Hello All,
I want to query Forefront Identity Manager and using Lithnet.ResourceManagement library to communicate with FIM portal.
I am installing this package through nuget package Manager. On successful installation it also adds "Microsoft.ResourceManagement" assembly by itself. On building the solution, a version conflicting error appears with respect to "Microsoft.ResourceManagement". Unable to get a workaround for this issue. Please provide suggestions.
Thanks,
Sanket
Hello all,
I am creating a page where i am displaying whether the user is subscribed for a group or not and then providing appropriate options to subscribe or unsubscribe a group on Forefront Identity Manager . The point where I am stuck is how to know whether the already made request is in pending status or not. I want to show 'pending' tag for the above mentioned scenario. Is there any C# method or code to achieve this. If not please provide an approach on how to implement it.
Hit this oddity when hooking up a customers AD to MIM 2016.
Some of the User Accounts have embedded CRLF in either their streetAddress or description attributes.
When exported to the FIM/MIM MA the Description or StreetAddress attribute of MIM loses a character. It is hard to see just which one.
On a sync from AD I get this (outbound to MIMMA)
Modify Description OldValue: ABC123<XYZ New Value: ABC123<>XYZ
Modify StreetAddress Old Value: addressline1<addressline2 New Value: addressline1<>addressline2
I try to represent the screen representation of the unprintable char with the < and > chars above.
I guess these characters are preserved if I was to export that data string to a DataBase, but something fishy is going on in MIM.
How do I prevent MIM from stripping a CR or LF ????
I managed to clean all the telephoneNumbers containing just a single blank which caused an export-not-imported error, but I didn't expect an internal trim.
In the old days, before AD, LDAP v3 street attributes were $ delimited address line so no need for line feeds. I know this is not such a big deal except for the vast amount of unnecessary processing and data transfer.
Hello all,
I am unable to add the service references in my console application which are basically WCF endpoints for interacting with Forefront Identity Manager. Unable to figure out the reason.Provide suggestions.
Hello All,
I am trying to start User Profile Synchronization service but having no luck. It stucks at 'starting' status.
I am running the UPS service as Farm Account.
Farm Account is a member of local Administrator group.
I have tried several approaches but none seems to be working. Provide suggestions.
Hi,
Please I need help, because I cannot see information about my users in MIM 2016 Portal, however when I query the FIMSynchronizationService database, I can see that the information in the Attributes are inserted.
MIM Portal:
FIMSynchronizationService DB:
Could you help me please to know, why I can't see the users in the MIM Portal?
Thank you Guys.
Hello all,
I figured out that my Forefront Identity Manager service is not running.
Is it the reason because of which I am unable to interact with the FIM portal through code.
I'm having an issue with MIM AD Group members get dropped off from MIM sync , when particular user not in same AD containers that MIM is connected . seems to me MIM is not ware of this users not in other OUs!!
Is there any workaround to manage AD Groups members that not a MIM user?
Thanks in advance .
CJ
I'm having an issue with MIM AD Group members get dropped off from MIM sync , when particular user not in same AD containers that MIM is connected . seems to me MIM is not ware of this users not in other OUs!!
Is there any workaround to manage AD Groups members that not a MIM user?
Thanks in advance .
CJ
Hi
I want to sync user account password between two diffrent forest without trust.
after I searched In internet ,I found some DOC In technet with MIM 2016 Guide in order to run this senario ,I tryed but It dose not work,
I really stuck and dont know how to solve it,
you will be kind enought if you help me.
thanks
I have created policies that managers can add users to groups. The problem is that this is working only when the group's join restriction is owner. If the join restriction is set to None, then the manager gets access denied error and can't add user to a
specific group.
What could be the problem?
Hi everyone,
i have a very basic but fundamental question regarding the MIM sync engine. We have successfully launched MIM company-wide and are very happy with the results. However, we recently did a code review for all our Rules Extensions (Import and Export) and found that there is some kind of inconsistency:
Sometimes we use Export-Flow to do a specific task in one MA and then an Import-Flow for the same task in another MA. Thats something we want to fix asap.
I give you an example:
If we want to disable an Active Directory Account based on the employement-state which is coming from our HR-MA, we have two options:
Option 1: Set "userAccountControl" (CS-Attribute) on the Export-Flow of the AD-MA
In this szenario, we are checking the mventry["employementState"] during export-run and set the csentry["userAccountControl"]-Attribute. Next time the Import from AD-MA would then write the "userAccountControl"-Attribute into the"userAccountControlADMA1"-Attribute in the Metaverse.
Option 2: Set "userAccountControlADMA1" (Metaverse-Attribute) on the Import-Flow of the HR-MA
This time, we set the Metaverse-Attribute "userAccountControlADMA1" based on the csentry["employementState"] inside the import-run of our HR-MA. This would simply export the new "userAccountControl"-Value to the AD-MA on the next
export-run.
From what i understand, both are options that should work fine. However, what is the best practice option here?Check the Metaverse on Export to AD-MA or set the Metaverse-Attribute on Import from HR-MA?
Many of you should have done this in either one of those ways. What are your experiences and suggestions?
