Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

"stopped-server" on FIMMA Export

January 26, 2011, 12:51 am
$
0
0

Hi there... so i'm stuck again :)

I'm getting a Stopped-Server when exporting to the FIMMA. I have no problems with other MA's and no issues with Import from the FIMMA. I can update objects through the portal.

The error in the eventvwr isn't really helpfull;

Log Name:      Application
Source:        FIMSynchronizationService
Date:          26-01-2011 06:57:54
Event ID:      6056
Task Category: Management Agent Run Profile
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FIMServer.domail.local
Description:
The management agent "FIMMA" failed on run profile "Export" because the server encountered errors.

Does anyone have an idea to what might be wrong or how to get a more helpfull log?

Full Sync and Service Restarts has been done all around.

/Frederik Leed
Search

Azure Active Directory Connector - completed-no-objects

March 17, 2015, 1:43 pm
$
0
0

I am trying to pull data out of Azure AD using the FIM Azure Connector.

I have:

  • Installed the Beta Microsoft Online Sign-In Assistant (7.250.4551.0)
  • I am using FIM Sync version 4.1.3508.0
  • Installed the Azure AD connector (1.0.6635.69)
  • Granted permissions to the MSOLCoExistence registry key
  • Activated Directory Sync under Directory Integration in the Azure portal
  • Created an Azure management agent in the Sync engine (specified the credentials, object types, attributes, etc.)
  • Created a Full Import run profile
  • Ran the Full Import

When I did all of this I got a successful run of the management agent with a status of completed-no-objects. (And of course I don't get any imported records.)

If I look in the event logs, I see an info message from the "Directory Synchronization" that looks like:

Import::Iteration: 1, Current batch size: 0, Imported total: 0, More: False,TrackingId: d2f02eac-0186-471b-ab49-cbcf85ace0ef, SyncCookie: ...

So it appears that it is talking to Azure.

Any suggestions as to what I am missing? My Azure AD has three records in it (the subscription account, the global admin user that I set up for the connector, and a basic test user), and none of these records came down on the Full Import run.

Edit: Of course after posting this question I found this thread, which asks a similar question. No idea why it came up as a related thread, and not in my initial search. Anyway my need is to pull down Azure accounts that have no on-premises representation. Is this possible?

Thanks

Rex




MIM CM - Smart card disabled but user can still login

November 11, 2016, 9:16 am
$
0
0

Hello, I have a Gemalto smart card, that according to the MIM CM portal, is disabled and the certificate revoked (see screen print).  However, we are still able to logon to numerous network attached Windows 7 workstations with the card.  This is obviously not the expected behavior since the card is disabled and the certificate revoked. 

Is there some type of pause between when MIM disables the card vs. when the CA (AD CS) sees that the cert is revoked.  If there is a pause, how can we reduce this time to make it immediate?  The bottom line is that we want to disable the card and immediately prevent the user from being able to logon with it.  


Accessing the origin DN from an MVEntry object

November 11, 2016, 8:20 am
$
0
0

Hope this is the right alias...

I'm trying to figure out the DN of where an object originates from within my extension and can't seem to find public access. Looking at the object in QuickWatch, I can see it in:

((Microsoft.MetadirectoryServices.Impl.ReadOnlyConnectorServices)((Microsoft.MetadirectoryServices.Impl.BaseMVServices)((Microsoft.MetadirectoryServices.Impl.MVEntryImpl)mventry).m_ProvisionerServices).m_rgConnectorServices[0]).m_pstrOriginalDN

Example value: OU=Domain Controllers,DC=ContosoRead,DC=com

However, because it is "Non-public" I am not access it.

Anyone have any idea?

Thank you,

David

David Downing

Determining if a VMEntry is a built in object

November 13, 2016, 10:15 am
$
0
0

When my extension is being called, is it possible to determine if the object represents a built in object?

"Domain Admins" for example

Thank you,

David

David Downing


Synchronizing an update request

November 14, 2016, 1:03 pm
$
0
0

I'm trying to update a user/person where the initials have changed however the changes never sync. In addition, my initial sync doesn't persist all the user/person attributes. I found a reference to "CreateOnlineUpdateContentChangeRequest", however I can't seem to find the CLMUtils.dll for a reference.

Can someone shed some light on how updates are implemented?

Thank you,

David

David Downing

Attribute modification Issue

July 2, 2015, 9:27 am
$
0
0
There's an issue on Generic LDAP Connector when it tries to modify a single-valued  OpenLDAP attribute. Hence, the error 'ExportErrorCustomContinueRun' is being show on FIM Synchronization LDAP export when it does that.

I have troubleshooted and confirmed the connector has delted the attribute and re-added it again. however, since we're using LDAP protocol, it should modify both attributes in a single call.

For some reason, the connector is not doing that. it firstly runs the 'add' attribute, then it runs the 'delete' attribute. When adding the a single-valued attribute that already exists, LDAP protocol returns error 20.

Further details on the screenshots below.




