Hi,
Have just deployed MIM Sync and MIM Service/Portal. Definitely did not deploy MIM Reporting.
Why does the MIM installer deploy these jobs if they are not required?
- FIM_CheckAndUpdateReportingJobStatusJob
- FIM_TerminateStuckRequestsJob
- FIM_ScheduleReportingIncrementalSynchronizationJob
- FIM_TruncateExportLogJob
Thanks.
Is there any best practises or something how to Hot Fix FIM? What backups should I take, what account should I use and so on?
I have setup MIM on SharePoint 2013 with a domain account eg dom\AccntA. After installation when I try to open the portal, I get an error "service not available". I changed web.config to show me a bit more of a meaningfull error:
--------------------------------------------------
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.]
Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key) +266
Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key) +25
Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache() +96
Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap() +87
Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource) +43
Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth() +59
Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e) +46
System.Web.UI.Control.PreRenderRecursiveInternal() +175
System.Web.UI.Control.PreRenderRecursiveInternal() +272
System.Web.UI.Control.PreRenderRecursiveInternal() +272
System.Web.UI.Control.PreRenderRecursiveInternal() +272
System.Web.UI.Control.PreRenderRecursiveInternal() +272
System.Web.UI.Control.PreRenderRecursiveInternal() +272
System.Web.UI.Control.PreRenderRecursiveInternal() +272
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1069.1
--------------------------------------------------
but it still doesn't mean a thing to me.
Eventviewer shows an ASP.NET error:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 4/29/2016 2:27:24 PM
Event time (UTC): 4/29/2016 4:57:24 AM
Event ID: ffba74342d674de691794a14a92f76cf
Event sequence: 8
Event occurrence: 2
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/39381490/ROOT-1-131063786362477129
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\82cdc9554c-50b9-4a20-bede-f2cd6a8ae01c\
Machine name: <PORTAL SERVERNAME>
Process information:
Process ID: 1848
Process name: w3wp.exe
Account name: domain\SVC_SharePoint
Exception information:
Exception type: NullReferenceException
Exception message: Object reference not set to an instance of an object.
Could it have something to do with the domain\SVC_SharePoint referenced or the fact that it is Microsoft .NET Framework Version:4.0.30319 and ASP.NET Version:4.6.1069.1?
Thanks
I need to do a dropdown menu which should contain at least 100 (company names) values. What is best way to do that? It should be quite easily upgradeble and should also give a good user experience.
Or should I think a whole new resource for that?
Hi All,
I have deployed a MIM 2016 Sync-Service server with SQL 2014 on a seperate server. I am trying to make a test Management Agent, following the link below, but
mmsmafim: MIIS.ManagementAgent.ManagedMACredentialFailureException: Failed to connect to the specified database with the given credentials.
at MIIS.ManagementAgent.RavenMA.InitializeConnection(XmlNode connectionInformationNode, XmlNode encryptedAttributeNode, Boolean runInitialization)
at MIIS.ManagementAgent.RavenMA.UIInitialize(String pszInitString, Int32& pfValid, String& ppszResult)
However, the credentials I use (the account running the FIM windows service) is correct, it has dbowner rights on the created database in SQL. Can login to either the MIM or the SQL Server with the account, etc. What am I missing? No time skew on the servers.
https://technet.microsoft.com/en-us/library/mt219040.aspx (Configure MIM Sync to Synchronize from Active Directory to MIM Service)
Hi,
Looking at this article: https://www.linkedin.com/pulse/microsoft-announces-retiring-identity-access-richard-blackham
A number of my clients have decided to stop their current FIM/MIM projects and re-evaluate other IDM vendors and products.
So based on this, I assume there will be no subsequent MIM product release?
Any new IT people should not bother learning MIM?
Any existing FIM/MIM IT people should start looking at other specialisations/vendors as their job is on the line?
This is rather sad...
what are your thoughts on this announcement?
IT Support/Everything
Hello,
We are having synchronization issues of an attribute value for few records in our FIM 2010 R2 environment.
Scenario
X in Connector space(CS) is mapped to Y of Metaverse(MV) via rules extension.
The record which has issue is already joined to MV without the value Y as X is not present in CS.
Now we have new value for X coming from source.The new value comes to CS on FI as an update.
After Delta Synch X doesn't flow to Y in MV and CS record does not have any add/modify but "none" indicating that the update is Synchronized.
No issue in the rule as on Preview -Full Synch the value flows from X to Y.
Full Import and Delta Synch are run in two steps
Why is X not flowing to Y on Delta Synch?
Hi
Observed some strange behavior on MPRs on multivalued attributes today:
One multivalued ref. attribute on person.
One MPR allowing the users to add values to this attribute.
No MPRs allowing anyone to remove values from the attribute.
If the user posts a request to add a value it is permitted, and a request for removing a value is denied. So far everything works as expected.
If the user makes a request that includes both an add operation and a remove operation both is permitted regardless of the lack of a MPR allowing values to be removed.
Anyone else seen this behavior?
/Ole
Hello!
I'm trying to change the following text in our password registration portal:
This is my config in MIM portal:
I have saved and submitted the config and restarted the IIS server without success. Please help.
Kind regards,
Anthon
Hi,
I'd like FIM to email a notification to someone, with the contents of a previously run powershell script.
is this possible? And how does one go about it?
The powershell script is a basic: Get-ADPrincipalGroupMembership <username> - and am thinking of placing this in a powershell FIM activity? how do I flow the output of this into a multivalued FIM attribute? how do I use the //workflowdata for this?
I would like to send the result of this query to a person - so this would be a normal FIM email notification activity? and how do I use the output of the Get-ADPrincipalGroupMembership <username> in the email message itself?
