Need registry enrty open all shortcuts in internet explorer from Microsoft edge
Need registry enrty open all shortcuts in internet explorer from Microsoft edge
↧
↧
Receiving erron when closing Sync Service Client ( MIISClient) after MIM SP2 upgrade. How to solve?
Hi,
I've upgrade Mim Sync service from SP1 version 4.5.202.0 to SP2 version 4.6.34.0
After this upgrade if I close Sync Client (MiisClient) from Metaverse Search tab or from Joiner Tab, I obtain following error
Searching in event viewer I found this error:
Application: miisclient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at Microsoft.DirectoryServices.MetadirectoryServices.Schema.Schema.Dispose()
and
Faulting application name: miisclient.exe, version: 4.6.34.0, time stamp: 0x5da0aa73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff9b45b98d3
Faulting process id: 0xfe8
Faulting application start time: 0x01d6be5a4cad7cd1
Faulting application path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\UIShell\miisclient.exe
Faulting module path: unknown
Report Id: cfdf6463-2a4d-11eb-80d4-0050568432aa
Faulting package full name:
I try to upgrade to august hotfix (version 4.6.263.0) but problem persist
Have you also this trouble?
How to fix?
Thank you.
Best Regards
Luca.
↧
MIM SSPR Users Created in AD and flowed to portal get error 3001 on reset
Hello Everyone,
i'm having an issue with mim sspr i hope someone can help.
so i've set up SSPR on mim 2016 with OTP
when i create a user in the portal all is okay, i get the mail,then access the reset password which sends me an otp and i can change the password,
now if i create a user in active directory and flow it to the portal,
i see all the correct workflows being executed, and i get the first email that sends me to the password reset portal, and when i enter the username of the person i want to reset the password to i get an error
Access Denied
Ensure you enter your user name correctly. If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001)
any idea on what i am missing ? i thought about the objectSID, and i am flowing it to MIM....
thanks
Hitch Bardawil
↧
Refund from Microsoft Office 365
I am a student and found out I can get Microsoft Office for free. I would like a refund back for this new subscription.
↧
Why doesn't this filter work on a set?
This is the filter: /Group[((MembershipLocked = 'true') and ((ExplicitMember = /Person) or (ExplicitMember = /Group)))]
I also tried this, to fit the boolean format used in the portal: /Group[(MembershipLocked = True) and ((ExplicitMember = /Person) or (ExplicitMember = /Group))]
It works fine with export-fimconfig, but I can't set it as the filter value for a set. But when I try to submit it as a set filter, it returns:
Error processing your request: The server was unwilling to perform the requested operation.
Reason:
Unspecified.
Correlation Id:
ba539635-0782-4ae8-a772-7efd6c87bcd8
Details:
Request could not be dispatched.
Is this getting caught by the unsupported definition "Sets cannot reference the membership of Group resources"?
My goal here is to get a set of all dynamic groups with static members. Is there another way to do that?
↧
↧
Microsoft intune with domain joined computers
Hey everybody,
I have got a question from my customer which I didn't find answer in Microsoft documents, so I hope I find it here from more experienced guys.
If there is a computer enrolled with Intune and he is domain joined as well (I know its kinda contradict itself), and both of the them have password complexity policy (not windows hello from intune),
Which one is overtaking over the other?
↧
Azure AD Bulk Enrollment of Devices
Hello everyone,
I was just experimenting some feature of enrollment of windows 10 devices. In particular, the ability to join multiple devices to Azure AD using the windows configuration designer to create a provisioning package to do the work for me.
I've noticed that when the job is done, the provisioning process create automatically an Azure AD user to which is assigned the device just enrolled. Here's an example (edit: I can't add images since i'mnew to this forum and my account isn't verified)
I can't find any references about that so i've decided to ask here in the forum to see if anyone have noticed the same thing and have some suggestion to avoid this behavior
Thank you all for the answers,
Sincerely,
Raffaele
↧
Privilege Access Management - Use Azure MFA to activate PAM
Hi,
I'm trying to activate MFA to use with Microsoft PAM. I'm referring to this link to activate it: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/use-azure-mfa-for-activation
However, the steps outline in the link was not consistent with the navigation in the Azure portal. Here is the step:
1. Open a web browser and connect to the Azure classic portal as an Azure subscription administrator.
2. In the bottom left hand corner, click New.
3. Click App Services > Active Directory > Multi-Factor Auth Provider > Quick Create.
4. In the Name field, enter PAM, and in the Usage Model field, select Per Enabled User. If you have an Azure AD directory already, select that directory. Finally, click Create.