MIM 2016 SP1 Add-ins and Extensions installation error with Outlook (Office 2016 Pro Plus)

November 16, 2016, 11:33 am
$
0
0

I'm working with MIM 2016 SP1, testing out the Exchange Online support for the MIM Service account.  I'm trying to install the MIM Add-ins and Extensions on a Windows 10 Enterprise (Anniversary) client that has Office 2016 Pro Plus installed on it.

During the installation, I get the error "Microsoft Forms/Smart Tags .Net Programmability Support or RegAsm.exe" when running the installer.  With the MSI version of Office, I could have added that support to Outlook through the Change installation option in Programs and Features, but with Office Pro Plus, that is not an option.

Any suggestions on how to get this working?

Thanks,

Marc

Marc Mac Donell, VP Identity and Access Solutions, Avaleris Inc.
http://www.avaleris.com

Search

Powershell Management Agent (Soren Granfeldt), missing anchor component on export

June 7, 2016, 2:18 am
$
0
0

Hi All,

I am using the Powershell MA from Soren to provision users to Skype for Business through a webservice. (Using the version currently available on the psma.codeplex.com website). Also I am using the FIM 2010 R2 Sp1 version (build 4.1.3721.0).

The web service is a REST web service.

I only have to export users to this web service, I do not have to import any users from this MA.

I have therefore created a schema.ps1 file, with an anchor and the fields required by the webservice.

The other files import.ps1 and password.ps1 are empty.

I am doing Delta exports or PSCustomObjects (Simple objects). When I export the user they are correctly sent to the webservice. (I see adds in my console). However I also receive a missing-anchor-component from the MA. 

I a sending back the info from the web service in a hash table however the anchor is not provisioned and I am unclear on how to set it.

The web service provisions an SQL database. And the anchor of my schema is set to an auto-incremented field in the SQL database.

Thanks for you help.

Sylvan

Display new value and old value for a changed attribute

November 7, 2016, 12:07 pm
$
0
0

Hi,

i need to implement a workflow of notification, to be sent when an attribute change the value. i need to display the old value and the new value. i did these steps:

1. create a new mail Template

2. create a workflow of notification as below: use the mail Template to be sent to a specific adress

3. create an MPR as below:

- Requestors : all objects

-Operation : modify a single valued attribute

-target resources: all people

- resource attribute:  select specific attribute

then, select the created workflow.

When the attribute selected is changed, i receive the notification, but it shows only the new value ? how can i do to have the old value too?

Regards.

Calling all FIM Gurus. November readers need feeding!

November 4, 2016, 8:39 am
$
0
0

An influential teacher, or popular expert

Oh mighty reader, we need your enlightenment! Only YOU can show us… the TRUE WAY to code!

Win the dedication and adoration of generations to come, by giving something back to those less awesome.

Show your technical prowess, and divine knowledge of your craft.

Teach us good code from bad. Show us the way (or the work-around)

We can offer you the very best platform that you need to preach these good words.

Join us and lead this technical community in a whole new way, into a brighter future!

Become a TechNet Guru and you may find your own life also significantly enriched!

Win awards, interviews, invites, reviews, medals, friends, recognition points, high fives, hugs, smiles, and so much more!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day’s work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations to TechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you’ve contributed)

3) Every month, we will highlight your contributions, and select a “Guru of the Month” in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once “on our radar” and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards.

Thanks,

If my reply is helpful please mark as Answer or vote asHelpful.

My blog | Twitter | LinkedIn

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Upgrading FIM to MIM on a new server

November 17, 2016, 8:32 am
$
0
0

Hi,

I'm upgrading a FIM environment on Server 2008 to a new MIM environment on 2012.

I've installed MIM SP1 on the new 2012 server and copied the FIM database up to the new SQL server. It was my hope that I could re-run the MIM installation in either "change" or "repair" mode to update the database but the installation returns an error that the database version isn't the one that it was expecting.

The only workarounds I found were:

1. Uninstall MIM and re-install completely against the FIM database.

2. Update the database version in the fim.Version table to allow the "change" installation to proceed. (This is probably unsupported and I'm not sure if it would do all of the DB updates that MIM needs, but the portal and sync seem to be fine.)

3. Haven't tried this yet, but I could upgrade the FIM environment to MIM and then move the databases over. (Though the client is a little cagey about this approach.)

Is there a better approach that I am overlooking?

Thank you for any ideas.

Recreating a schema attribute with the same name and different data type breaks Reporting

November 17, 2016, 12:59 pm
$
0
0

When I get some time i'll try and validate this. But my concern is that in the MIM Portal Schema -> creating an attribute, using it, then deleting the attribute, and creating one with the same name (different data type) breaks the MIM Reporting on SCSM.

