Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

Disable and Move on Delete

February 12, 2014, 9:04 am
$
0
0

Hi all,

I am currently struggling with deprovisioning in FIM and was looking for some help.

My scenario - I am receiving users from an "HR" database and if they have the employee type of "Full Time" or "Contractor" they automatically get provisioned into the AD via set transition and synchronisation rule.  The DN for the user is built based upon the employee type therefore full time employees go into on OU, contractors into another.  This works and all is good - I can even change the type of employment and the user gets moved as expected.

Now I need to deal with the scenario of deprovisioning.  The HR database has no state information - a user is either present in the database or not.  When a user disappears from the database I would like to first disable the account in AD, move it to a third "Disabled" OU and then stop managing the user in FIM.

I have done lots of reading around the subject including the "Understanding Deletion in ILM 2007" and others.  What I can't figure out is which bits I need to put together and in which order.

Some guidance would be brilliant.

Thanks in advance and here is hoping someone has some patience to help :-)

Search

FIM SMS Reset with SMS to Email gateway

February 13, 2014, 1:19 am
$
0
0

Hi All,

I am implementing SSPR with OTPR via a on premise SMS gateway. It is configured with an email address. I can email it and it relays the message to a user.

I want users to register their mobile numbers as my internal data is not clean.

So, this is ok, I can set the SMS OTPR workflow. However there is no option other than a code extension to simply email the SMS server. Does anyone know how this is implemented for customers with an Email to SMS gateway feature ?

thanks in advance.

Rob

Rob

Password Reset and SMS to Email Gateway

February 12, 2014, 8:19 am
$
0
0

Hey,

I want a user to be able to Register their alternate email address and their Mobile number.

When a re-set request is made, I want to

Email the OTPR code to the email address

Email the OTPR code and the phone number to the SMS email with the number in the subject line. I have an EMAIL to SMS gateway configured and working.

So the user can get 2 notifications, I cannot find any document on how to find this. And the "Password Reset Authn Workflow" SMS registration part has only an activity saying "Your security code is {0}" assuming that I don't want to trigger this.

Is this a supported scenario ?

Rob

Rob

FIM Password Expiration Notification E-Mail

February 15, 2014, 7:23 am
$
0
0

Within FIM 2010 R2 I have created 2 sets called "Password Expiration Notification (7 Days)" and "Password Expiration Notification (Tomorrow)", the criteria I have set to populate these sets is:

Select users that match all of the following conditions:

Password Last Set prior to 35 days

User account control = 512

and

Select users that match all of the following conditions:

Password Last Set prior to 41 days

User account control = 512

Our domain password policy stipulates passwords should be changed every 42 days.

I've have the sets populating correctly and have followed the tutorial here http://setspn.blogspot.co.uk/2010/10/fim-send-password-expiration.html to setup the workflows, email templates and MPRs to send an email to the user when they transition into one of the above sets.

It is sort of working, in the sense it is sending emailed but when I look at the System Event Requests that appear under Search Events emails are only being sent to users who password have already expired and not all of the members of the sets.

Anybody able to suggest a reason why emails are not being sent to all members of the sets? 


string department(sql) to reference department(mv)

February 14, 2014, 1:59 pm
$
0
0
In the person object, I have a department reference attribute. I need to flow the department values from a sql table to FIM department reference attribute. In the  CONFIGURE ATTRIBUTE FLOW, I have dept(sql- reference) to dept(reference - Type direct/object type - person). but how can I let FIM know the flow is of department object?

Best way to expose Password Registration Portal to the outside

August 12, 2013, 12:00 pm
$
0
0
Hello,

We are an educational instituiton currently attempting to provision the Password Reset and Registration portals so that they can be used by Online students who are obviously not domain members or on a campus.

The reset portal is working just fine as it is Anonymous Auth and I would like to have some way to use a form to authenticate from the outside for remote students to get to the registration portal without having to have students enter "domain\username" and "password". And then at the point to have to enter the password again.

What is the suggested or preferred way to accomplish this? TMG/UAG?

