Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

Unable to Sync the User Objects / Password Sync using an Azure AD connect. Failed to from past 3 days.

July 20, 2020, 8:38 am
$
0
0

Any ideas, what could be the issue. I tried changing the proxy as well.

Error Details

Scheduler::GetCurrentSchedulerSettingsWithRetry : GetCurrentSchedulerSettingsWithRetry failed.
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed ---> System.Net.WebException: The remote server returned an error: (501) Not Implemented.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse.<CreateByDiscoveryAsync>d__0.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalServiceResource)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance adalServiceResource)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeDependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString userPassword)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.InitializeProvisionHelper()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initialize()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCompanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsSerialized, Char** errorString)
ErrorCode: user_realm_discovery_failed
StatusCode: 0
Will retry in 15 seconds.

Thanks

pavan ch

Search

Active Directory Federation server 2012 R2 MSSQL$MICROSOFT##WID Error

July 22, 2020, 6:47 pm
$
0
0

HI

Due apology if I have not picked the right forum, I was unable to find ADFS amongst the list. 

Can some one help on this error started to appear from 3rd of July 2020 on the Primary ADFS 3 server. The ADFS farm is running on WID. Looking at https://social.technet.microsoft.com/wiki/contents/articles/36454.ad-fs-3-0-for-windows-server-2012-r2-wid-configuration-fails-with-cannot-start-service-mssql-microsoft-wid.aspx

it seem like a permissions issue but nothing is changed since. And the server seem to be running fine. The ADFS service seem to be running fine too. It is just that Un-pleasant error in event log. 

++++++++++++++++++

Event ID 28005

Source MSSQL$MICROSOFT##WID

Log: Application

Message: An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.

+++++++++++++++++++++++++++++

Many thanks

Sa

NSW DECC

I need a VB snippet for MA extension to write a generalizedTime custom attribute in the AD

July 24, 2020, 12:20 am
$
0
0

Hallo,

I need to write a custom attribute 'birthDate' in generalizedTime format like yyyyMMddHHmmss.0Z in the AD. Can someone help?

GH

Rules Extension Attribute Import Multi-Value

July 24, 2020, 1:13 pm
$
0
0
Hey, when a multi-valued attribute is changed in import the sync engine show's what was added or removed. How can I access these changes in a rules extension?

PCNS across trusted domains not working

July 27, 2020, 1:09 am
$
0
0

Hello,
we have a scenario with three ad domains:

Domain A: PCNSSVC installed, MIM server is member
Domain B: PCNSSVC installed
Domain C: PCNSSVC installed

The trust-type between A and B is "external" and transitive=no
The trust-type between A and C is "Forest" and transitive=yes

Password changes in Domain B are successfully delivered to the MIM server in Domain A.

Password changes in Domain C are not delivered. We get the following mesage in the eventlog on the DC:
Status is 5 - Access denied

In general we have in both domains B and C a service account with a SPN configured.

The firewall between Domain A and Domain C is completely open for communications between the DCs and the MIM server.

Does anybody give me a hint, why Domain C is not working?

Regards, Christian


Create an object specifying the ObjectID

July 27, 2020, 1:43 am
$
0
0

Hi,

I would like to create an object in the FIM service specifying the ObjectID.

I tried with the PowerShell snapin and the .NET client, I get no errors if I specify the ID but it looks like the value is ignored.

Is this possible at all somehow?

Thanks,
Paolo

Paolo Tedesco - http://cern.ch/idm

MIM 2016 SP1 Installation failed due to "Database cannot be populated"

July 30, 2020, 7:30 am
$
0
0

The installation ran half way and an empty power shell dialogue popped out and the error message says, "".I have added all the service accounts and administrator to be the sysadmin of my SQL server and my share point site collection is configured properly and installed all the prerequisites needed. I really can't figure out what else to do in order to install it. 

The first error i got is "Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding". I configured the SQL server and set the timeout to 0 which is unlimited. This solved the error but the second error I got was "MIM database could not be populated".

Please help me out, I'm stuck here for almost 2 weeks and this is for my school assignment...would really appreciate any advice. Thank you for reading.

Uninstall MIM 2016 Service & Portal Manually

August 4, 2020, 1:47 pm
$
0
0

Hello There,

I require some assistance on how to manually uninstall MIM 2016 Service & Portal. I have tried several approach including the URL below, but MIM 2016 would not just uninstall. Appreciate Ideas on how I can get to do this to enable me do a clean install of the MIM 2016 Service & Portal on the same Server

https://social.technet.microsoft.com/wiki/contents/articles/37711.mim2016fim2010-troubleshooting-uninstall-fails-with-error-administrator-privileges-required.aspx.