I cannot find the "Quick Create" button in the MFA blade. Screenshot as attached. Can someone points me to the right direction on how to set this MFA with PAM? Appreciate the help.
Regards,
AK
I'm trying to activate MFA to use with Microsoft PAM. I'm referring to this link to activate it: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/use-azure-mfa-for-activation
However, the steps outline in the link was not consistent with the navigation in the Azure portal. Here is the step:
1. Open a web browser and connect to the Azure classic portal as an Azure subscription administrator.
2. In the bottom left hand corner, click New.
3. Click App Services > Active Directory > Multi-Factor Auth Provider > Quick Create.
4. In the Name field, enter PAM, and in the Usage Model field, select Per Enabled User. If you have an Azure AD directory already, select that directory. Finally, click Create.
I cannot find the "Quick Create" button in the MFA blade. Screenshot as attached. Can someone points me to the right direction on how to set this MFA with PAM? Appreciate the help.
Regards,
AK
↧
TMG 2010 disable tls 1.0 and 1.1 - error 64
Hi
For security reasons we are disabling tls 1.0 and tls 1.1 in the webservers.
Disabling the tls 1.0 and tls 1.1 in windows 2019 (using IIS), then restarting, makes the website return error 64 with public names, publish by TMG.
If I access the internal webserver name, I can reach the website with no error.
For me the problem is in the TMG, for some reason cannot resolve the TLS.
note: in the TMG the tls 1.2 is active, because when i access the website in the browser indicates the connection encrypted of the type tls 1.2.
Can someone help please?
Best regards
Joaquim Costa
↧
↧
Modify MPR grants Read on Objects
Good day together
I have the problem on a MIM 2016 SP2 with hotfix 4.6.355.0 that I have cleanly separated read and change MPR's on the objects.
I noticed that the Modify MPR's without read operation automatically always allow to read the attribute.
Is this a normal behaviour, I always thought that for modifying attributes both read and modify must be enabled on the Permission Granting MPR?
If this was the case in the past, since when has it been changed?
Does anyone here have similar behavior or more information for me?
KR Mario
I have the problem on a MIM 2016 SP2 with hotfix 4.6.355.0 that I have cleanly separated read and change MPR's on the objects.
I noticed that the Modify MPR's without read operation automatically always allow to read the attribute.
Is this a normal behaviour, I always thought that for modifying attributes both read and modify must be enabled on the Permission Granting MPR?
If this was the case in the past, since when has it been changed?
Does anyone here have similar behavior or more information for me?
KR Mario
↧
Transition-In MPR's are fired delayed until FIM_MaintainSet Job is running
Good day together
On a MIM 2016 SP2 with hotfix 4.6.355.0 I have the problem that sometimes the Transition-In MPR does not work anymore when changing objects, but is only processed once nightly.
The problem can be solved by running the FIM_MaintainSet jobs on the SQL Server. After that the problem is solved for an indefinite period of time, but it reoccurs again in undefined intervals.
On the customer environment, this naturally leads to business processes being executed late.
Does anyone here have similar behavior or more information for me?
KR Mario
On a MIM 2016 SP2 with hotfix 4.6.355.0 I have the problem that sometimes the Transition-In MPR does not work anymore when changing objects, but is only processed once nightly.
The problem can be solved by running the FIM_MaintainSet jobs on the SQL Server. After that the problem is solved for an indefinite period of time, but it reoccurs again in undefined intervals.
On the customer environment, this naturally leads to business processes being executed late.
Does anyone here have similar behavior or more information for me?
KR Mario
↧
Microsoft Outlook Office 365 Personalized email not receiving messages
I purchased a personalized email via Office 365 from GoGaddy. This email can send emails, but not receive emails. I contacted support and the result is they could not resolve the issue. Instead advised me that the issue would be escalated to Tier 2 team who would call me to resolve the issue. The call back was confirmed by the agent. To date, I have received no call back. Microsoft Support team, this sucks!
I am most definitely not impressed!!
↧
PS script to notify if user count is greater than 100 in specified OU
Hello,
I'm new to PS scripts. could any one of you help me to get this corrected.
I need a script to notify if the user count is greater than 100 in an specified OU.
$Users = (Get-ADUser -SearchBase "OU=Test,DC=Test,DC=Com" -Filter * ).count
if (($Users.count -ge 100).count)
{
Write-Host " New user count is" $User .count
}
I'm getting incorrect output instead of the actual one. could you help me to correct me ?
