Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

MIMWAL - Find workflows with Iterations

August 18, 2019, 7:02 am
$
0
0
Hi,
I would like to know how can I find in my sustem every workflows that have a specific activity type.
In my concrete case I need to find every workflow having an "update resource" activity with "iteration" processing.

Thanks,
DD 
Search

Delta Syncs - DO NOT BRING THE DELTA's in the Metaverse - Hence Not triggering Provisioning code

August 25, 2019, 7:31 pm
$
0
0

Delta Syncs do Not update the changed values ??

I did a Delta Imports and I can see there are two changes.

Then I did a DS : it DOSE NOT update the metaverse and does not fire the Provisioning code

But Full Sync Does...

Suggestions please.

Its vital to fire Provisioning code during delta Syncs.


FIM Delta Import/Delta Sync not syncing attribute to Metaverse

August 7, 2013, 9:33 am
$
0
0

Feel free to offer better ways to accomplish this task.

Single metaverse; mv_person

3 MAs:

- DIDS from SQL

imports cs:userPrincipalName -> mv:userPrincipalName

- Export & DIDS to o365,

exports mv:userPrincipalName -> cs:userPrincipalName

imports cs:userPrincipalName -> mv:audit_userPrincipalName

- Export to SQL audit

exports mv:audit_userPrincipalName -> cs:audit_userPrincipalName

Data flows from SQL source to o365 perfectly. o365 delta import sees the data change but does not sync the data to the metaverse. Generating a full preview works as expected. From everything I've read, I would expect a DI DS to change the data in the metaverse? 

Running a full sync catches the change and things flow as expected.

recover hotmail account

August 26, 2019, 4:34 pm
$
0
0
i lost connecting to my hotmail account .. tried enter the password a lot of time until the account suspend ... tried the recovery form to get it back but unfortunately i wasn't so specific when establishing the account , actually my father who did enter the data for me , he didn't write accurate information about my birthday for example , he chose randomly .... that was 6 years ago ... and i used this account to sign in with facebook and instagram ... now i accidentally logged out of the instagram account and can't get access back because i don't have access to the hotmail account .... what to do ?

Very large FIMSynchronizationService database - any way to shrink?

August 7, 2012, 4:47 am
$
0
0

I'm currently working with an instance of FIM where the FIMSynchronizationService database has grown to >200Gb and occupied all available disk space so that the sync service will no longer run. The reasons why this occurred are still being investigated but in the meantime I need to get this database down to a reasonable size so that I can restore at least some functionality. I can't simply perform a shrink operation because SQL Manager reports 0Mb free space in the database itself. The transaction log is much smaller (about the expected size).

Short of detaching the database, moving it to a different/new partition and re-attaching (which will be difficult in the specific context) or reinstalling the sync service, are there any T-SQL commands that might help to free up some space so that a shrink operation will work? PowerShell?

All suggestions appreciated!

Keep Existing MIM Connections to Other Systems and Remove AD User Provisioning

August 27, 2019, 11:38 am
$
0
0

Our company is moving to a new Identity Management System which will eventually replace MIM.  It has been proposed to migrate in a phased approach starting with pulling Active Directory user provisioning out of MIM and doing the provisioning with the new Identity Management System.

Is this possible without affecting the current MIM environment?  What are the possible issues that could occur by provisioning AD users outside of MIM?

FIM Sync Security groups to provide access to Metaverse search

August 27, 2019, 10:18 pm
$
0
0

Hi,

I need to allow L1 support team to have only Metaverse search tab enabled to search object in Metaverse.

When we add users to FIMSyncJoiners group user will have access to joiner and Metaverse search but I don't want user to have joiner tab access. Is there a way by which we can restrict joiner access and provide only metaverse search tab access.

Thanks in Advance

Fetching the enabled attribute with ADObject.

August 28, 2019, 1:02 pm
$
0
0

Enabled attribute only lies in the AD User Object class as it falls under 'user account control' . I have a query that needs to fetch all the members of the AD group consisting of AD User as well as AD Groups (a group is a member of another group). So, to list all the members I have to get the attributes using Get-ADObject command so what I am doing is this:

Get-ADObject -Filter {ObjectGUID -eq '16e76214-6306-4359-9dde-91c9d98accc8'} -Properties *| Select Name, Enabled, useraccountcontrol

What I want is if the Enabled is present in the attributes it should give either True/False value and if it is a group it should be Null as there is no 'Enabled' attribute. Instead I am getting some weird number which I found out to be a code for the account status and whether the password is expires or never expires. Like 512, 66050

I just want to get member name & enabled value. In every case enabled is coming blank.

