Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

How do i register a security key (for windows log-in) for my regular Microsoft accounts that are added to my Azure AD tenant?

July 13, 2020, 4:01 am
$
0
0

Hi,

I would like to set up a security key for regular microsoft accounts used on my Windows PC.

I have an AAD tenant where security keys have been enabled for all users. When creating a user in AAD, setting up the key for that user in myprofile.microsoft.com and then AAD joining my PC, I can login to my PC with the registered security key to that particular account.

However, if I invite an external user with a regular "@outlook" or "@hotmail" account to my AAD, I cant login to myprofile.microsoft.com since this user is not added to the "Microsoft Services" tenant and can not access application '19db86c3-b2b9-44cc-b339-36da233a3be2'(My Access). Instead I tried setting up the security key in account.microsoft.com for microsoft accounts.

Since my PC is AAD joined with the AAD user, the security option is there during login and with that I tried signing in to my "@hotmail" account on my PC with the security key I set up for that account. That seemed to initially work until it finally said "You can't sign in with this account. Try another account"

Does anyone know how to set up security keys for regular microsoft accounts or how to possibly add this user as an external user to the 'Microsoft Services' tenant.

Thanks!

Search

SignInActively.LastSignInDateTime causes stopped-extensible-extension-error

July 14, 2020, 4:35 am
$
0
0

While using the new Graph management agent. When I choose the attribute SignInActively.LastSignInDateTime the Full Import ends with  stopped-extensible-extension-error


Response: {
  "error": {
    "code": "BadRequest",
    "message": "Invalid Request: $select is not supported for these properties.",
    "innerError": {
      "date": "2020-07-14T10:16:34",
      "request-id": "510469ab-3db5-4c83-acf4-ef08f20c7084"
    }
  }
}


GH

domain isn't in our system. Make sure you typed it correctly.

July 14, 2020, 3:39 pm
$
0
0
I clicked on the link: https://compliancy-group.com/3-easy-steps-to-get-your-microsoft-business-associate-agreement in order to get the Microsoft Business Associate Agreement. Step 1 asks me to log into the office 365 admin center. When I do, and sign in with my Microsoft Account ID, I get the message, "thisdomain.org isn't in our system. Make sure you typed it correctly." Yet I can sign into this forum, for example, without problem. I've tried 3 known Account IDs and get the same message on all of them. What's going on? (sorry if this is not the right forum)

SMS code for account verification does not arrive + support only accessible after account verification

July 15, 2020, 10:57 am
$
0
0
Last week, I posted a question on answers dot microsoft dot com using my hotmail account.

I got two emails mentioning a new reply to my question and one email saying that someone sent me a private message about this post.

Why I try to check the replies or read the private message,  I am led to a page titled "Enter your mobile number to verify your account"  

I entered my number several times but the SMS with the code never arrived. After a few tries, I get "Usage limit exceeded. Try again tomorrow.". This is a mobile phone number in Belgium.

After a few days, I give up and try to look for support, but everytime I try to open a post on a Microsoft support forum,  I am brought to the same page "Enter your mobile number to verify your account" with the same problems.

How can I proceed to solve this and access the replies to my question?

I can access my hotmail account ygramoel@hotmail.com without problems.



(By the way: how can I select font sizes in this form????)


Support for Nested group in Azure

July 18, 2020, 10:11 pm

Unable to Sync the User Objects / Password Sync using an Azure AD connect. Failed to from past 3 days.

July 20, 2020, 8:38 am
$
0
0

Any ideas, what could be the issue. I tried changing the proxy as well.

Error Details

Scheduler::GetCurrentSchedulerSettingsWithRetry : GetCurrentSchedulerSettingsWithRetry failed.
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed ---> System.Net.WebException: The remote server returned an error: (501) Not Implemented.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse.<CreateByDiscoveryAsync>d__0.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalServiceResource)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance adalServiceResource)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeDependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString userPassword)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.InitializeProvisionHelper()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initialize()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCompanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsSerialized, Char** errorString)
ErrorCode: user_realm_discovery_failed
StatusCode: 0
Will retry in 15 seconds.

Thanks

pavan ch

Net SqlClient Data Provider: System.Data.SqlClient.SqlException (0x80131904): Could not find stored procedure 'fim.IsServiceBrokerEnabled'

December 18, 2018, 10:14 am
$
0
0
I am in the process of migrating FIM 2010 - 2010 R2 - MIM 2016.  Everything seemed to go well as no errors during the Synchronization service.  However I ran into an issues and I am stuck. Performed the migration, all looked good except that when I run the FIMMA Full Import (after successfully running ADMA Full import and Full synch) it triggers the following event:
Log Name: Forefront Identity Manager Management Agent
Source: ForefrontIdentityManager.ManagementAgent
Date: 12/18/2018 11:49:43 AM
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MIM-01.domain
Description:
.Net SqlClient Data Provider: System.Data.SqlClient.SqlException (0x80131904): Could not find stored procedure 'fim.IsServiceBrokerEnabled'

My SQL admin checked and did not find the 'fim.IsServiceBrokerEnabled' in neither of the old or new databases. New SQL Database is SQL 2012 R2.

