Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

Window Azure Connector Group memership sync to office 365

December 13, 2016, 9:28 pm
$
0
0

Hi All,

I could see the group membership in connector space of Management Agent window Azure and there are no errors in export, howerver in office 365 they are not exported. I tried to re-sync the group membership still the export of group membership are not happening.

Check all the user are present in connector and in office 365 and till connector space of Window Azure Management Agent all is fine, but i could not figure it out why the export of  group membership are not happening tooffice 365.

Please let me know, if anyone have come across this and help me for the fix.

Regards,
Anirban Singha


Search

//WorkflowData/referenceobject in approval workflow - "Could not resolve any of the defined.."

December 14, 2016, 2:22 am
$
0
0

Anyone see any reason why the below would not work? If i set destination: //Target/CustomReferenceAttribute, the attribute get's updated with correct value. It is as if the built in approval workflow cannot use //WorkflowData/referenceobject as input object?

Workflow:

Error message:

/Frederik Leed

MIM 2016 Sync Installation

December 14, 2016, 2:00 am
$
0
0

Hello All,

Need Help!

We are upgrading to MIM sync 2016 in our environment. We have a database deployed in a clustered environment on SQL Server SP1

Problem is while installating MIM sync service , the moment i provide server name and instance name it gives an attached error.

The port configured as per the SQL team is 52608 and not the default one 1433/1434 for the DB connection.

As MIM 2016 is by default use the port 1433/1434, then how can i proceed my instllation.

Please Suggest.

Regards,

Suman

MIM error on manual Join

June 16, 2016, 5:38 pm
$
0
0

I have installed MIM Sync 4.3.2195.0. It was a fresh install and not an upgrade.

When trying to do a manual join I get the following error:

"Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.DirectoryServices.MetadirectoryServices.UI.PropertySheetBase.MMSErrorMessages.resources" was correctly embedded or linked into assembly "PropertySheetBase" at compile time, or that all the satellite assemblies required are loadable and fully signed."

After clicking OK I can see the error details which are as follows:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentNullException: Value cannot be null.
Parameter name: value
   at System.String.IndexOf(String value, Int32 startIndex, Int32 count, StringComparison comparisonType)
   at System.String.IndexOf(String value, StringComparison comparisonType)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSErrors.AdjustErrorTextForExtensionException(String& sErrorString)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.AccountJoiner.AccountJoinerControl.Join()
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
miisclient
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/miisclient.exe
----------------------------------------
PropertySheetBase
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/PropertySheetBase.DLL
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34251 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34238 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
UiUtils
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/UiUtils.DLL
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34234 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
MmsServerRCW
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MmsServerRCW.DLL
----------------------------------------
System.ServiceProcess
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
----------------------------------------
Operations
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Operations.DLL
----------------------------------------
GroupListView
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/GroupListView.DLL
----------------------------------------
MaExecution
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MaExecution.DLL
----------------------------------------
AccountJoiner
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/AccountJoiner.DLL
----------------------------------------
mmsuihlp
    Assembly Version: 0.0.0.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/mmsuihlp.DLL
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
ObjectLauncher
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectLauncher.DLL
----------------------------------------
ObjectViewers
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectViewers.DLL
----------------------------------------
Preview
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Preview.DLL
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

http://www.wapshere.com/missmiis

Set AD attribute for Supervisor

December 14, 2016, 2:32 pm
$
0
0

Hi Everyone,

is there a way to create a "supervisor" attribute on a User object in AD? 

I know the manager attribute exists, but I have a need to query user's supervisor.

Best Regards,

Happy Christmas.

Michael Walsh.

mwalshe

MIM 2016 and SharePoint 2016

December 15, 2016, 5:56 pm
$
0
0

Hi,

SharePoint 2016 no longer has a 'Foundation' version, so:

- is there a deployment guide for MIM 2016 SP1 and SharePoint 2016?

- which SPS 2016 version do we deploy?

- how is the SPS 2016 licensing handled now?

Cheers,

SK

Initial password Communication problem

December 6, 2016, 6:47 am
$
0
0

Hello!

I'm trying to automate Initial Password Communication with email.

I have a working process of user provision to AD, but can't do it with this instruction:

http://social.technet.microsoft.com/wiki/contents/articles/2121.fim-how-to-use-workflows-to-automate-the-calculation-and-notification-of-initial-passwords.aspx

This video have the same instruction. One difference is the order of activities in workflow, but I think that this is not a reason.

https://technet.microsoft.com/en-us/video/automate-the-calculation-and-notification-of-initial-passwords-with-fim-2010.aspx

Correctly I understand that:

1. Email is generating when user is provisioned to AD (AD MA Export run profile) ?

2. I don't need a MPR to achieve this goal?

 

 

So, what I have:

1.AD User Outbound Sync rule

2.Workflow parameters

3.Outbound Attribute Flow

4.Action Workflow with 3 activities

5.Password Generation Function

6.Adding target resource to Sync Rule

7.Email Notification

 

Main problem what users are created in AD in disabled state, because of they don't get passwords. When I trying to enable them I get error that users can't be enables, because password doesn't meet password policy.