Search

AD group membership : How to populate "memberOf" attribute for a user in AD

August 13, 2012, 7:03 am
$
0
0

Hi,

I am using Out of the box Active Directory MA. Users are being created in AD. How to add the users groupmembership using FIM.

Any clues on this.

Regards

Sai

MIM - remove a specific character during import

August 6, 2019, 4:15 am
$
0
0

I have a management agent for SQL that runs just fine, it can import value from my SQL server and store it on the metaverse.

My problem is the string from the SQL server contains a single quote (') , I wonder if there's a way I can remove that single quote during import to metaverse

e.g. value from SQL server is :

'12345'

what i want to keep in the metaverse is only like this:

12345
any ideas will be very much appreciated.. thanks in advance

The server encountered an unexpected error in the synchronization engine:

August 29, 2019, 8:46 am
$
0
0

Hi,

In one of the MIM server, I see below error in application logs. Does anyone know whats the resolution for this ?

The server encountered an unexpected error in the synchronization engine:

BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\shared\entry\tower.cpp(3989): 0x80004005 (Unspecified error) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\shared\entry\tower.cpp(12133): 0x80004005 (Unspecified error) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sqlstore\csobj.cpp(1833): 0x80004005 (Unspecified error) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sync\expcall.cpp(905): 0x80004005 (Unspecified error) 
ERR_: MMS(8132): d:\bt\30017\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {1AC10E43-196A-E311-8F38-0050569E0CF1} with 0x80004005 (pass 1 of 5)

Do you want to be acknowledged as Microsoft Forefront Identity Manager Guru? Submit your work to Sep 2019 competition!

September 1, 2019, 10:37 am
$
0
0


What is TechNet Guru Competition?

Each month Microsoft TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated official post, a tweet fromMicrosoft Wiki Ninjas Twitter account, links will be published atMicrosoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in Sep 2019 and must be in English. However, the original blog or forum content can be from beforeSep 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discuss advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but HIGHLY Recommended) Add a link to your article at the TechNetWiki group on Facebook to get feedback and tips from the council members and from the community. The group is very active and people love to help. You can even get direct improvements to your article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from Ronen Ariely.

Thanks & Regards,
Kamlesh | Blog | Twitter | Posting is provided "AS IS" with no warranties, and confers no rights.

extension-unexpected-attribute-value error during deltasync of two MA's

September 2, 2019, 2:12 am
$
0
0

Hi ,

I have a MIM server where I saw the below error.

Event ID :1000

Event Description: Faulting application name: miiserver.exe, version: 4.1.3733.0, time stamp: 0x56edbcbe
Faulting module name: clr.dll, version: 4.7.3416.0, time stamp: 0x5cabfc63
Exception code: 0xc0000005
Fault offset: 0x00000000005dfeb0
Faulting process id: 0x1548
Faulting application start time: 0x01d55fccc169d656
Faulting application path: D:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: ce0ad3c2-cbcb-11e1-b44b-0050521117ee

Upon checking the issue I found ADMA and another MA  which runs after ADMA,throws error "extension-unexpected-attribute-value" during sync.And stack trace shows below error.

Synchrozization Step : Provisioning

Extension Name : MV Router.dll

Microsoft.MetadirectoryServices.UnexpectedDataException: IMVSynchronization.Provision Management Agent:SMBX XYZ ADMA:XYZAD_MVExtension:RenameSMBXGroupInAD: MV Object Type: SMBXGroup: Provision Exception: An object with DN "CN=MESG_SMBR_PDL,OU=XYZStaticMailSecGroups,OU=XYZMailEnabledSecGroups,OU=XYZStaticDistGroups,OU=XYZDistributionGroups,OU=XYZGroups,OU=XYZ,DC=XYZ,DC=NET" already exists in management agent "SMBX XYZ ADMA".
   at Mms_Metaverse.MVExtensionObject.RenameSMBXGroupInAD(MVEntry mv, ConnectedMA SyncMA)
   at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry)
   at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in C:\Users\DS013289071-3@XYZqa.net\Documents\Visual Studio 2010\Projects\SMBX25\MVRouter\MVRouter.cs:line 204

Can anyone help me here to understand what the issue is and how this can be fixed ?