Or am i not getting something fundamental here? :)
Regards,
Timo
I am try to import galsync Management agent in my lab machine unable to do it getting this error
"Object Reference Not Set To An Instance Of An Object"
Hi everyone,
As you know, when installing FIM Password Reset and Password Registration Portal, we need to provide Host Name configuration, and then type Port and select Open port in firewall if you would like to publish this website throughout port 80.
Now I need to change those URLs. Do I have to re-run FIM Password/Registration installation or I just only need to open IIS Manager, right click on corresponding websites and then clickEdit Binding, and change URLs.
Many thanks for your support.
Regards,
-T.s
Thuan Soldier
SharePoint Vietnam |
Blog | Twitter
Hello,
I'm trying to use Soren Granfeldt's PowerShell MA to pull some information from a legacy SQL Server (too old to use SQL Server MA) as part of a system migration. On the whole, it's working very well, but I've tried to add a new attribute to it and am running into some problems.
The attribute is a multivalued string (actually an integer in the source db, but converting to a string since the MA requires that), and is the first multivalued attribute I've tried to use with this MA. When I run an import, the MA runs for the expected length of time but returns no objects.
If I run the script in a PowerShell console, it does appear to spit the correct data out to the pipeline.
If I set the script to return fixed test values for the multivalued attribute, it appears to work. This leads me to suspect that I'm somehow not correctly forming the object to put into the attribute (I'm trying to use an array of strings).
Relevant code:
Schema:
$obj = New-Object -Type PSCustomObject
@(
#There are other attributes in here but they work fine.
@{ Name='Group'; Type='String[]'; Value=('Value1','Value2') }
) | foreach { `
$obj | Add-Member -Type NoteProperty -Name "$($_.Name)|$($_.Type)" -Value $_.Value
}
$obj
Import script:
# For each object
$Groups = @()
$GroupsConnection = New-Object System.Data.SqlClient.SqlConnection
$GroupsConnection.ConnectionString = "Server = $DBHost; Database = $DBName; Integrated Security = True; User ID=$Username; Password=$Password"
$GroupsConnection.Open()
$GroupsCmd = $GroupsConnection.CreateCommand()
$GroupsCmd.CommandText = "SELECT * FROM groups WHERE loginname='$AccountName'"
$GroupsReader = $GroupsCmd.ExecuteReader()
while ($GroupsReader.read()) {
$Groups += $GroupsReader.GetValue(1).ToString()
}
$GroupsConnection.Close()
$obj = @{
# Other attributes in here, too
'Group' = $Groups
}
$obj
Can anybody see anything obviously wrong with this, or does anybody have an example of a working script?
Many thanks in advance,
Sean.
Hello,
I've taken the default GALSync source code from the FIM server and copied it to my PC as described in the blog below. I've renamed the project and assembly to ContosoGAlsync.
http://social.technet.microsoft.com/wiki/contents/articles/4418.how-to-customize-targetaddress-on-export-attribute-flow-in-galsync.aspx
I've then open the project solution using Visual Studio 2012 and added references for:
Microsoft.MetadirectoryServicesEx.dll
Microsoft.MetadirectoryServices.dll
Logging.dll
I've then compiled my project on my local PC and then copied ContosoGalSync.dll to my FIM server. I've then added the rules extension to the GALSyncMA for ContosoGalSync.dll and within the Synchronization service options.When I run my GALSync MA, I'm now hitting an error:
The required rules extension ContosoGalSync.dll could not be loaded. Verify that the rules extension is located in the extensions directory. User Action Verify that the rules extension is located in the Extensions directory. If the extension is present, confirm that the version of the .NET framework that can run the extension is installed on the server and that a supportedRuntimes entry in the configuration files specifies that version. The synchronization engine will not be able to load an extension that is built with a newer version of the .NET framework than the version of the .NET runtime it is hosting.
Should I be able to take the default GALSync code, recompile it using VS 2012 and then re-run the GALSync MA without any issues?
Thanks
Im trying to deploy MIM 2016 Add-ins and extensions via sccm 2012. The command I am trying is
msiexec /i "Add-ins and extensions.msi" /quiet ACCEPT_EULA=1 ADDLOCAL=PasswordClient RMS_LOCATION=coavmim02.xxxxxx.intranet REGISTRATION_PORTAL_URL=http://passwordregistration.xxxxxx.intranet
Can someone tell me whats wrong with my command? Trying to install without MIM Add-in for Outlook.
Hi,
We are trying to create an Exchange 2010 mailbox using the FIM built-in mechanisms.
The mailboxes are not being created.
On the Exchange server we have enable remote powershell - but we still see these error messages:
Cmdlet failed. Cmdlet Update-Recipient, parameters {Identity=adatum.com/Test Accounts/Users/User1, DomainController=DC002.adatum.com}. Event ID 6.
Can anyone shed some light on this error please?
Thank you
Hi,
I'm trying to get a grasp of using MPRs, Workflows, Sets to manage users from the FIM portal, instead my current method of using rules extensions. When trying to define a workflow, using a sync rule action, the drop down to select the sync rule only shows the inbound sync rules. Why not the outbound ones. That's the one I need to select.
I didn't see any settings in the portal that looked to control this. Is there a configuration value somewhere that needs to be changed?
Thanks,
Greg