Thanks,
SK
Hi
The topic says all. How can I debug that email notifications has been sent? I can only check from the requests that correct mpr has been launched, but that doesn't really tell that has the email notification processed by fim.
And in this time, I need to debug only FIM side, I don't need to debug the whole chain from FIM to email-server and so on.
So I have learned it is possible to set multiple Owners, but only one DisplayedOwner and would like to set the owners from a CSV file.
The script I have created works just fine with only one owner/displayedowner, but if I try to set two owners in the csv by semicolon seperating the values it fails.
This is my script:
if (@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0)
{
Add-PSSnapIn FIMAutomation
}
function CreateImportChange
{
PARAM($AttributeName, $AttributeValue, $Operation)
END
{
$importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
$importChange.Operation = $Operation
$importChange.AttributeName = $AttributeName
$importChange.AttributeValue = $AttributeValue
$importChange.FullyResolved = 0
$importChange.Locale = "Invariant"
return $importChange
}
}
$csv = Import-Csv -header "GroupName","Owner","DispOwner" "c:\temp\mailbox2.csv"
foreach ($entry in $csv)
{
$myGroupName=$entry.GroupName
$myOwner=$entry.Owner
$myDispOwner=$entry.DispOwner
$uri="http://ivabfim01:5725/resourcemanagementservice"
# Get Owner
$ownerObject = export-fimconfig -uri $URI `
–onlyBaseResources `
-customconfig "/Person[AccountName='$myOwner']"
if($ownerObject -eq $null) {Write-Host -ForeGroundcolor Red "Owner not found! (Group: $myGroupName - Owner: $myOwner)"}
else{
$ownerID = $ownerObject.ResourceManagementObject.ObjectIdentifier -replace "urn:uuid:",""
# Get DisplayedOwner
$DispownerObject = export-fimconfig -uri $URI `
–onlyBaseResources `
-customconfig "/Person[AccountName='$myDispOwner']"
if($DispownerObject -eq $null) {Write-Host -ForegroundColor Red "DisplayedOwner not found! (Group: $myGroupName - Owner: $myOwner)"}
else{
$DispownerID = $DispownerObject.ResourceManagementObject.ObjectIdentifier -replace "urn:uuid:",""
#uncomment to verify the connection to the csv file is working and correct output.
#Write-Host Group: $myGroupName Owner: $myOwner($ownerID) DisplayedOwner: $myDispOwner($DispownerID)
$group = Export-FIMConfig -uri "$uri" -customConfig "/Group[AccountName='$myGroupName']" -onlyBaseResources
if ($group -eq $NULL) {Write-Host -ForegroundColor Red "Group Does not exist! Skipping...(Group: $myGroupName - Owner: $myOwner)"}
else{
#construct the web service operation
$importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
#the object type is Group
$importObject.ObjectType = "Group"
#we are modify the group we've identified above
$importObject.SourceObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
$importObject.TargetObjectIdentifier = $group.ResourceManagementObject.ObjectIdentifier
#Put operation is enum 1
$importObject.State = 1
#construct the operation to Replace filter, Replace attribute operation is enum 1
$importObject.Changes += CreateImportChange -attributeName "Owner" -attributeValue $ownerID -Operation 0
$importObject.Changes += CreateImportChange -attributeName "DisplayedOwner" -attributeValue $DispownerID -Operation 1
$importObject | Import-FIMConfig -Uri "$uri"}
}
}
}This is the input from the csv file:
FIM_Mailbox_TestMail-SEC,Nico,Nico
FIM_Mailbox_TestMail2-SEC,Nico;Nico2,Nico
The script stops at the error:
Owner not found! (Group: FIM_Mailbox_TestMail2-SEC Owner: Nico;Nico2)
Anybody with an idea how to resolve multiple users and able to set them as owner?
Hi All,
I have a small but confusing question regarding attribute precedence. I was under the assumption that if we set a particular MA precedent for an attribute which is contributed by say 2 other MA, then for the first time the value in metaverse can be populated by any MA but after that the MA that was set at the top precedence in the metaverse designer only can populate the value.
But what I noticed is, after any of the MA has contributed value for the first time, this MA can still continue to contribute value until the value is populated by the precedent MA. Once it is set, its only then the precedence concept comes into picture.
Can someone guide me if i am wrong?
Thanks,
Veena
Hi,
I will get Hire Date from PeopleSoft and I wanna Export UPN, Email Values to PS again on User Hire Date based on below condition.
UPN Value one day before HireDate (ie) (HireDate-1)
Mail Value on Hire Date.
will you please explain me how can I do the same.
thanks,
venugopal.
The "Default pending approval email template" includes the following in the HTML body:
[//Request/CreatedTime] (GMT)
Elsewhere in the FIM UI all DateTime data is converted to the local timezone for display purposes, but not it seems (by default at least) in the case of email notifications :P. Unless you apply some sort of custom transformation on FIM db DateTime values, you are always going to have to append the " (GMT)" at the end of the string you display in notification emails ...
Before I go writing myself a custom activity to convert UTC DateTime values into local values, it occurs to me thatthis must be of universal concern to everyone using FIM notifications... I am aware of one site which noticed this in the email body and discontinued the use of FIM notifications until it can be corrected. This being the case, has anyone come up with a clever way of negotiating this problem without having to resort to a custom activity (and no - I'm not talking about a rules extension hack here!!!)
Thanks
Selfservice password and registration has been working fine for the past year Until today, it stopped working. I'm not able to connect internally.
Only change that happened in the last week are microsoft patches. Are there any known issues with the patches that prevent SSPR from working?