 

Can anybody say where can be a problem?

Any help very appreciated.

Thanks!

 

1

MIM Server Sync to several AD`S that don`t have trust or relationship

December 16, 2016, 8:31 am
$
0
0

Hello,

I have one main Domain (Domain A) that has several OU`S, each OU belong to a company, I can sync the users to the MIM Server from this Domain A, but I am trying to synchronize the MIM with others domain, but I don`t get any response from the management agent, I was also trying to get the logs, but when I had the lines to activate the logs in the file "miiserver.exe.config", I start to get errors in the MIMMA.

The propose of this, is to be able to do a reset and a password registration, through the MIM Portal, in all the domains.

The Main Domain only export the users to the MIM Server and the MIM Server should export the users to the correspondent  OU/Domain, and the password synchronization can be done through MIM.

I have a SR, Workflow a MPR for the Outbound Sync, at the moment I am just trying to sync something not even appying filters.

PS. I Believe the problem could be that I want to synchronize one user from one domain to another, but I only need the atribute accountName for this sync.

Thank you very much for the help.

MN

Search

No Admin password was set when win10 upgraded by download from microsoft.

December 16, 2016, 1:05 pm
$
0
0
now I need to act as administrator and it wont let me. Keeps asking fro administrator id and password.

Customize Azure AD Connector

December 10, 2016, 1:32 am
$
0
0

Hello Friends,

I am in a process where our management wants to migrate all FIM Management Agents to Azure AD Connector. Is it possible to customize all FIM MA to AzureAD Connector ? If yes, can any one please guide me or share any documentation would be appreciated and really helpful to me.

Currently we have ADMA, SQLMA, Lotus Notes MA, Azure MA (DirSync) and Azure License MA (Powershell ) 

Thanks & Regards,

Pramod Chandra Das | IND

With Best Regards, Pramod Chandra Das

Access MA name in password exstention code

November 9, 2016, 5:49 am
$
0
0

I have several MA's that need to call the same password exstention code. In the exstention code I want to determine which MA is calling. When I try to access csentry.MA.Name I get "system.invalidoperationexception: MA property not supported"

Is it possible to determine the MA name that is calling the code.


MIM 2016 (SP1) and custom Google MA:s

November 6, 2016, 11:48 pm
$
0
0

Hi

There are lots of custom Management Agents for Google services. Does any of those supports MIM 2016 (SP1)?

Recreating a schema attribute with the same name and different data type breaks Reporting

November 17, 2016, 12:59 pm
$
0
0

When I get some time i'll try and validate this. But my concern is that in the MIM Portal Schema -> creating an attribute, using it, then deleting the attribute, and creating one with the same name (different data type) breaks the MIM Reporting on SCSM.

You might ask, "why the hell would you do this?" My answer is, when trying to use said attribute "AccountExtension" in DEV as a String data type, doesn't bode well with RCDC that use integer like values in their UoCDropDownList options E.g. :

  <my:Control my:Name="AccountExtension" my:TypeName="UocDropDownList" my:Caption="{Binding Source=schema, Path=AccountExtension.DisplayName}" my:Description="{Binding Source=schema, Path=AccountExtension.Description}"  my:RightsLevel="{Binding Source=rights, Path=AccountExtension}">
        <my:Options>
          <my:Option my:Value="7" my:Caption="1 week" my:Hint="7 days"/>
          <my:Option my:Value="14" my:Caption="2 weeks" my:Hint="14 days"/>
          <my:Option my:Value="21" my:Caption="3 weeks" my:Hint="21 days"/>
          <my:Option my:Value="30" my:Caption="1 month" my:Hint="30 days"/>
          <my:Option my:Value="60" my:Caption="2 months" my:Hint="60 days"/>
          <my:Option my:Value="90" my:Caption="3 months" my:Hint="90 days"/>
        </my:Options>
        <my:Properties>
          <my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=AccountExtension.Required}"/>
          <my:Property my:Name="ValuePath" my:Value="Value"/>
          <my:Property my:Name="CaptionPath" my:Value="Caption"/>
          <my:Property my:Name="HintPath" my:Value="Hint"/>
          <my:Property my:Name="ItemSource" my:Value="Custom"/>
          <my:Property my:Name="SelectedValue" my:Value="{Binding Source=object, Path=AccountExtension, Mode=TwoWay}"/>
        </my:Properties>
      </my:Control>

When having this defined for a string data type for AccountExtension, it breaks the UocDropDownList behavior and gives unexpected results (like summary table showing a deletion when it's actually being set, and values not being translated to their corresponding captions)

Therefore I deleted the attribute and turned it into an integer data type with the same name. Now my RCDC works, but Reporting broke.