Thanks

Akinzo

Search

Notify Managers of Contractors x days before employee end date

August 4, 2020, 6:07 pm
$
0
0

I am using the MIM WAL that allows to send notification after x days from the start of a particular date. However, I am struggling with defining a set that allows me to say x days before a particular date.

My scenario is that the employee end date has been set. I need to send a notification 14 days prior to the employee end date to the manager that the contractor they are managing is going to have the contractor account disabled.

Appreciate any help, :-).

Role & Impact of Identity Access Management (IAM) in Digital Transformation

August 4, 2020, 11:21 pm
$
0
0

Hi,

I want to explore the upcoming future of Identity Access Management (IAM) in the API Economy and Digital ROI. I want to know what is the main purpose of using IAM in businesses and its role in digital transformation. At this time security is too much important for all small mid size enterprises. So at this point my question is:

What is the right business solution to manage digital identity and how IAM could play its role in an API economy?

John


How to connect or test ldap server connection in windows through command prompt or Powershell cmdlet without GUI

August 7, 2020, 1:34 am
$
0
0

In our company infrastructure we have an ldap directory service hosted. Currently I'm using Ldap tool to connect to ldap directory service to search for the records.

Now I have a task to modify few attributes for several users. Manually its taking lot of time to update the attributes. I'm looking to develop a script where i can connect to ldap server and traverse the directory tree to modify attributes. I have searched in internet for any command in windows to test connectivity to server could not find any command in windows

Kindly request anyone to help me with any available command in windows or any powershell module to use for ldap connection and search the records like Get-ADUser or Get-ADObject.

Use Microsoft Identity Manger without Sharepoint

August 7, 2020, 6:40 am
$
0
0

Hello all,

We are looking for documentation or PowerShell command which will permit to use MIM 2016 like it was with MIIS 2003 (we will replace it by MIM2016). 

By looking on internet we could see that SharePoint is needed if you need the user portal. In our case we just need to synchronize some user account from a source domain to another destination domain. Nothing more nothing else. Just keep the very basic usage like it was with our usage of MIIS2003.

Should some of you have knowledge with this kind of setup path? Maybe some documentation which will permit to configure the synchronisation /provisioning rules, ….?

Thanks to all of you for your contribution with this topic.

Best regards,

Al.

Oracle MA throwing an error with Schema mismatch for specific tables.

August 10, 2020, 6:44 am
$
0
0

I have configured OOB Oracle MA to connect with a database. MA is working fine for other tables except for one where it throws failed Connection Schema out of date error when importing/exporting.

I have tried doing schema refresh. Didn't work.

I did tried creating new MA altogether . Didn't work.

Had anyone faced this issue?

Thanks and Regards, Siva Kumar Balaguru

MIM 2016 SP2 4.6.258.0 and deadlock issues on portal export

August 10, 2020, 9:55 pm
$
0
0

I am aware that there is a hotfix 4.5.286.0 that fixes deadlock issues. However, I am already on 4.6.258.0. As a matter of fact, this is a fresh install of MIM 2016 SP2 4.6.34.0 and hotfix 4.6.258.0.

The deadlock error is as follows:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&gt; System.Data.SqlClient.SqlException: Reraised Error 1205, Level 13, State 51, Procedure fim.CalculateRequestSetTransitionsStatementEvaluation, Line 153, Message: Transaction (Process ID 95) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

As of right now, I have not added any Sets, Workflows or MPRs, other than few MPRs that give permissions. What do I have in the portal, is more than 50 000 users and more than 3000 criteria-based security groups.

I have also tweaked miiserver.exe.config and Microsoft.ResourceManagement.Service.exe.config.

<resourceSynchronizationClient asynchronous="true" aggregate="true" aggregationThreshold="8" delayUpdateAcknowledgements="true" exportRequestsInProcessMaximum="4"/>

<resourceManagementService externalHostName="mimtest.domain.org" maxSimultaneousSynchronizationRequests="2"/>

However, deadlock errors happen unless I disable asynchronous. SQL Server is version 14.0.3335.7, which is the latest available update for SQL Server 2017.

Please, does anybody have any idea why is this happening and how I can solve the problem?

