Hello,
Does anyone know if it is possible to get information about BHOLD objects, like object types, attributes, attribute sets, etc. via an API or something of sorts? I am not talking about obtaining database infomration but rather the schema info.
Thank you,
Ilya
I'd like to find out if it is possible to configure and OR condition on an Outbound System Scoping Filter for an outbound sync rule. The scenario is this:
We're provisioning data to an external system based on an attribute in the MV called employeeType. Each MV person can only have one employeeType. There are several different possible values for employeeType such as Permanent, Contractor, Temp etc .etc.
We only want to export data when the employeeType is Permanent OR Contractor. If you create two conditions in the scoping filter though, they seem to be tested with a boolean AND resulting in no records being provisioned to the external system.
With only one condition in the scoping filter, records of the type specified in the filter are provisioned fine.
Any assistance here would be most appreciated.
Kind regards
Adrian Thomas
I want the report to be extended to include a custom attribute on the person object, so I followed the instruction as perhttp://technet.microsoft.com/en-us/library/jj133861(v=ws.10).aspx
I've run the scripts
All completed successfully.
However no data is being imported into the new FIMPersonExtensionDimtable (my extended person DW table) in either the DWRepositoryand DWDataMart database, though the users appear in the defaultFIMPersonDim. So the report doesn't work.
Is there any step I missed?
snippets of the binding and schema as below
<ClassBindings><!-- Person --> <ClassBinding><SystemObjectAttribute ObjectTypeName="Person" AttributeName="InfraUserType"/><DataWarehouseClassProperty ClassTypeIdentity="FIMDW.FIMPersonExtension" PropertyIdentity="FIMPersonInfraUser" ManagementPackIdentity="Microsoft.Forefront.IdentityManager.Datawarehouse.TEST.Extensibility" ManagementPackVersion="1.0.0.1"/></ClassBinding></ClassBindings>
<TypeDefinitions><EntityTypes><ClassTypes><ClassType ID="FIMDW.FIMPersonExtensionInfra" Accessibility="Public" Abstract="false" Base="FIMDW!FIMDW.FIMPerson" Hosted="false" Singleton="false" Extension="true"><Property ID="FIMPersonInfraUser" Type="string" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="25" MinLength="0" Required="false"/></ClassType></ClassTypes></EntityTypes></TypeDefinitions><Warehouse><Dimensions><Dimension ID="FIMPersonExtensionTESTDim" Accessibility="Public" InferredDimension="true" Target="FIMDW.FIMPersonExtension" HierarchySupport="IncludeExtendedClassProperties" Reconcile="false"/></Dimensions></Warehouse>
Thanks
John
Is there a way to calculate the value of an attribute only in metaverse without making portal to calculate it? I want to use this value just as a join so I am wondering if I can do it without the fimma atribute flows and workflows?
Fimma is already passing accountName to MV and I want to use accountName@domain.edu as a join for other DS.
Thanks in advance.
Hello,
how should I configure a workflow for multivalued reference attributes in Export wokrflow by using Web Service Configuration Tool? I need to configureRoleIds multivalued reference attribute for User object.
For now I have only configured assignments for String attributes:
Hello,
I have a web service, wich returns the user and it's related roles:
[DataContract]
publicclassSAP_AD_User
{
[DataMember]
publicInt32 UserId {get;set; }
[DataMember]
publicstring EmployeeNumber {get;set; }
[DataMember]
publicstring FirstName {get;set; }
[DataMember]
publicstring LastName {get;set; }
[DataMember]
publicstring FullName {get;set; }
[DataMember]
publicstring UserName {get;set; }
[DataMember]
publicstring JobTitle {get;set; }
[DataMember]
publicstring Company {get;set; }
[DataMember]
publicIEnumerable<RoleID> SAPUserRoles { get;set; }
}
[DataContract]
publicclassRoleID
{
[DataMember]
publicstring FIMRoleId {get;set; }
}
I have defined two attributes: User (with refSAPUserRoles Multi-Valued attribute of Reference type) and Role (with RoleId of String type), I've also designed the Full Import workflow for webservice MA. But how to assign a value to this multi-valued attribute in CreateValueChange element?
