Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

Workflow for notification of criteria based group or set membership change

November 11, 2019, 11:56 am
$
0
0

I've tried to search for something like this, but I haven't been able to find anything relevant.  I've seen hints that it's not supported, but nothing specific to what i'm trying to do.  I'm running the latest update of MIM 2016 with MIMWAL.

What I want to do is have a set or group of users with a criterion that changes somewhat regularly.  I want changes in that set/group membership to be emailed to specific people or DLs (i.e. static, not like a "welcome" email to new members of the group).

Is that something I can do without going to lengths like sending a members attribute out to SQL server to be split and imported back into a separate multivalue attribute?


Search

Frequent account lockout issue

November 12, 2019, 1:21 am
$
0
0

Hello,

I need help to find out source of account lockout. We are not able to find the source using below steps.

1. 4740, 4625,4771,4776, 

2. enabling Netlogon logging, we still see DC as the source computer in netlogon log file.

3. in 4740 we see DC as the source computer.( This DC also Radius - NPS server always shows this DC as the source computer.

4. I have looked NPS logs also but does not found any devices where the account is getting locked.

Can you please tell me any other steps how can we find the out the source.

Thanks & Regards

Veerappa Kammar

MIM 2016 installation ending prematurely - deployment solutions issue?

November 12, 2019, 5:12 am
$
0
0

Good day everyone

I am having issues with my MIM 2016 installation. I have run the .exe as an administrator, and tried the .MSI with command from elevated prompt as ( msiexec /i “k:\Service and Portal\Service and Portal.msi” /l*v c:\temp\install.log ). Both hang on the Databaseupgrade.exe command pop-up, but after that both end prematurely, with the deployment solutions hanging then it retracts/rolls back.

SQL Server 2016 and Sharepoint 2016 are on one machine (call it 02), on a Server 2016 platform. I am trying to install MIM service and portal on here. Sync services are on machine 01 (also server 2016).

SQL and Sharepoint appear to have been successful in their installations (following BJTechNews Youtube video, with some differences due to version differences), but MIM keeps on falling over.

I have manually tried deploying the microsoftidentitymanagement.wsp and microsoftilmportalcommondlls.wsp via CAS, both show as deployed, but after the installer fails, the latter wsp is retracted and removed. The installer also fails when there are no solution packs.

I've tried playing with ports, bindings etc. and still can't see what I'm doing wrong.

Please help. I have been spinning my wheels for ages, been looking everywhere from IIS, in CAS, checked my Sharepoint config. The verbose log output doesn't have a stop error highlighted to indicate a specific issue - just throws a 1603 error at the end.

Kindest regards

Darren

Trouble installing FIM Service and Portal

August 10, 2010, 1:27 am
$
0
0

Im getting the error: "The service account could not be found. This could be due to an incorrect password. Please check the service account and try again" . When I try to install FIM Service and Portal.

The user I`am using in "Configure common Services" is "fim_service" that is an active account with sql and fimsync admin rights. I tried logging in to the server with the fim_service account without any problems. The sync service is running fine. I also tried different formatting of the "Service Account Domain:" without any luck.

There is no error in Event viewer.

Any ideas why this is happening ?

MIM Portal Powershell Workflow Error Missing expression after unary operator '-'.

November 13, 2019, 4:33 am
$
0
0

Hey Everyone, 

i'm going crazy here i really hope someone can explain to me what is going on

i'm executing a powershell script that checks for accountname uniqueness before writing it to FIM

the powershell is configured to accept those parameters: 

PARAM([string]$SQLAttributeName, [string]$AttributeValue, [string]$FIMAttributeName, [string]$FirstName, [string]$LastName)
END
{   

.....

i then call it from the powershell workflow:

powershell Parameters: 

-SQLAttributeName UPN -AttributeValue [\\Target\AccountName] -FIMAttributeName AccountName -FirstName [\\Target\FirstName] -LastName [\\Target\LastName]

when i do the change in the portal on a user the worklow is executed but i get this error :

Powershell exited with error: Missing expression after unary operator '-'.

i have no idea why this is happening... nothing is clear on the net

can anyone save me ? :)

Thanks

Hitch Bardawil

MIM Outbound rule without a portal

November 13, 2019, 7:23 am
$
0
0

Hello,

i'm new to MIM 2016 and i've just tried to sync data from AD DS  to my LDS with MIM.
Since I have data on my Metaverse coming from my AD connector space, I created a Metaverse Rules Extension (enabled it with provisionning rules extension),  to try to get my data into my LDS without success. I May be missing something.
Oh and i forgot to say i would like to make it with MIM 2016 (not adamsync or another), and without sharepoint installation :). Is there an easy way or kind of walkthrough to do this ? What are the mandatory methods inside the metaverse rule extension to make it work ?
when I try to run a full import on my LDS i only have empty containers, not data supposed to be inside (users).

Any help would be appreciated thanks.

