Hi,
Our client wants to achieve bulk/multiple user creation requests to be submitted in one go in the FIM Portal. Is this achievable? If yes, then please elaborate how. If no, then need some justification to suffice my query.
PS: Approval is required before user is created in FIM Portal.
Regards,
Manuj Khurana
Hello
I want to create management agent for sql hr database.
when i try to connect to DB, i get following error
Failed to retrieve the the schema. Exception from HRESULT: 0x80231101
the username that i used for connect to database has read permission on the view
Hello All,
I have an issue with one user, where user is already registered for the FIM SSPR but while resetting the password he fails on the last step where new password needs to be submitted. (Error: 3000).
user is alreday a member of the required set.
Kindly help and advice.
Ok, I am suffering exactly a same problem descripted in this article:
http://blogs.technet.com/b/identitymanagement/archive/2015/08/07/mim-2016-upgrade-issues-on-builds-4-1-3646-0-or-4-1-3634-0-or-4-1-3627-0.aspx
The workaround is replace Microsoft.IdentityManagement.DatabaseUpgrade.exe.config file with another one.
The problem is that I am still getting the same error and facing the problem. So is that file which can be downloaded from the link above broken allready or am I missing something?
Am I the only one who is suffering with this?
Hi,
Its easy to find a powershell script to disable an AD account that has been inactive for a given period of time.
However, just trying to figure out how this would work with a typical FIM deployment, where HR is authoritative for user data which is provisioned to AD via FIM. If we were to implement a daily "look for inactive users and disabled them and move them to disabled OU" AD powershell script, we effectively would make AD authoritative for these values - DN & userAccountControl?
At the moment DN is determined by "location" values in HR, and userAccountControl by employeeStatus values in HR.
With equal precedence being deprecated, just wondering if anyone has had a similar scenario, and how you have dealt with it?
thank you,
sk
We would like the password reset error message to include some different verbage and a link to the registration portal. Can I customize this?
I've customized the look but I can't figure out how to customize the page content.
Does anyone know if it's possible to add a custom page to MIM? I've been told it is possible, but haven't managed to get it working. I've copied C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\TEMPLATE\FEATURES\MSILM2SitePages\SitePages\aspx\groups\AllGroups.aspx
to a new page, i.e. CustomGroups.aspx but cannot request this page in the portal. I get a 404 back. I've tried modifying the sitePagesElements.xml file as well to include the new page and done a full restart.
Trying to use WAAD with FIM 2010 R2 SP1 (4.1.3496.0) and during export several objects cause a warning/info with:
Maximum number of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota.
I looked, this appears hard coded into the MA, anyone know what causes this? My best guess is something like a large group membership? Does anyone know what the limits around the WAAD MA are?Here is the indepth error logged during the failure:
ProvisioningServiceAdapter::ExecuteWithRetry: Action: Export, Attempt: 0, Exception: Microsoft.Online.Coexistence.ProvisionRetryException: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: e94e6020-8434-4aa7-9a29-b2edf7fe6b2e See the event log for more details. ---> System.ServiceModel.CommunicationException: There was an error while trying to serialize parameter http://schemas.microsoft.com/online/aws/change/2010/01:syncObjects. The InnerException message was 'Maximum number of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota. '. Please see InnerException for more details. ---> System.Runtime.Serialization.SerializationException: Maximum number of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota.
at System.Runtime.Serialization.XmlObjectSerializerContext.IncrementItemCount(Int32 count)
at WriteArrayOfstringToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , CollectionDataContract )
at System.Runtime.Serialization.CollectionDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeAndVerifyType(DataContract dataContract, XmlWriterDelegator xmlWriter, Object obj, Boolean verifyKnownType, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeWithXsiType(XmlWriterDelegator xmlWriter, Object obj, RuntimeTypeHandle objectTypeHandle, Type objectType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerialize(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerializeReference(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
at WriteSyncObjectGroupToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , ClassDataContract )
at System.Runtime.Serialization.ClassDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeAndVerifyType(DataContract dataContract, XmlWriterDelegator xmlWriter, Object obj, Boolean verifyKnownType, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeWithXsiType(XmlWriterDelegator xmlWriter, Object obj, RuntimeTypeHandle objectTypeHandle, Type objectType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerialize(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerializeReference(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
at WriteArrayOfSyncObjectToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , CollectionDataContract )
at System.Runtime.Serialization.CollectionDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
at System.Runtime.Serialization.DataContractSerializer.InternalWriteObjectContent(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
at System.Runtime.Serialization.DataContractSerializer.InternalWriteObject(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
at System.Runtime.Serialization.XmlObjectSerializer.WriteObjectHandleExceptions(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameterPart(XmlDictionaryWriter writer, PartInfo part, Object graph)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameterPart(XmlDictionaryWriter writer, PartInfo part, Object graph)
at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameter(XmlDictionaryWriter writer, PartInfo part, Object graph)
at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameters(XmlDictionaryWriter writer, PartInfo[] parts, Object[] parameters)
at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeBody(XmlDictionaryWriter writer, MessageVersion version, String action, MessageDescription messageDescription, Object returnValue, Object[] parameters, Boolean isRequest)
at System.ServiceModel.Dispatcher.OperationFormatter.OperationFormatterMessage.OperationFormatterBodyWriter.OnWriteBodyContents(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.Message.OnWriteMessage(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
at System.ServiceModel.Channels.BinaryMessageEncoderFactory.BinaryMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Online.Coexistence.Schema.IProvisioningWebService.Provision(SyncObject[] syncObjects)
at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
--- End of inner exception stack trace ---
at Microsoft.Online.Coexistence.ProvisionHelper.CommunicationExceptionHandler(CommunicationException ex)
at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.<>c__DisplayClass1.<Export>b__0()
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.ExecuteWithRetry(String actionName, Action action).