Hey all,
I'm wondering how you handle this situation: in a lot of environments where I come some people require multiple AD accounts. For instance a lot of IT staff members have a regular account and an admin account.
In the past I've done projects where HR is linked to AD over FIM and where the FIM Portal acts as a source for Admin accounts. In this approach each "warm body" is represented twice in the MetaVerse.
Now I was wondering whether it would be a good idea to have two AD MA's (for one domain) where one MA manages the OU's with the Admin users, and another MA manages the OU with the regular users.
Is there any reason not to do this?
Hi,
I have a problem installing FIM 2010 R2 Synchronization Service at a customers site. I keep getting the 25009 error. This is a clean install and not an upgrade. The error I keep getting is:
Error 25009. The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. Invalid object name 'mms_management_agent'. A required privilege is not held by the client.
I have verified that I am sysadmin on the SQL server. I have tried the suggestion as per Brad Turners blog post:
http://www.identitychaos.com/2009/09/issues-with-sql-server-in-windows-2008.html
But the problem still exists.... The Environment is Server 2012 for FIM and a remote SQL 2012 server. I also tested on an 2008 R2 server with SQL 2008 R2 running locally, but got the same error, so it doesn't seem to be related to OS or SQL versions but rather some domain related issue.
Any tips on how to solve this error would be much appreciated.
Regards
Patrik
Hi,
I am using the sync engine of FIM 2010 only, it is configured to sync users between an account forest and resource forest.
I am struggling with the deprovisioning and hoping someone can help me out. I have read other questions/answers on the forum about this subject and also 'understanding-deletions-in-ilm-2007' article, but I still can't get FIM to delete the resource account.
At the moment I have FIM disabling a user account and moving to a 'pending deletion OU' when the user is moved to a OU called 'Disabled' in the account forest. What I would like to do now is when an account is deleted from this OU, and only this OU, the account is the resource forest is also deleted.
Can anybody share any pointers or even some code that will help me out?
Many thanks...David
I have problems with the connection to the SQL Server. I am receving a timeout error.
I found a link in the internet that mention a ConnectionTimeout parameter for the FIM
I have input this parameter in the registry but I continue with the error.
Question: Do someone can explan me how to use this parameter?
TIA
We're using MIIS 2003 (v3.2 SP2) to import to Active Directory from eDirectory.
I've created a simple PowerShell script that uses WMI to trigger the Run Profiles of the Management Agents on demand. I can parse the resulting RunDetails' XML to find the number of users added into AD:
[xml]$xmlAD=$activeDirectoryMA.RunDetails().ReturnValue
$xmlAD."run-history"."run-details"."step-details"."export-counters"."export-add"."#text"
How do I find out WHO was added? I can see the details (distinguished names) of synchronisation errors but not of what was added (or updated) successfully. This is easily viewable in the GUI.
Is this level of detail accessible over WMI?
Thanks!
TechNet Wiki is looking for and celebrating the best of the best!
Is that you? Do you consider yourself an expert, authority, or just pretty good at FIM?
Show us your FIM forum solutions and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition programme, where people such as yourselves can get the recognition you deserve, for the time you've given the community.
If you spend any amount of time crafting an awesome answer to a forum question, then why not get the most back for your efforts, by posting it to TechNet Wiki.
1) Please copy over any solutions you post here to TechNet Wiki.
2) Add a link to it on THIS WIKI PAGE, so we know you've contributed
3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
If you win, we will sing your praises, similar to the weekly contributor awards, however once "on our radar" and making your mark, you will probably be interviewed for your greatness, and eventually even invited into other TechNet/MSDN circles!
Either way, winning this award in your favoured technology can only be good for your career! ;)
Feel free to ask any questions below.
Thanks in advance!
Pete Laker
#PEJL Got a good solution? If you invest your time in coding an elegant/novel or large answer on these MSDN forums, why not copy it over to our belovedTechNet Wiki, for future generations to benefit from!
I got the same error in the below when importing Oracle MA by MIIS.