Active Directory Federation server 2012 R2 MSSQL$MICROSOFT##WID Error

July 22, 2020, 6:47 pm
$
0
0

HI

Due apology if I have not picked the right forum, I was unable to find ADFS amongst the list. 

Can some one help on this error started to appear from 3rd of July 2020 on the Primary ADFS 3 server. The ADFS farm is running on WID. Looking at https://social.technet.microsoft.com/wiki/contents/articles/36454.ad-fs-3-0-for-windows-server-2012-r2-wid-configuration-fails-with-cannot-start-service-mssql-microsoft-wid.aspx

it seem like a permissions issue but nothing is changed since. And the server seem to be running fine. The ADFS service seem to be running fine too. It is just that Un-pleasant error in event log. 

++++++++++++++++++

Event ID 28005

Source MSSQL$MICROSOFT##WID

Log: Application

Message: An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.

+++++++++++++++++++++++++++++

Many thanks

Sa

NSW DECC

Search

I need a VB snippet for MA extension to write a generalizedTime custom attribute in the AD

July 24, 2020, 12:20 am
$
0
0

Hallo,

I need to write a custom attribute 'birthDate' in generalizedTime format like yyyyMMddHHmmss.0Z in the AD. Can someone help?

GH

Rules Extension Attribute Import Multi-Value

July 24, 2020, 1:13 pm
$
0
0
Hey, when a multi-valued attribute is changed in import the sync engine show's what was added or removed. How can I access these changes in a rules extension?

Create an object specifying the ObjectID

July 27, 2020, 1:43 am
$
0
0

Hi,

I would like to create an object in the FIM service specifying the ObjectID.

I tried with the PowerShell snapin and the .NET client, I get no errors if I specify the ID but it looks like the value is ignored.

Is this possible at all somehow?

Thanks,
Paolo

Paolo Tedesco - http://cern.ch/idm

PCNS across trusted domains not working

July 27, 2020, 1:09 am
$
0
0

Hello,
we have a scenario with three ad domains:

Domain A: PCNSSVC installed, MIM server is member
Domain B: PCNSSVC installed
Domain C: PCNSSVC installed

The trust-type between A and B is "external" and transitive=no
The trust-type between A and C is "Forest" and transitive=yes

Password changes in Domain B are successfully delivered to the MIM server in Domain A.

Password changes in Domain C are not delivered. We get the following mesage in the eventlog on the DC:
Status is 5 - Access denied

In general we have in both domains B and C a service account with a SPN configured.

The firewall between Domain A and Domain C is completely open for communications between the DCs and the MIM server.

Does anybody give me a hint, why Domain C is not working?

Regards, Christian


MIM 2016 SP1 Installation failed due to "Database cannot be populated"

July 30, 2020, 7:30 am
$
0
0

The installation ran half way and an empty power shell dialogue popped out and the error message says, "".I have added all the service accounts and administrator to be the sysadmin of my SQL server and my share point site collection is configured properly and installed all the prerequisites needed. I really can't figure out what else to do in order to install it. 

The first error i got is "Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding". I configured the SQL server and set the timeout to 0 which is unlimited. This solved the error but the second error I got was "MIM database could not be populated".

Please help me out, I'm stuck here for almost 2 weeks and this is for my school assignment...would really appreciate any advice. Thank you for reading.

MIM2016SP1 Service and Portal Install Error

June 1, 2018, 11:21 am
$
0
0

I have been pulling my hair out with this for some time now. I have been searching only through various TechNet posts and a handful of other sites and i have yet to be able to get a successful install of the MIM2016 service. 

My lab environment includes:

Server 2016 DC

Server 2016 MIM server (SQL2016, Sharepoint2016)

Server 2012R2 MIM server (SQL2014, Sharepoint2013SP1) tried this since i couldn't get it to install on the 2016 server

Server 2012R2 Exchange Server with 2013Sp1 installed

Errors in log file

Lots of these but they seem to be in any copy of the ISO that i download so i assume this is normal

DEBUG: Error 2826:  Control ckboxUseSSL on dialog ExchAndCertificateDlg extends beyond the boundaries of the dialog to the right by 15 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ExchAndCertificateDlg, ckboxUseSSL, to the right

DEBUG: Error 2769:  Custom Action ValidateSyncAccount did not close 1 MSIHANDLEs.
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2769. The arguments are: ValidateSyncAccount, 1, 
Action ended 13:31:34: ValidateSyncAccount. Return value 1.

