I am using the script from the following link, with the variables set to my environments.
Everything seems to work until the last part "Import-FIMConfig" where it fails due to the following error message at the bottom of this post. I know it has something to do with the account I am using (called FIMInstall) but I can't figure out where it does not have permissions to do this. I have read elsewhere to check the MPR "Security Group Management: Users can create Static Security Groups" and make sure FIMInstall is listed under the Requestors "Specific Set of Requestors". There is a group there, which FIMInstall is confirmed in. This MPR is also enabled. Screenshots below.
Any ideas what I am doing wrong? I tried running Powershell as Administrator and as FIMInstall and get the same message regardless.
Import-FIMConfig : Failure when making web service call. SourceObjectID = c21b0e01-faba-4eed-90b0-b8aa3b22f003 Error = Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedExcepti on: Policy prohibits the request from completing. ---> Microsoft.ResourceManage ment.WebServices.Faults.ServiceFaultException: Policy prohibits the request fro m completing. at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Mes sage request) at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Cre ate createBody, Guid identifier, String synchronizationSequenceIdentifier) at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateRe source(Guid identifier, String synchronizationSequenceIdentifier) --- End of inner exception stack trace --- at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateRe source(Guid identifier, String synchronizationSequenceIdentifier) at Microsoft.ResourceManagement.WebServices.ResourceManager.CreateResource() at Microsoft.ResourceManagement.Automation.ImportConfig.Create(String object Type, List`1 changeList) at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing() At C:\FIMScripts\MassGroupCreate.ps1:87 char:31 + $newGroup | Import-FIMConfig <<<< -uri $URI + CategoryInfo : InvalidOperation: (:) [Import-FIMConfig], Invali dOperationException + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automa tion.ImportConfig