I tried to replace OracleDB from 10g to 11g.(I know it is not supported.)
I was prompted to refresh schema and refreshed schema and did Full import , Full synchronization and it worked fine.
But I tried to import Oracle MA again it says failed connection start Error Code 0x80230804.
Which folder do I need to grant the MIIS service account to change right permission ? I tested to grant oracle 10g client folder but it did not work.
Do I need to restart MIIS service ?
I confimed that I could login and select data from table in Oracle11gDB using sqlplus with Oracle MA access acount.
Hi All,
I am trying to find out the answer of below questions in respect to FIM 2010 R2 SSPR. Can anyone please suggest me.It will great help if i got the answer of below questions.
1. If a account is locked on AD.
a. Will SSPR unlock account and reset the password on AD?
b. If account is locked, will SSPR reset the password or get an error that account is locked and cannot reset the password.
2. What automated emails can be generated to the user on successful or failed FIM reset attempts? If yes, please give some idea to implement it.
3. How can we implement pop up to force a user to register for SSPR in FIMR2 if we implemented web based password reset functionality?
4. Can any AD account be registered with FIM, and if so is it possible to enable/block certain accounts? (There are some accounts such as Service Accounts (or those without interactive logon enabled) that we may not want to allow a password reset…is the only prevention not to register questions for these?)
5. Is it possible to force the user to change the answers to the user’s registration questions periodically and how this can be done?
6. We want to prevent others/attackers from gaining access to another person’s account.
7. At some point, a user may still need to call the Service Desk to manually reset the password or unlock the account (i.e. multiple unsuccessful self-resets). How can we improve the ability to authenticate the user?
8. Can we get a report as below
Thanks
Harry
Hi,
Trying to log a new sync rule and a click on new do not bring any new window up. Can see this behaviour under all resoources on the Portal.
Running actual Version of FIM Portal on Windows Server 2012 and SP Foundation 2013. Browser is IE 10
Did try already to apply hotfix for IE 10 (KB2608565) but I am not able to install it (error 0x80096002)
Any idea if IE 10 is blocking the new window or how can I resolve this issue?
Thanks, Markus
AdminIT
I want to install a trial version of FIM. The download trial link in the website takes me to Virtual Lab. I want to download the trial version and play around in my Sandbox.
Thanks
Gopi
Can you have a security group and users within a security group and be FIM managed.
i.e.: Parent group: ALL_CAFE_MRGS (SG)
Sub group: ALL_ASST_CAFE_MGRS (Sub SG)
Users: 123456; (user)
234567; (user)
987654 (user)
We use MIIS for galsync.
I heard that anchor value of GALMA,ADMA is objectGUID.
Q1
I guessed that during Delta import GALMA,ADMA use objectGUID to like data source and CS object and compare object update time and if object update time are different , they are imported to CS object.
Q2
But how about SQLMA,LDIFMA,OracleMA ,AVPMA ,etc?
There is anchor setting for those MAs but, how MIIS and FIM detect data source change other than anchor attribute ?
Q3
About Delta sync I guessed that it compare CS object anchor and update time with Metaverse object and they are different , MV object are updated.
Is that correct ?
My friend just reimaged my comp to 7. He set the username to stephenveal. I renamed it to Shawn Paul. Now, at the login screen, the account name says Shawn Paul. The name at the top of the start menu says Shawn Paul. But, if I go into the users folder, my folder that should say Shawn Paul still says stephenveal. I tried renaming and deleting it, but I got the error message that says that a file or program in the folder is still open. I went into the admin account and tried doing the same thing and I got the same error message. I also tried moving all the perishable files into the admin account and then renaming or deleting the folder, but I got the same results.
Hi There,
I am using exchange 2010 & Lync 2010,i would like to provision exchange Mailboxes from FIM 2010 R2 Portal.
What are the perquisites to start this process. we have one mailbox database in exchange.
What are the configuration need to take, what types of attributes need to create in outbound sync rule or is there any permission required for any account.
If any one can help I would thankful to them.
Thanks
Veerappa