This seems to be the fatal error the installer experiences:

CAQuietExec:  
CAQuietExec:  URL reservation delete failed, Error: 2
CAQuietExec:  The system cannot find the file specified.
CAQuietExec:  
CAQuietExec:  
CAQuietExec:  Error 0x80070001: Command line returned an error.
CAQuietExec:  Error 0x80070001: CAQuietExec Failed
CustomAction DeleteResourceEndpointAcl returned actual error code 1603 but will be translated to success due to continue marking
MSI (s) (C4:EC) [13:32:14:893]: Executing op: ActionStart(Name=RollbackAclResourceEndpoint,,)

Also this error is listed:

CustomAction AddServiceToPerformanceMonitors returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
06/01/2018 13:32:27.827 [5828]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393

And then the final summery

=== Logging stopped: 6/1/2018  13:34:40 ===
MSI (c) (E8:5C) [13:34:40:353]: Note: 1: 1708 
MSI (c) (E8:5C) [13:34:40:353]: Product: Microsoft Identity Manager Service and Portal -- Installation failed.

MSI (c) (E8:5C) [13:34:40:354]: Windows Installer installed the product. Product Name: Microsoft Identity Manager Service and Portal. Product Version: 4.4.1302.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

MSI (c) (E8:5C) [13:34:40:358]: Grabbed execution mutex.
MSI (c) (E8:5C) [13:34:40:358]: Cleaning up uninstalled install packages, if any exist
MSI (c) (E8:5C) [13:34:40:359]: MainEngineThread is returning 1603
=== Verbose logging stopped: 6/1/2018  13:34:40 ===

I've searched and searched for any information on these but i haven't been able to really find much information on it so any help would be greatly appreciated. 


 

Uninstall MIM 2016 Service & Portal Manually

August 4, 2020, 1:47 pm
$
0
0

Hello There,

I require some assistance on how to manually uninstall MIM 2016 Service & Portal. I have tried several approach including the URL below, but MIM 2016 would not just uninstall. Appreciate Ideas on how I can get to do this to enable me do a clean install of the MIM 2016 Service & Portal on the same Server

https://social.technet.microsoft.com/wiki/contents/articles/37711.mim2016fim2010-troubleshooting-uninstall-fails-with-error-administrator-privileges-required.aspx.

Thanks

Akinzo

Search

Notify Managers of Contractors x days before employee end date

August 4, 2020, 6:07 pm
$
0
0

I am using the MIM WAL that allows to send notification after x days from the start of a particular date. However, I am struggling with defining a set that allows me to say x days before a particular date.

My scenario is that the employee end date has been set. I need to send a notification 14 days prior to the employee end date to the manager that the contractor they are managing is going to have the contractor account disabled.

Appreciate any help, :-).

Role & Impact of Identity Access Management (IAM) in Digital Transformation

August 4, 2020, 11:21 pm
$
0
0

Hi,

I want to explore the upcoming future of Identity Access Management (IAM) in the API Economy and Digital ROI. I want to know what is the main purpose of using IAM in businesses and its role in digital transformation. At this time security is too much important for all small mid size enterprises. So at this point my question is:

What is the right business solution to manage digital identity and how IAM could play its role in an API economy?

John


is "AutoPostback" property valid for drop-down menu control in RCDC

June 9, 2020, 4:26 am
$
0
0

I would like to know if there is a way to customize a handler to use in RCDC to act based on a dropdown menu, which will trigger the visibility and required of a field based on a value chosen from the dropdown list.

Based on a specific value from a dropdown menu, a few fields will disable in the MIM portal while creating or editing a user/person object.

Regards,

Srinwantu


How to connect or test ldap server connection in windows through command prompt or Powershell cmdlet without GUI

August 7, 2020, 1:34 am
$
0
0

In our company infrastructure we have an ldap directory service hosted. Currently I'm using Ldap tool to connect to ldap directory service to search for the records.

Now I have a task to modify few attributes for several users. Manually its taking lot of time to update the attributes. I'm looking to develop a script where i can connect to ldap server and traverse the directory tree to modify attributes. I have searched in internet for any command in windows to test connectivity to server could not find any command in windows

Kindly request anyone to help me with any available command in windows or any powershell module to use for ldap connection and search the records like Get-ADUser or Get-ADObject.

Use Microsoft Identity Manger without Sharepoint

August 7, 2020, 6:40 am
$
0
0

Hello all,

We are looking for documentation or PowerShell command which will permit to use MIM 2016 like it was with MIIS 2003 (we will replace it by MIM2016). 

By looking on internet we could see that SharePoint is needed if you need the user portal. In our case we just need to synchronize some user account from a source domain to another destination domain. Nothing more nothing else. Just keep the very basic usage like it was with our usage of MIIS2003.

Should some of you have knowledge with this kind of setup path? Maybe some documentation which will permit to configure the synchronisation /provisioning rules, ….?

Thanks to all of you for your contribution with this topic.

Best regards,

Al.

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>