Migrate users from OneLogin to AD Connect

November 14, 2019, 10:03 am
$
0
0
I have a need to understand how to migrate users off of OneLogin to AD Connect. Are there any guidance on how to go about?

FIM PowerShell MA -Export Error

June 8, 2017, 5:17 am
$
0
0

Hi Experts,

I created a PSMA to connect to Exchange Online and perform some updates. Although it performs the updates, I get ma-extension-error in my Sync console and in the event viewer I get the below:

 

The extensible extension returned an unsupported error.
 The stack trace is:

 "Microsoft.MetadirectoryServices.ExtensionException: csEntry ID: 0e16fbd1-514b-e711-80f0-00155d01020d, Export unsuccessful. 
   at Microsoft.IdentityManagement.Connector.PowerShell.Bridge.ExportBridge.PutExportEntries(String scriptFileConfigKey, IList`1 connectorSpaceEntries)
Forefront Identity Manager 4.4.1302.0"

Below is my Export Script:

                                                                                                                 

 [CmdletBinding()]            
param            
(                
    [ValidateNotNull()]            
    [System.Collections.ObjectModel.KeyedCollection [string,Microsoft.MetadirectoryServices.ConfigParameter]] $ConfigParameters,            

    [System.Management.Automation.PSCredential] $PSCredential,            

    [System.Collections.Generic.IList[Microsoft.MetaDirectoryServices.CSEntryChange]] $CSEntries,            

    [Microsoft.MetadirectoryServices.OpenExportConnectionRunStep] $OpenExportConnectionRunStep,            

    [Microsoft.MetadirectoryServices.Schema] $Schema            
)            

Set-StrictMode -Version 3.0    

Import-Module (Join-Path -Path ([Microsoft.MetadirectoryServices.MAUtils]::MAFolder) -ChildPath 'FIMPowerShellConnectorModule.psm1') -Verbose:$false -ErrorAction 'Stop'
$Username = "username@contoso.com"
$SecurePassword = ConvertTo-SecureString "########" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($Username, $SecurePassword)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $mycreds -Authentication Basic -AllowRedirection
$null = Import-PSSession $Session
$exportResults = New-Object Microsoft.MetadirectoryServices.PutExportEntriesResults

foreach($CSEntry in $CSEntries) {
    $logMessage = ""            
    switch ($CSEntry.ObjectType) 
    {            
        'user' 
        {  
            $guid = $CSEntry.Identifier
#$guid | Out-File C:\SharedMailboxPermissionMA\PS.txt -Append
$cloudAnchor = $CSEntry.AnchorAttributes['userPrincipalName'].Value.ToString()
switch ($CSEntry.ObjectModificationType)
            {            
                'Update'
                {
                    if($CSEntry.AttributeChanges.Contains('SendOnBehalfOf'))
                    {
foreach($sendOnBehalfOf in $CSEntry.AttributeChanges['SendOnBehalfOf'].ValueChanges)
{
$User = $sendOnBehalfOf.Value 
$OperationType = $sendOnBehalfOf.ModificationType 
if($OperationType -eq 'Add')
{
Set-Mailbox -Identity $cloudAnchor -GrantSendOnBehalfTo @{add=$User}
}

if($OperationType -eq 'Delete')
{
Set-Mailbox -Identity $cloudAnchor -GrantSendOnBehalfTo @{remove=$User}
}
}
}

                }

                default  {
#[System.Diagnostics.EventLog]::WriteEntry("FIMSynchronizationService", "In Default", [System.Diagnostics.EventLogEntryType]::Information, 221)
                    $csentryChangeResult = [Microsoft.MetadirectoryServices.CSEntryChangeResult]::Create($guid, $null, [Microsoft.MetadirectoryServices.MAExportError]::Success)
                    $exportResults.CSEntryChangeResults.Add($csentryChangeResult)

                }          
            }            
        }            
    }            
}      

Write-Output $exportResults 

I went through some of the Tech Net articles which was related to this error but nothing worked for me. Any help is appreciated. Thanks!!

Veena

Search

MIM Sync

November 18, 2019, 11:08 pm
$
0
0

Hi,

I have two questions of similar kind. I know we can sync data from on-premises AD to MIM portal andvice-versa. Also we can sync data from on-premises AD to SQL, But:

1. Can we sync data from SQL DB to AZURE AD?

  1a. If yes, how?

  1b. If no, what are the other ways?

2. Can we sync data from SQL DB to On-premises AD?

Thanks

MIM 2016 to use for GALSync between 2x Exchange 2010 SP3

November 19, 2019, 4:05 am
$
0
0

Hi all,

My question is very simple:

If I want to use MIM 2016 to run GalSync between 2x Exchange 2010 SP3 located in 2x forests (with interforest trust), do I need to install Sharepoint at all?

Thanks in advance.

MIM 2016 - Errors 3001, 3004. Cannot use passwordreset or passwordregistration portals.

November 20, 2019, 4:56 am
$
0
0

Good day everyone.