Thanks
↧
↧
ADFS authentication error
Good night. I have a site to login with adfs SSO
I have already created the Relying party trust, but when I try to authenticate I receive thi message.
invalid_response Invalid issuer in the Assertion/Response. Was 'http://adfshom.meusite.com/adfs/services/trust', but expected 'https://adfshom.meusite.com/adfs/services/trust'
What can I do?
↧
Deprovision on deletion from Data Source
HR provides me with a SQL table that contains all active employees. New employees are imported and accounts are provisioned in AD, Google, etc.
My problem is that once they are no longer active, they stop showing up in the HR table. At this point I need to disable and eventually delete accounts but I'm not sure where I need to put the deprovisioning code as the original authoritative connector (in the HR table) no longer exists. Can I trap on the delete detection on the import?
I basically need to populate a "when deleted" field in the MV once the object no longer exists in the HR data source. Once that is populated I can handle the rest of it.
↧
Sychronise security groups in ADFS
Hello Team,
Is it possible to enable synchronization for security and distribution groups via ADFS.
Kindly assist as we are looking to enable this for one our application(ERP) requirement.
Regards,
Mukund
↧
Support for multiple users logging to Azure AD B2C external IDP from the same computer
Hello,
We have a hybrid application that is first asking users to enter their email address, then based on whether their email domain supports the Federated Authentication feature we direct them to Azure AD B2C login. If it doesn't we ask them for their internal application username and password stored in the database. We are not using B2C "local accounts" feature, only external IDPs. Currently we only support Azure AD as external IDP, but we are planning to introduce others. Since we only support one IDP per customer we are using direct-sign-in and passing user's email as login_hint and their email domain as domain_hint in MSAL.js call. Domain_hint is then mapped in custom policies to their Azure AD tenant sign-in user flow. So users are not presented by the B2C screen, but are taken directly to the external IDP login.
We want to support SSO and are using "tenant" scope, so that if user signs out of our app they are not signed out of their respective Azure AD and can still use it with other applications.
The issue is that if a user workstation is shared by multiple employees, which is a very likely scenario with our customers, if one user logs out of their application and then 2nd user tries to login, although I can see their tokens deleted from local storage, they are still able to sign-in with previous user token, without even being presented with a login prompt.
Is there a setting in MSAL.js or custom policies that would prevent that? I tried using prompt: 'login', but it didn't help, and then I read that it's not supported for external IDP providers in B2C.
Any suggestion would be welcome.
↧
↧
Remove Sign-in with another account link from Azure AD login
Hello,
We have a hybrid application that is first asking users to enter their email address, then based on whether their email domain supports the Federated Authentication feature we direct them to Azure AD B2C login. If it doesn't we ask them for their internal application username and password stored in the database. We are not using B2C "local accounts" feature, only external IDPs. Currently we only support Azure AD as external IDP, but we are planning to introduce others. Since we only support one IDP per customer we are using direct-sign-in and passing user's email as login_hint and their email domain as domain_hint in MSAL.js call. Domain_hint is then mapped in custom policies to their Azure AD tenant sign-in user flow. So users are not presented by the B2C screen, but are taken directly to the external IDP login.
The issue is that even though we prefill the email on the Azure AD based on the login_hint parameter, users can still pick Choose Another account option and then enter the email that doesn't match the 1st email prompt in our application screen. Is there a way to disable the option of choosing another account via custom policies?
↧
Cross-forest users' profile access
hello ,
currently we have a forest A where citrix VDI solutions are implemented and users are configured (via GPOs) to use roaming user profiles and folder redirect which are all stored in a fileserver cluster. we are doing a crossforest migration to forest B using ADMT and native exchange scripts. the goal is we want a migrated user(forest B) to log on Remote desktop session host on old domain (forest A) and access their user profiles and folders which is still on fileserver on forest A. all users are migrated with sidhistory.
i have configured GPOs in new forest to configure roaming profiles and folder redirections to point to the same location (fileserver in forest a) . also enabled policy allow cross-forest policy and roaming profiles. still when a migrated user logs in (forestB\user) i receive an error ,failed to locate roaming profile and local copy is used.
how can we achieve this scenario , i though that because sid history is migrated ,that the migrated user will have the same permissions to access profile and folders as the source user is (forest A\user)
apperciate your help
↧
Never used Authentication app
my laptop wants me to scan from my smartphone from the laptop screen i just using app for first time. My identity has been stolen. I'm doing security updates
↧
More Pages to Explore .....
