Hello, I'm getting this error when trying to Sync AD to SharePoint  extensible-connector-refresh-required.  I've tried different .dll files, but still have an issue.  Although it did work once and I was able to import, but did not work again.  I keep getting the extensible error when running the SPMA.  Does anyone know the answer?

Thanks,

AJL

I perform synchronization user profile from Active Directory toward SharePoint 2010 User Profile Service Application.

I use miisclient.exe to monitor this task,  even through the job was successful as expectation but I always found “stopped-database-connection-lost” status  while running DS_FULLSYNC Profile name as figure shown in below.

And also found 2 errors (FIMSynchronizationService type)  in window log event as following table. It is likely to involve with “stopped-database-connection-lost” status  above figures.

Moreover,I am wondering that this problem may result in incomplete the total number of users  from synchronization.

As far as I  researched I experienced only https://social.technet.microsoft.com/Forums/en-US/39129eac-09d3-48ff-83f9-ecb4ae2424b6/sharepoint-profile-synch-stoppeddatabaseconnectionlost?forum=ilm2 along with being marked as correct answer   , however, I did not found Event ID 2004(The FIM Synchronization Service failed to update the timestamp. Verify that SQL Server is running.)  like   mentioned cases. For this reason, I am pretty sure that a root cause will probably come  from different situation.

If anyone need to more configuration information including SharePoint environment details in order to suggest a good solution , please free feel to ask me.

Please kindly recommend me how to fix this issue.

Thank a lot

Pongthorn

We are trying to Reset a single User so that they must re-register for SSPR.

I have seen past discussions of FIM 2010 that it is possible BUT NOT SUPPORTED to edit a user and remove the correct workflow from the AuthN Workflow Registered attribute via Extended Attributes button on the RCDC form.

If the Unregister cmdlet is Supported (?), what is it doing which is different from editing the user via the user edit form?

Hello MIM Experts,

Is there any way to manage time based local administrator group permission with MIM 2016?

I have google it and found one option that

Create domain group for each workstation(like localadmin_MC1, localadmin_MC2......etc) and through AD group policy add these groups to the local administrator of each workstation. WIth the help of MIM 2016 PAM feature we can create role for each domain group and manage time based local administrator group membership. But we have 100k workstations in our environment and creating 100k domain groups are not best practice. 

Now the question is, do we have another option available for this requirement?

BR

“An influential teacher, or popular expert“

Oh mighty reader, we need your enlightenment! Only YOU can show us… the TRUE WAY to code!

Win the dedication and adoration of generations to come, by giving something back to those less awesome.

Show your technical prowess, and divine knowledge of your craft.

Teach us good code from bad. Show us the way (or the work-around)

We can offer you the very best platform that you need to preach these good words.

Join us and lead this technical community in a whole new way, into a brighter future!

Become a TechNet Guru and you may find your own life also significantly enriched!

Win awards, interviews, invites, reviews, medals, friends, recognition points, high fives, hugs, smiles, and so much more!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day’s work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations to TechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you’ve contributed)

3) Every month, we will highlight your contributions, and select a “Guru of the Month” in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once “on our radar” and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards.

Thanks,

If my reply is helpful please mark as Answer or vote asHelpful.

My blog | Twitter | LinkedIn

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Hi,

Just going through the "Before you begin" section of FIM setup. We are planning to use a hardware load balancer, and this has been configured and the relevant 'A' record created in DNS. We next go to a DC and try to register the SPN for this new NLB name as follows:

• setspn –S FIMService/IDM.company.com domain\FIMSync
• setspn –S FIMService/IDM domain\FIMSync
• setspn –S HTTP/IDM.company.com domain\FIMWSS
• setspn –S HTTP/IDM domain\FIMWSS

When we run the first setspn registration we get the error message:

• Unknown Parameter FIMService/IDM.company.com. Please check your usage.

We also tried running it like this:

• setspn –A FIMService/IDM.company.com domain\FIMSync

But the same error message appears.

Any ideas?

thank you

Hi Guys,

What is the MS certification available covering Microsoft Identity Manager ,Azure Active Directory?

Got to know from Google that 70-414 covers the identity management but only 25%.

Are there any other certifications that I can prepare for ?

Regards,

Srinivas

Hi

There are lots of custom Management Agents for Google services. Does any of those supports MIM 2016 (SP1)?