"PWReset activity could not connect to the directory"

August 12, 2020, 3:43 am
$
0
0

I ran into issue in changing password via SSPR. Everything else works fine

The error in the web portal says:

"Error while attempting to reset password"

On event viewer in the server side, a bunch of error shows up:

Failure to connect to FIM Service
The web portal failed to connect to the FIM Service.

Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
Details:
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)

and also

PWReset Activity could not connect to the directory.

The only hint I got from searching is to check if:

Run this rules extension in a separate process is not checked --> YES

Enable password management is checked --> YES

My environment:

  • Microsoft Forefront Identity Manager 2010 R2
  • FIM Service and FIM portal run in the same server
  • Database is external server
  • All permission has been granted, I even add all the MIM/FIM related accounts to domain admin level
  • Everything else running fine except the password reset portal

Not sure what cause it, it used to work in the past and no change has been done except windows update applies to the server OS (windows server 2012 R2)

Please advise...need this to work again

Search

Automating Web login in domain/non-domain mixed environment

August 12, 2020, 3:32 pm
$
0
0

Hello There,

I have a technical issue and want to get your advice.

We have an IIS ASP.net service (home developed) running in a domained(Active Directory) PC.

And there is another web service (commercial program) running in the same machine.

Both web services are running under Default Web Site.

Version is 2019 Win Server Standard (1809 OS build 17763.107) + IIS (10.0.17763.1).

 

The ASP.net pages have an iframe box linking to one of the web pages from commercial program.

Users are coming from standalone or different domain computers.

For the full functionalities, two steps of login process are required.  Commercial web program is operating based on domain users.  Whereas, the first login (ASP.net) is not bound to domain. So users have to key in two different user/password.

We want to automate the 2nd login process. Having the user/password information from the 1st login, we can do mapping to predefined domain user and send the information before the 2nd login window comes up. Is it possible ?

I googled to find some relevant information such as ISAPI, LDAP, request and cookies, POST, PhantomJS .. But I am not sure about how one of these can be utilized to achieve my goal.

Any comment on this issue would be appreciated.

Thank you in advance.

FIMMA Export Failing for ADD Users to MIM

August 13, 2020, 12:34 am
$
0
0

Hi All,

I am getting a strange issue where the users created in AD are getting failed to be created in MIM Portal.

a- User is created in An and gets successfully in the ADMA connector space.

b- The user  also gets created with all the attributes in Metaverse.

c- On FIMMA export it fails with the following exception.
All MPR's are enabled, mandatory attributes have values, read write permissions on all attributes have been given.

On doing a commit preview for a following record i get the following errors.

The object type gets deleted automatically which should be "Person" as is the case for existing users. Its not adding the value "Person" implicitly and this is done automatically.

It deleted the FIMMA connector space automatically in the 3 snapshot. The snapshot shows the sequence of commit preview for one of the records.

a- 

From The FIMMA export error for the record. Generic error

proxyAddresses with MIM and Azure AD Connect

August 13, 2020, 4:38 am
$
0
0

Hello all,

I've been mulling over a solution for controlling secondary SMTP addresses for users that go through a name change in MIM. On a name change, I rebuild the proxyAddresses attribute, shuffling the former Primary SMTP address to the secondary, and setting the new Primary.

I'd like to accomplish two things:

  • Track users in a temporal set who have been given a secondary SMTP address, and remove it after X days to prevent mail delivery collisions (I am avoiding conflicts by checking proxyAddresses in my LDAP query where i build the unique values)
  • "Flow once" the proxyAddresses value out to AD, but not control the attribute moving forward - rather, let Azure AD Connect build the rest of the values based on the values flowed by MIM.

I'd love to hear what people think a graceful solution to this would be!

Unable to configure Password Write back in Azure AD Connect server

August 14, 2020, 10:21 pm
$
0
0

Team,

we followed below article to configure Password write back in our Environment and it is getting failed with Below errors.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

Error from Azure ad Logs:

Failed to configure password write-back (True) for connector

Server detected an invalid configuration (Error HRESULT E_FAIL has been returned from a call to a COM component.). AAD Password reset configuration may be in an invalid state. Try removing the configuration.

Additional Info:

Using cloud account account and it has Global admin permssion and has required prerequisites license.

any Help would be appreicated,. 

Srinivasa K

unable to create task schedule policy in 2016 server . MMC crashing again and again

August 18, 2020, 8:11 am
$
0
0
unable to create task schedule policy in 2016 server . MMC crashing again and again
Viewing all 4767 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>