MIM SSPR wrong error message

November 20, 2016, 7:39 pm
$
0
0

Hi,

We have deployed the default out of the box MIM 2016 SSPR solution.

When registering for SSPR, if a user types in a " " (i.e. space) for an answer, MIM does not respond with the expected error message of "your answer must be 4 characters or more".

Instead, MIM responds with the following wrong error message:

The password that you entered is incorrect.You must enter the correct password in order to register for Password Reset. (Error 3006)

Is this a MIM bug?

I know we can modify the 3000 message, but this clearly is the wrong error message being called by MIM. Also, I don't want to customise this error message, as it may give me the wrong message for another issue.

Any advise?

thank you,

sk



Delta import with DSEE

November 20, 2016, 1:14 pm
$
0
0

Hi,


When trying to use the delta import feature with a DSEE (IPlanet/Sun Directory Server), we always get the error "no-start-full-import-required".

"ChangeLog enabled" is set to true, which should indicate that that changelog diff detection should work.

What could be wrong ?

BR,

Emmanuel IT

Search

Users Bulk Load into FIM best approaches

November 22, 2016, 4:15 pm
$
0
0

Hi,

We have a requirement of Loading users into FIM using .CSV files. Currently we have implemented using FIM Sync. Below are the MA s we used to Export the users to FIM and then to FIM Sync.

SQL MA

FIM MA

ADDS Ma

We are looking into areas of improvising with respect to performance. What can be better approach for Bulk Load of users into FIM? Can we use FIM Client/FIM API instead of FIM Sync? Please Suggest.

Thanks

Prasanthi.

Cannot run any management agent after MIM 2016 SP1 upgrade

December 9, 2016, 3:56 am
$
0
0

i have recently upgraded a FIM 2010 R2 installation to MIM 2010 SP1. The upgrade setup for FIM sync, service and portal went fine. however, after that i cannot run any management agent profile. 

As soon as i choose a run profile, the error "unable to run the management agent" appears with no additional information or error log in event viewer. 

i tried to create a new management agent for FIMMA and run it, it ran succesfully with no problem. however my concern is that if i will create new management agents for the others, i will break the sync rule attribute flow. 

anyone faced this before?

MM

MIM 2016 upgrade to SP1 date format is switched to M/d/YYYY - why??

October 25, 2016, 11:06 pm
$
0
0

After the successful(?) upgrade of our MIM 2016 system to SP1 (build 4.4.1237.0) when I start checking the system, I notice that all dates are now in M/d/YYYY (US style) format. Before the upgrade they were according to the local (UK) settings i.e. dd/mm/yyyyy

MIM was upgraded to SP1 on same server no server settings changed, just MIM software.

I check that the Timezone used by Portal is still GMT as before upgrade. The dates and times are "correct" just displayed "wrongly".

This seems to affect at least the RCDC user edit form and the Search Request form, possibly all MIM forms.

How can I force MIM to display dates in local format?

sync engine update workflow

December 19, 2016, 1:24 pm
$
0
0

An Action workflow is triggered when engine updates last name.   The action workflow checks for a condition which is always returned false. Not sure what I am doing wrong. Please help.  

MPR - sync engine updates lastname, call the action workflow.

workflow -If old lastname is equal to professionalname, update new lastname to professional name. If its not equal, dont do anything.

IIF(Eq([//Target/LastName],[//Target/ProfLastName]),[//Delta/LastName], Null())

Allow Null is not checked.

Thanks in advnce.

MIM 2016 Password Synchronization

December 19, 2016, 11:22 pm
$
0
0

Hi,

Currently we have three forests (A, B and C). We are in the middle of Active Directory Migration and Forest C is our centralized AD where all of the accounts will be placed. MIM server joined to Forest C. We enabled password synchronization from Forest A->C and B->C. Everything is working.

Then we enabled password synchronization from C->A and C-B.

C->A is working. Password changes can be synced over successfully. But C->B is some how not working.

We are using MA account which is member of domain admin and have full access on OU and accounts. There is no firewall between Forest C and Forest B.

Here is the error that we are getting.

Could you advice us what need to be checked?

Cheer.

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>