1</Computer></System><ApplicationData>BrandBar.BrandTableConfigurationModel.TryInitializeUsingConfigurationModel: Error Retrieving PortalUIConfigurationModel Values:Object reference not set to an instance of an object.<System.Diagnostics xmlns="<LogicalOperationStack></LogicalOperationStack><Timestamp>125474445197</Timestamp><Callstack">http://schemas.microsoft.com/2004/08/System.Diagnostics"><LogicalOperationStack></LogicalOperationStack><Timestamp>125474445197</Timestamp><Callstack>   at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)&#xD;&#xA;   at System.Environment.get_StackTrace()&#xD;&#xA;   at System.Diagnostics.TraceEventCache.get_Callstack()&#xD;&#xA;   at System.Diagnostics.XmlWriterTraceListener.WriteFooter(TraceEventCache eventCache)&#xD;&#xA;   at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message)&#xD;&#xA;   at Microsoft.IdentityManagement.Logging.IdentityManagementTraceSource.ReportTrace(TraceEventType traceEventType, Int32 eventId, String message)&#xD;&#xA;   at Microsoft.ResourceManagement.Utilities.LoggingManager.WriteTraceMessage(TraceEventType eventType, EventIdentifier identifier, String message)&#xD;&#xA;   at Microsoft.ResourceManagement.Utilities.LoggingManager.TraceMessage(String msg, String source)&#xD;&#xA;   at Microsoft.IdentityManagement.WebUI.Controls.BrandBar.BrandTableConfigurationModel.TryInitializeUsingConfigurationModel()&#xD;&#xA;   at Microsoft.IdentityManagement.WebUI.Controls.BrandBar.get_Model()&#xD;&#xA;   at Microsoft.IdentityManagement.WebUI.Controls.BrandBar.get_BrandTable()&#xD;&#xA;   at Microsoft.IdentityManagement.WebUI.Controls.BrandBar.CreateChildControls()&#xD;&#xA;   at System.Web.UI.Control.EnsureChildControls()&#xD;&#xA;   at System.Web.UI.Control.PreRenderRecursiveInternal()&#xD;&#xA;   at System.Web.UI.Control.PreRenderRecursiveInternal()&#xD;&#xA;   at System.Web.UI.Control.PreRenderRecursiveInternal()&#xD;&#xA;   at System.Web.UI.Control.PreRenderRecursiveInternal()&#xD;&#xA;   at System.Web.UI.Control.PreRenderRecursiveInternal()&#xD;&#xA;   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)&#xD;&#xA;   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)&#xD;&#xA;   at System.Web.UI.Page.ProcessRequest()&#xD;&#xA;   at System.Web.UI.Page.ProcessRequest(HttpContext context)&#xD;&#xA;   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()&#xD;&#xA;   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)&#xD;&#xA;   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)&#xD;&#xA;   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)&#xD;&#xA;   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)&#xD;&#xA;   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)&#xD;&#xA;   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)&#xD;&#xA;   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus&amp; notificationStatus)&#xD;&#xA;   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus&amp; notificationStatus)&#xD;&#xA;   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)&#xD;&#xA;   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)</Callstack></System.Diagnostics></ApplicationData></E2ETraceEvent>

After analysing this I found : BrandBar.BrandTableConfigurationModel.TryInitializeUsingConfigurationModel: Error Retrieving PortalUIConfigurationModel Values:Object reference not set to an instance of an object.

Dos anyone have any idea how to fix this or what I have done wrong ending up with this...Done the installation about 5 times now with same result.

Thx for any ideas

//Håkan

May the sword be true!

Greetings,

So I have two FIM servers in my organization, one in NZ that was built a few years back and a new server in the US that was built just recently. The Azure management agent from NZ works just fine, but the Azure management agent in the US doesn't synchronize at all. As proof, I ran the US synchronization and it showed a status of success, but no entries in the Synchronization Statistics panel. OTOH, when I ran the NZ synchronization immediately after the US synchronization, it too gave a result of success, but this time there were entries in the Synchronization Statistics panel (Unchanged, Adds, Updates, Disconnectors, Connectors with Flow Updates and Connectors Without Flow Updates).

The MA in the US was built using an import of the MA from NZ and they're identical, with the exception of the NZ MA uses a different account than the US MA does.

Has anyone ever heard of this? It's important to get this resolved as we're looking to retire the NZ server. I should point out that the AD MA works perfectly.

Thanks in advance.

I deployed the SSPR client on 1000's of workstations.  However a handful of users have never been able to get through the registration process successfully.  That being that they can access the SSPR Web registration via browser and complete the task.  But when they attempt to login to their wkst every morning the SSPR client gives them the "Could not Connect to Password Rest Service, wait one minute and try again"

I turned on detail logging and this is the output - any advice would be appreciated

Adding ldap groups to AD but also want to populate them with members. The LDAP conn. space has the attribute "memberUid" (type string - multivalue)) and this contains all members (only contains the members accountname). How can I get those names into the MV? I tried a flow definition from "memberUid" to "members" but that doesn't work (string to reference error). What would be the best approach???

Thanks

M.A.

HI,

I am Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2,

Before SharePoint Foundation 2013 installation I installed all prerequisite software that is required for SharePoint Foundation 2013 but when we run SharePoint Foundation 2013 setup that gives below error so I am requesting you please help on this.

Setup is unable to proceed due to the following error(s):

Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.

Regards

Anil Kumar

Hi,

I have a bhold setup where there are list of 600 OUs.

Have provisioned all the OUs into BHOLD Core and the parent attribute is set in as the objectidentifier of the parents.

This is achieved using FINDMVutils.

But when i am exporting only 540 OUs are correctly placed under their parents but there are list of 60 OUs which are not placed correctly under their parent OU instead they are place under ROOT ou as their parent OU.

The error when importing after export reads "export change not reimported".

I have checked for issues but still not able to get any help.Can anybody guide me what is the problem.

i have referred the link https://social.technet.microsoft.com/Forums/en-US/484a701c-7a40-4492-9b0d-f4da4fc17bd2/bhold-import-errorwarning-exportedchangenotreimported?forum=ilm2 but cant understand the reply.

shakti

Hi,

I have in FIM a Person object with several attributes I would like to group.

The person object has a lot of attributes like: entity1phone,entity1mail, entity2phone, entity2mail, ...entity10phone, entity10mail.

I would like to have an Person object with a collection of Entity objects where the entity object should have the attributes phone and mail.

Can I do this? How?

Many, many thanks,

DD

I added a new custom resource in FIM portal. I added 5 attributes to it. FIMMA refresh schema is not reading the new schema. It says schema is uptodate. I tried IIS reset and even all server restarts. What am I mising?