Thanks for your time,

Seth Mall

PCNS in multi-forest?

February 16, 2014, 10:39 pm
$
0
0

Hi,

Assume we have 4 forests, Forest A, Forest B, Forest C and Forest D; with a planned eventual consolidation of user from Forest A,B, C into Forest D. The 4 forests do need to run together for some time.

Forest D has FIM Sync and user accounts from Forest A,B,C have been sync'ed and created in Forest D.

Can we install PCNS on Forest A,B,C,D to sync all password changes with respective accounts in Forest D (unidirectional), even though FIM Sync is running only in Forest D?

Thanks

DW

FIM GALSYNC Contact provisioning exclusion

February 16, 2014, 10:25 pm
$
0
0
I need to know how can FIM Galsync provisioning/joiner rule be configured with certain exceptions. For example if there are 4 forests participating in Galsync - Forests A, B, C & D. Forest A is where FIM server is deployed and it share the same smtp domain namespace with Forest B. Is it possible that Forest B provision contacts on all other forests except Forest A?
Search

Workflows in Web Service configuration Tool

February 17, 2014, 3:50 pm
$
0
0

Hi everyone:

Somebody knows some documentation or example about to créate workflows in the web service configuration tool from connector web service in Forefront identity manager?

Thanks in advanced

Regards

FIM

Temporal Sets using xs:dayTimeDuration

February 17, 2014, 2:10 pm
$
0
0

I currently have FIM 2010 R2 installed and I'm trying to create a Temporal Set using xs:dayTimeDuration. The samples I have found on the Internet are using 'PnD' syntax, where n is the number of days.  However for my use case, I need to be more restrictive, like 6 hours. Based on XPath 2.0 syntax linked from FIM 2010 R2 documentation, I would use this:

(ExpirationTime < op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(), xs:dayTimeDuration('PT6H')))

When I manually run the "FIM_TemporalEventsJob" SQL Job, nothing happens. The UI doesn't support the syntax, so I don't know how to see if the object is part of the set. All I know is that my workflow doesn't execute.  However, if I change the syntax to use 'P1D', everything works as expected...

My question is: is this a bug or FIM doesn't support the syntax?

 

Mark Remkiewicz

Spread the Love! Be our FIM TechNet Guru, this Valentine's

February 2, 2014, 2:32 pm
$
0
0

TechNet loves you!

 

We love your contributions at TechNet Wiki sooo much that we give you more than just love in return...

We give you NOTORIETY, GLORY... and VIRTUAL MEDALS!

That's not all, this love we have, together, it flows both ways my friend.

You give us stuff, we give you stuff, like interviews, recognition points, Ninja Belt rankings, and of coursefront page love!

If the love is strong enough, who knows where it could end! We may even invite you into secret clubs and other initiatives.

So why not spread the love a little further this Valentines, with more than just a cheap card from the highstreet...

Express your love for your favourite technology in a TechNetWiki article!

Pour your heart out to us, capture our hearts and woo us with your prowess!

 

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker

#PEJL

Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!

If you are a member of any user groups, please make sure you list them in the Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.


Installing FIM Reporting in Productrion Server with mutilple portal

January 27, 2014, 2:44 am
$
0
0

Hi,

I have 5 FIM Portal Server in production. I need below clarification.

Can you confirm if I can install FIM Reporting in just one server which have FIM Service installed on that?

Or

Should we run this on every FIM Service Portal [Suppose we have 5 Portal Servers]?

Can someone clarify my doubt?

I understand FIM Reporting is a component of FIM Service. So FIM Reporting installation should not depend on how many portal production architecture have, it can be installed on one of the FIM Service Server.

Aswathy Raj

Users cannot access the FIM Portal unless they are a member of the local Group "Users" on the FIM Service server

February 17, 2014, 9:55 am
$
0
0

Hi,

I have an FIM 2010 R2 SP1 install on Windows 2012 infrastructure using SharePoint 2013.  Roles are broken out so I have a separate server for FIM Service, FIM Sync and SQL backend.