Hi folks

Product: MIM 2016 (SSPR)

We're currently using MIM 2016 purely for SSPR to sync against one domain.  Everything is working as expected fine and dandy; users are able to Password Register and Reset etc.  No issues there.  Recently, the MIM 2016 Portal admin account object was a) changed in AD from usernameA to usernameB and this AD object was moved into a new OU once the username was changed.  The following day, we tried to log into the MIM 2016 Admin Portal and I got the following error:

I then checked for the new username using Metaverse Search within Synchronization Services Manager and could not find the modified username, only the old one.  I tried the old username and this too would not let me log into the Admin Portal either - same error as above.

I then performed an Export, Full Import (Stage Only) followed by a Full Synchronization on both the MIM Management Agent and the same again on the MIM AD Management Agent.  I still couldn't see the correct (changed) username in the metaverse and obviously still couldn't log in to the MIM 2016 Admin Portal (as above error again).

I then modified the MIM AD Management Agent within the Directory Partitions to include the new OU (to sync in) with the renamed/moved MIM 2016 admin account to sync across.  I then performed an Export, Full Import (Stage Only) followed by a Full Synchronization on both the MIM Management Agent and the same again on the MIM AD Management Agent.  I could then see the renamed MIM 2016 Admin account but still couldn't log in.  I now realise that this should be a flow filtered account to protect the MIM 2016 admin account but was not aware of this at the time.

What is the current status on this account, based on the above?  Has it gone?  Am I blocked now from accessing the MIM 2016 Portal?  I search and see the new account in the MIM 2016 metaverse and it exists but I cannot log into the MIM 2016 Admin Portal - I get the error above.  The account was modified and moved to a new OU in AD and not deleted and then the changes (I assume) sync'd in.  Have I lost access to the MIM 2016 Admin Portal or can I still access the system?

I found the following article recently - https://www.ccrossan.com/blog/identity-management/fim-portal-no-access-for-fim-admin-account/ - which uses a Powershell script to set the AccountName attribute of the MIM Admin account - identified by a well-known admin user GUID) - is this attribute different between FIM 2010/R2 and MIM 2016?  Is this Powershell script of any use here?

If someone could assist me here in any way I can get access back to the Admin Portal, I'd appreciate it.  Has the account in the MIM 2016 Admin Portal been deleted?  Surely not, as I can see it - it has just had a modification.

Any help on this, really, really appreciated folks! :)

Hi

I am testing Self service password reset feature on FIM 2010 R2 with OTP SMS gate, I  little confused about how to modify "SMSProvider.dll" to communicate with SMS gateway provider.

For test purpose , I subscribed with Clickatell sms gateway with free test credits. After subscription, new HTTP API is created to be used to send SMS, and it has the following parameters : API ID , username, password, to & text in order to send SMS through HTTP URL , as below example "

http://api.clickatell.com/http/sendmsg?user=USERNAME&password=PASSWORD&api_id=xxxxx&to=xxxxxx&text=Message

How can i insert the above parameters in smsprovider.dll sample that explained on Technet guide "https://technet.microsoft.com/en-us/library/hh824692(v=ws.10).aspx" or Is there any other working way to let FIM send SMS ?

I appreciate your help

Hi,

i need to implement a workflow of notification, to be sent when an attribute change the value. i need to display the old value and the new value. i did these steps:

1. create a new mail Template

2. create a workflow of notification as below: use the mail Template to be sent to a specific adress

3. create an MPR as below:

- Requestors : all objects

-Operation : modify a single valued attribute

-target resources: all people

- resource attribute:  select specific attribute

then, select the created workflow.

When the attribute selected is changed, i receive the notification, but it shows only the new value ? how can i do to have the old value too?

Regards.

Hi all,

In the middle of retrofitting a test environment with OTP in SSPR and while FIM Portal sends my new user notifications fine, I am having troubles sending out the one-time-codes.

In SSPR, I enter the username, and it sits there for a while with a spinning wheel before erroring out with the message: Unable to send a security code.

When I review Event logs, I can see that the e-mail sending is timing out:

Any thoughts on why this might be? It works fine in production, but not in test - and the only difference between the two environments is that we're using EWS in Prod and SMTP relay in test... but again, I've verified the SMTP relay works.

- Ross

FIMSpecialist.com | MCTS: FIM 2010 | Now Offering ECMA1->ECMA2 Upgrade Services

Hi,

i need to configure a set in which i put all user with specific Distingushed name.. in FIM i don't have the operator "contain"

how i can have the needed result ?

Regards.

MIM2016 SP1 (version 4.4.1237.0) PCNS services terminated after installed on W2012R2 domain controllers with below ERROR in event log.