You might ask, "why the hell would you do this?" My answer is, when trying to use said attribute "AccountExtension" in DEV as a String data type, doesn't bode well with RCDC that use integer like values in their UoCDropDownList options E.g. :

  <my:Control my:Name="AccountExtension" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=AccountExtension.DisplayName}" my:Description="{Binding Source=schema, Path=AccountExtension.Description}"  my:RightsLevel="{Binding Source=rights, Path=AccountExtension}">
        <my:Options>
          <my:Option my:Value="7" my:Caption="1 week" my:Hint="7 days"/>
          <my:Option my:Value="14" my:Caption="2 weeks" my:Hint="14 days"/>
          <my:Option my:Value="21" my:Caption="3 weeks" my:Hint="21 days"/>
          <my:Option my:Value="30" my:Caption="1 month" my:Hint="30 days"/>
          <my:Option my:Value="60" my:Caption="2 months" my:Hint="60 days"/>
          <my:Option my:Value="90" my:Caption="3 months" my:Hint="90 days"/>
        </my:Options>
        <my:Properties>
          <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=AccountExtension.Required}"/>
          <my:Property my:Name="ValuePath" my:Value="Value"/>
          <my:Property my:Name="CaptionPath" my:Value="Caption"/>
          <my:Property my:Name="HintPath" my:Value="Hint"/>
          <my:Property my:Name="ItemSource" my:Value="Custom"/>
          <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=AccountExtension, Mode=TwoWay}"/>
        </my:Properties>
      </my:Control>

When having this defined for a string data type for AccountExtension, it breaks the UocDropDownList behavior and gives unexpected results (like summary table showing a deletion when it's actually being set, and values not being translated to their corresponding captions)

Therefore I deleted the attribute and turned it into an integer data type with the same name. Now my RCDC works, but Reporting broke.

Lync provision using the Granfeldt PowerShell MA

October 24, 2016, 6:56 am
$
0
0

Hello!

I'm trying to enable Lync services for my users using this guide:

https://blog.kloud.com.au/2016/01/28/provisioning-users-for-lync-skype-for-business-with-fim-mim-using-the-granfeldt-powershell-management-agent/

As I understand enablement of Lync services is processed when we are run "Export" for PS MA.

But when I start export - nothing happens.

Can anybody say where can be a problem?

Thanks!

1

SQL deadlocks after upgrading to MIM 2016

June 16, 2016, 8:42 am
$
0
0

I've upgraded my development FIM 2010 R2 environment to MIM 2016 (4.3.2195) on new virtual servers (same underlying hardware).  The OS is Server 2012 R2 and SQL is 2014 Standard (12.0.4213.0). I'm getting hundreds of failed-modification-via-web-services errors when exporting to the FIM connector which look to be due to deadlocks:

Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&amp;gt; System.Data.SqlClient.SqlException: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1205, Level 13, State 51, Procedure GenerateRequestOutput, Line 1148, Message: Transaction (Process ID 110) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
   at System.Data.SqlClient.SqlConnection.OnError

I've worked with my DBA and we've tweaked a few things on the SQL side (including adding RAM and moving disk to new SAN storage), but it doesn't seem to have helped much at all.  My FIM 2010 setup seemed to handle largish volumes of updates like this (3000+) relatively error-free.  I'm hesitant to upgrade my production environment without resolving this, since that volume of change does occur there periodically as well.  Is there tuning I can do to reduce or eliminate this problem?  What additional information about my setup would be helpful?  Most of the person updates that are failing look to be minor and not really different from those that appear to be succeeding.

-Robert
UW-River Falls

Search

Self Service Apps

November 19, 2016, 3:15 pm
$
0
0

Is Microsoft creating its own self service app (for reset and unlock AD accounts),  for mobile devices? or maybe it already exists?    I found many companies providing self services, but I wonder if there is any official app from Microsoft.     I found specifically a tool called call2unlock  (www.call2unlock.com)   that makes everything using a IVR, phones and SMS.  But you have to have a PBX in your company  (I know most companies have PBX), but in my particular case we don't.

Thanks

Seth Bochini

Systems Administrator

Import filter

November 19, 2016, 1:59 pm
$
0
0

Hi,

We are using FIM 2010 to sync several sources into a single AD. One of these sources is a Oracle DSEE (ie IPlanet Server).

We want to only import and sync selected entries in a important tree. Importing all of the DSEE directory is using a lot of time and CPU/Memoy/Disk. So we want to only import entries which could be selected with a simple filter.

On 15000 entries, only 500 are usable.

We trying to use the connector filter in the MA configuration but it seems to only filter entries on the sync step.

How could we IMPORT only the good entries ?

BR,

Emmanuel IT

Delta import with DSEE

November 20, 2016, 1:14 pm
$
0
0

Hi,


When trying to use the delta import feature with a DSEE (IPlanet/Sun Directory Server), we always get the error "no-start-full-import-required".

"ChangeLog enabled" is set to true, which should indicate that that changelog diff detection should work.

What could be wrong ?

BR,

Emmanuel IT

Customizing the MIM add-ins and extension?

November 20, 2016, 3:57 pm
$
0
0

Hi,

We know there is a way to customise the branding and titles in the SSPR registration and reset IIS portals.

But is there a way to customise the branding and titles in the actual MIM SSPR add-ins and extension client?

Thanks,

SK

MIM add-ins and extension client Ports?

November 20, 2016, 5:40 pm
$
0
0

Hi,

We are deploying the MIM add-ins and extension SSPR client and our URLs are running on HTTPS.

So do we only need to ensure that TCP:443 is open between the client workstations and the SSPR Registration and Reset Portals?

Thank you,

SK

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>