Custom Error message for "ambiguous-import-flow-from-multiple-connectors"

September 2, 2019, 6:55 am
$
0
0

Hi Guys,

I have a HR MA with multiple joins before project.

sometimes I get "ambiguous-import-flow-from-multiple-connectors" on Delta or Full sync in this MA.

I don't want for the moment fix this issue automatically but just customize the error message and get more info about the multiple connectors.

is-it possible to do that and if Yes can someone give me an example ?

FYI, I am using a Rule extension for the join .

SharePoint Site Collection Not Loading

September 2, 2019, 6:54 pm
$
0
0

I'm installing the FIM Portal and following the guide here https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-deploy

I'm up to the SharePoint configuration so haven't even installed the portal yet. This is the page I'm up to https://docs.microsoft.com/en-us/microsoft-identity-manager/prepare-server-sharepoint. I've completed all of the steps on the page and all the scripts executed successfully. I can see the web application and default '/' site collection when I navigate SharePoint Central Admin but when I navigate to my URL (the one that's shown as the web app and that was scripted), I get a 404 as if there's nothing there. I've installed the MIM Portal quite a few times and this step has always just worked. What could be the problem? I'm not that well versed in SharePoint.

Search

Need some help planning a new MIM environment.

September 4, 2019, 1:39 pm
$
0
0

Current environment: FIM 2010 R2 using 3 servers
FIMSYNC01 - Running Forefront Synchronization Service Manager on Windows 2012 R2
FIMSQLS01 - Running FIMSynchService db and FIMUtility db on SQL Server 2012 on Windows 2012 R2
FIMPRTL01 - Contains FIM Portal which is not being used, may not be needed

I inherited this FIM environment and have learned how to manage it from documentation left by the previous admin. However, I was not involved in setting it up. So, there is a lot I don't know. What I have been told is that there was a lot of customization done to get FIM to do what it is doing so, an in-place upgrade is not going to work.

I will attempt to explain what FIM is doing in my environment:
I have a corporate domain and 6 customer domains. There are no trust relationships between any of these domains. The FIM servers listed above are members of the corporate domain. FIM watches some specific groups in the corporate domain. Any users in these watched groups are provisioned to the customer domains and placed in respective groups in the customer domains.

So, my questions are:

Will MIM 2016 SP1 do this out-of-the-box or will customization be needed? (I already have the licensing needed.)

How many servers do I need? I would like to have just 2 if possible, one for the sync service and one for the databases; as below:
MIMSYNC01 - Running MIM Synchronization Service Manager on Windows 2016
MIMSQLS01 - Running MIMSynchService db and MIMUtility db on SQL Server 2016 on Windows 2016

Performance Issue in lithnet dll while saving data to MIM

September 4, 2019, 6:53 pm
$
0
0

We have used lithnet dll to communicate with MIM. While saving data in MIM using lithnet dll(CreateIdentity function) for first time it is taking too much of time which is causing slowness and end application freeze.

Can anyone suggest which action should we take to decrease time and slowness.

How to approve add new/ Modify employee properties on MIM

September 6, 2019, 2:50 am
$
0
0

Hi everyone

Our system with some factors are:

  • HRMS: Human Resources Management System
  • MIM
  • AD
  • ADFS

I have 2-ways synchronization

HRMS => MIM => AD and AD=> MIM

How can I have approve via the workflow when employee are added / Modified to HRMS?

Thank you for any suggestion


How to approve add new /Modify employee attributes on MIM

September 6, 2019, 2:53 am
$
0
0

Hi everyone

Our system with some factors are:

  • HRMS: Human Resources Management System
  • MIM
  • AD
  • ADFS

I have 2-ways synchronization

HRMS => MIM => AD and AD=> MIM

How can I have approve via the workflow when employee are added / Modified to HRMS?

Thank you for any suggestion


How to find unused Sets

September 6, 2019, 6:51 am
$
0
0

Hi,

How can I find which SETs are not used?

I have hundreds of sets and really need an automated way of doing this.

Thanks.

Regards,

JD

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>