Log Name:      Application
Source:        PCNS Filter
Date:          11/8/2016 1:58:35 PM
Event ID:      6004
Task Category: Error
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SGDC1INFMSWP03.apll.com
Description:
The Password Change Notification service executable "C:\Program Files\Microsoft Password Change Notification\pcnssvc.exe" failed while verifying the file signature. The service will not be started and password notifications will not be sent. pcnsfltapi.cpp (525): A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

pcnssvc.exe pcnsfltapi.cpp failed while verifying the file signature

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="PCNS Filter" />
    <EventID Qualifiers="49152">6004</EventID>
    <Level>2</Level>
    <Task>4</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-08T05:58:35.000000000Z" />
    <EventRecordID>5888</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SGDC1INFMSWP03.apll.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>pcnsfltapi.cpp (525): </Data>
    <Data>A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
</Data>
    <Data>C:\Program Files\Microsoft Password Change Notification\pcnssvc.exe</Data>
    <Binary>09010B80</Binary>
  </EventData>
</Event>

Will there be a new/updated SCOM2012 R2 compatible management pack for new Microsoft Identity Manager 2016?

If so, when?

If not, are we expected to try and monitor with the FIM 2010 MP?

In the documentation describing "FIM 2010 R2 Portal Customization" https://technet.microsoft.com/en-us/library/jj134312(v=ws.10).aspx I cannot see if it is possible to set one of the Portal Strings to be empty.

We would like to set the following:

   FinalizeRegistrationSubHeading1 - To contain custom text
   FinalizeRegistrationSubHeading2 - To be blank
   FinalizeRegistrationSubHeading3 - To be blank

I have tried the following but the empty <value></value> errors and therefore none of the custmisations are applied.  Same result with just a space.

  <data name="FinalizeRegistrationSubHeading1" xml:space="preserve">
    <value>Click on the 'Problems Logging In?' link from your Windows login screen</value>
  </data>

  <data name="FinalizeRegistrationSubHeading2" xml:space="preserve">
    <value></value>
  </data>

  <data name="FinalizeRegistrationSubHeading3" xml:space="preserve">
    <value></value>
  </data>
 
Thank you,
Alastair.

I have several MA's that need to call the same password exstention code. In the exstention code I want to determine which MA is calling. When I try to access csentry.MA.Name I get "system.invalidoperationexception: MA property not supported"

Is it possible to determine the MA name that is calling the code.

Hi,

Just installed a new MIM Reporting instance and noticed that, although the reports for FIM are there, the data warehouse jobs are missing (Extract_DW_FIMReporting and Extract_FIMReporting).

Anyone else seen this? Do I need to re-run the install to get them in place or is there another option?

Many thanks in advance for any guidance!

I have installed MIM Sync 4.3.2195.0. It was a fresh install and not an upgrade.

When trying to do a manual join I get the following error:

"Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.DirectoryServices.MetadirectoryServices.UI.PropertySheetBase.MMSErrorMessages.resources" was correctly embedded or linked into assembly "PropertySheetBase" at compile time, or that all the satellite assemblies required are loadable and fully signed."

After clicking OK I can see the error details which are as follows:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentNullException: Value cannot be null.
Parameter name: value
   at System.String.IndexOf(String value, Int32 startIndex, Int32 count, StringComparison comparisonType)
   at System.String.IndexOf(String value, StringComparison comparisonType)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSErrors.AdjustErrorTextForExtensionException(String& sErrorString)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.AccountJoiner.AccountJoinerControl.Join()
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
miisclient
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/miisclient.exe
----------------------------------------
PropertySheetBase
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/PropertySheetBase.DLL
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34251 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34238 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
UiUtils
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/UiUtils.DLL
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34234 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
MmsServerRCW
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MmsServerRCW.DLL
----------------------------------------
System.ServiceProcess
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
----------------------------------------
Operations
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Operations.DLL
----------------------------------------
GroupListView
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/GroupListView.DLL
----------------------------------------
MaExecution
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MaExecution.DLL
----------------------------------------
AccountJoiner
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/AccountJoiner.DLL
----------------------------------------
mmsuihlp
    Assembly Version: 0.0.0.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/mmsuihlp.DLL
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
ObjectLauncher
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectLauncher.DLL
----------------------------------------
ObjectViewers
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectViewers.DLL
----------------------------------------
Preview
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Preview.DLL
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

http://www.wapshere.com/missmiis

Hello All,

I was doing a fresh insatllation of MIM 2016, but facing issues with the group creation. 

Please see the screen shot below and help!!

Regards,

SUman