We installed SCSM 2010 for reporting to Forefront identity manager. It was working fine till last month. From last month ETL jobs are running but current data is not coming in reporting. While current data is there service manager database. ETL jobs status is in running only , from long. Looks like ETL jobs have hanged as there is not any event being generated in Eventviewer under operations manager for ETL jobs from last month. Tried restarting services but still there is not any event for ETL. We checked in SCSM console , there ETL job modules are being stucked in running state
Through powershell , we run Get-SCDWJobModules for module status and error. From there we noticed , for few modules error are coming
"Cannot open database ""DWRepository"" requested by the login. The login failed. Login failed for user 'domain\scsm_admin' "
while scsm_admin is a sysadmin and dbowner for DWRepository. And it was working fine before.
There were some more errors in modules as "TimeOut Exception" and "Dead locked resources"
Could any body help us in this ?
Dushyant Singh
Dear friends,
Kindly Please help me to understand the Account Lock in FIM -SSP. When ever user reset with wrong password ,user account will be locked in AD or only in FIM Portal.
if user lock in AD ,let me know what are the cutomization need to perfomred.I have Configured SSP ,but user is getting lock at FIM portal level and cant able to reset the password. But account is not locked in AD. Kindly any one clarify it...
Regards,
Sridhar.R
Thanks in Advance.
I have a problem with permissions. It has existed the whole time I have had my Toshiba laptop, which was bought from new.
When I drag and drop some files, (but especially Adobe files), like I may have down loaded one and saved it temporarily to my desktop, then drag and drop it into a desktop folder, I am then denied access in opening it again in that folder, the window telling me I do not have permissions to open it. Not only that but then I cannot delete or move the file anywhere else, so I am stuck with files I cannot do anything with?
However, If I have the file open and then go to save it to the folder, I can open it again and again without a problem. It seems to be only with the drag and drop function. When this happens I try and change the permissions in the file security but nothing seems to work? I am at a loss as to what to do next
hello
whenever i create a user in ad, it is flowed to connector space but not metaverse. i mean i can search the user in connector space but when i run sync run profile, it is not flowed to mv.
i believe everything i have is on right place. here are photos
inbound sync rule
a
Aritro Chattopadhyay
Hi,
It's my first deployment for MIM 2016 which is similar to FIM 2010 deployment process. I made all steps required and currently I have one issue: when search for users in portal, users displayed like that
Noting that it's a test Lab.
I can't use password reset password because MIM can't read users from MIM portal.
Please Help.
Hi all,
This is probably something really obvious however when I try to configure the PSMA (default schema location - c:\psma\schema.ps1) I get the following
---------------------------
Synchronization Service Manager
---------------------------
Unable to retrieve schema. Error: Exception from HRESULT: 0x80231343
---------------------------
OK
---------------------------
with an error in the event log of:
The extensible extension returned an unsupported error.
The stack trace is:
"Microsoft.MetadirectoryServices.NoSuchObjectTypeException: Error in the application.
at Granfeldt.PowerShellManagementAgent.Microsoft.MetadirectoryServices.IMAExtensible2GetSchema.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.3.1935.0"
The schema.ps1 looks like this:
$obj = New-Object -Type PSCustomObject
$obj | Add-Member -Type NoteProperty -Name "Anchor-StaffID|String" -Value "U123456"
$obj | Add-Member -Type NoteProperty -Name "company|String" -Value "Spark Digital"
$obj | Add-Member -Type NoteProperty -Name "department|String" -Value "Futures"
$obj | Add-Member -Type NoteProperty -Name "description|String" -Value "An Awesome Joe Bloggs"
$obj | Add-Member -Type NoteProperty -Name "givenName|String" -Value "Joe"
$obj | Add-Member -Type NoteProperty -Name "mail|String" -Value "joe.bloggs@spark.co.nz"
$obj | Add-Member -Type NoteProperty -Name "mobile|String" -Value "Spark Digital"
$obj | Add-Member -Type NoteProperty -Name "name|String" -Value "joe"
$obj | Add-Member -Type NoteProperty -Name "postalCode|String" -Value "1010"
$obj | Add-Member -Type NoteProperty -Name "sn|String" -Value "Bloggs"
$obj | Add-Member -Type NoteProperty -Name "streetAddress|String" -Value "1 Awesome Ave"
$obj | Add-Member -Type NoteProperty -Name "telephoneNumber|String" -Value "01234567"
$obj | Add-Member -Type NoteProperty -Name "title|String" -Value "Top Guy"
$obj
If I remove the file (so it actually doesn't exist) I get a different error:
---------------------------
Synchronization Service Manager
---------------------------
Can not find or access Schema script 'c:\psma\aschema.ps1'. Please make sure that the FIM Synchronization Service service account can read and access this file.
---------------------------
OK
---------------------------
So I'm assuming all access to the file is correct but there is something about it not quite right?
I'm new to MIM so any help appreciated.
Justin
Hi,
We are using MIM 2016 (build 4.3.2124.0) and have created a few new email templates that include the following:
However, when the email is rendered, there is a semi-colon ; after each [//target/manager] and [//target/creator]
So for example, the email message looks like this: Dear Joe Blogs;
Is there a way to remove this semi-colon?
Is this a MIM bug?
We dont remember seeing this with FIM in the past.
Thank you,
sk