I am stuck on the password reset and password registration portals with the 3001 and 3004 error codes coming up.

I followed the standard deployment documentation for deploying MIM 2016 (on server 2016, with SQL2016 and SharePoint 2016 installations), but get stuck on this.

To summarise some steps:

* I've gone into MIM and checked the MPRs (user and general);

* Added the Authn work flows;

* Created test users that are AD accounts;

* Checked the created users extended attributes - the ResourceID was not exportable so according to an article that means it wasn't populated - I used a hex editor to manually create it, cross-referencing in the metaverse properties, and output seems fine;

* Checked IIS for the application pools for FIMPasswordReset and FIMPasswordRegistration - both are started and use the same service account (in this case svc-MIMpool);

* The AD account is unlocked and password verified as well as credentials confirmed;

* I've gone into SharePoint and added the domain users as a group with read permissions for the site.

There were some scripts for fixing the objectSID but I did not come right with them. Probably running incorrectly (saved as .vbs but when run gave errors in code) and tried in command prompt but could not determine output (screen closed).

I do not know what flow and precedence is or how to set them.

I checked the metaverse and users are in there, and the test account I referenced the same objectSID I manually created in MIM.

Any help would be appreciated.

Kindest regards

Darren

MIM 2016 and on-premise Azure MFA server

November 21, 2019, 3:10 am
$
0
0

So as it stands, is this still not supported?  Seeing as there is a Phone Gate as part of the AuthN workflow now, can we not leverage this to get it to work?

Would appreciate your help with this, as it is something we are looking to implement,

Oracle MA: Transition From Extensible Connectivity to Oracle Database Type Agent

November 21, 2019, 1:46 pm
$
0
0
This is a difficult question for me to come up with the correct title, but this is what I am trying to find out. We have an Oracle management agent that was initially set up as an Extensible Connectivity type agent. Some of the functionality in the code associated with that agent is not needed any longer, so Is it possible to switch/convert that connector to an Oracle Database type agent? And if so, how do I go about doing that?

Get Notification When dis-connected account joined

November 21, 2019, 9:23 pm
$
0
0

Dear All,

How to get notification when dis-connected accounts connected with MV. ?

Thanks in Advance.

Shashidhar Joliholi

Set Account Expiry for contractors

November 21, 2019, 11:27 pm
$
0
0

Dear All,

I am trying to set EmployeeEndDate by using following query. but the problem is time. 

DateTimeAdd(DateTimeNow(),"180.00:00:00.0"). 

its adding current time in the employeeEndDate. want to add fixed time

Thanks in Advance,

Shashidhar Joliholi

Search

Creating Users in MIM portal without a Sync Rule

November 22, 2019, 1:44 am
$
0
0

Hey everyone, 

i've been going over a mim setup that was put in place by someone else.

i've noticed users are getting created in the portal from AD, but there aren't any sync rules for that (an non with create in FIM checkbox selected)

no workflow...no mpr...

there is however a projection rule and attribute flows in the MA itself.

can mim create users in the portal from this projection ? i always though it had to go through the portal sync rules to be created as portal users

Thanks!

Hitch Bardawil

Skipped Flow Null Denied Error

November 25, 2019, 11:09 pm
$
0
0
 

Hello Everybody,

I would require your help on to resolve the below issue.


I was trying to delete the  user from group which is Group Membership.

the whole idea is to add the User to a group and delete the User after certain period of time.

when am doing this, it is happening in MIMPortal, but not getting updated the same (adding and Deleting the User From Group) in AD by running the Run profiles.

getting the below error. Please provide your support to resolve the same.Thanks

Srinivas



MIM SSPR and Service Event Logs

November 27, 2019, 10:54 am
$
0
0

Dear Friends

I have implemented MIM 2016 SP1 at our office and we do not have azure. 

Please can anyone guide me with how to find events which can answer the query i have from our security team to monitor below points

  • Which user reset or unlock password?
  • Which user failed with wrong answers?
  • Which IP tried to access SSPR Portal ?

It is ok if we can get even this logs from multiple servers and correlate it

Thank You

Classical Rules Provisioning for Azure Groups (Using Graph MA)

November 27, 2019, 12:47 pm
$
0
0

I Am trying to use Microsoft Graph MA to provision groups to Azure. was wondering if anyone has done it or has the sample code for using classical rules (Code) to provision groups.

One thing I am puzzled with is how the DN is set? If group is created manually, the CN is a hexadecimal.

How do you set DN programmatically?

Is this even supported?

Nosh Mernacaj, Identity Management Specialist


Add or change one-time password email address manually

November 27, 2019, 11:06 pm
$
0
0

Hi Guys,

I am seeking assistance to know if we can change or add one-time password email address manually. I have logged into Forefront Identity Manager 2010 as an admin and try to add or change one-time password for a user but it is greyed out. Is there any option to change OTP email address for a individual or bulk users manually instead of sync with database ?

Regards
NAV

Sarwar

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>