I have populated users as required but they cannot access the FIM Portal unless they are members of the local security group "Users" on the FIM Service server itself.  When not added to this group they get prompted for credentials repeatedly and after entering them repeatedly then I receive a message from the below link

"https://idmportal.company.com/_layouts/MSILM2/ErrorPage.aspx

Unable to process your request"

Once I add the user into the "Users" group on the FIM Service server then the user logs in with no issues.

Has anyone else come across this issue?

Thanks,

B

FIM 2010 hotfixes - RSS feed

May 11, 2011, 11:42 am
$
0
0

The FIM 2010 product group created an RSS feed to alert you when they release a FIM 2010 hotfix.

To subscribe, just go to the Forefront Identity Manager Solution Center.

Check the downloads section.
In the right column click on the RSS icon in the “FIM 2010 Hotfixes” box. Then click on Subscribe to This Feed.

Here is the shortcut link to the feed: http://bit.ly/FIM2010HotfixRSS.
This is the RSS source link, to add in your feed reader: http://sxp.microsoft.com/feeds/3.0/msdntn/FIM2010_Hotfixes (updated 19/mar/2013)

Please help spread the word about this tool so others will know when hotfixes are available that may resolve issues they’ve been experiencing.

For the full list of hotfix downloads check the FIM hotfix downloads on the Microsoft Support Site.

Peter Geelen (Microsoft Belgium) - Premier Field Engineer Security & Identity

[If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post.
By marking a post as Answered or Helpful, you help others find the answer faster.]


ADMA failed-search timeout 0x55

February 18, 2014, 4:31 am
$
0
0

Run running a full import I'm getting a failed-search error with timeout 0x55 for the error information. There is nothing in the event logs nor import log when I enable it. I've tried playing with page/batch size and doubling/tripling/quadrupling the timeout with nothing seeming to help.

What other debugging tricks can I use to possibly find out what is going on?

Search

Where is the best doc source for Config settings for Sync Manager?

February 18, 2014, 4:34 am
$
0
0

Hello,  We have Sync Manager, so what is the best doc source to explain the CentralConfigSettings such as settings in the 'AppSettings' section, MA settings, etc?  Thanks.

Thanks for your help! SdeDot

Do we require 2 FIM Licence if installing FIM portal on 2 servers for HA

February 18, 2014, 7:57 am
$
0
0

Hi,

We are installing FIM portal on 2 windows servers for achieving HA.
Please help by sharing will it cost us two FIM Licence to do that.

Thanks,
Varun

How to solve placeholders of reference attribute - Fim 2010 R2

February 18, 2014, 8:58 am
$
0
0

I am importing an object(person) from sql which has a reference to second object (department). The connector space search shows the second object type as placeholder and not as department. The department object was created in FIM portal and not joined by or connected to any other MA.

a) In Portal, there is an object called department. It has an attribute displayName which has Computer Services as value.

b) The FIMMA has the department object type flowing 4 to/from MV. Am I missing anything in this? Should the displayname be flowed to any other attribute?

dn<-- (sync rulemapping);MVObjectid<-- <objectid>; DisplayName-->displayName; <dn>-->cdObjectID

c)sql MA(person object) : has 2 attributes; empID ,dept(reference - department object) (123,Computer Services); import flow has dept to department in MV (direct flow). The preview is showing as Applied Deleted for department and connector space has placeholder.

Please help!



Trigger a MPR on a specific time

February 17, 2014, 5:43 am
$
0
0

Hi,

I have a requirement to trigger a MPR at exactly at 07h00, is this possible? and how?  I have reviewed some of the articles on this topic, but they concentrate more on a specific date.

I have created a custom Workflow activity to send a SMS to a user when a password is about to expire.  The TemporalEventsJob runs at 00h00 resulting in the SMS going out at about 01h00 in the morning, I want to change / delay the SMS to 07h00 without changing the schedule of the TemporalEventsJob.

Thanks

Johan Marais

JkM6228

Supported platforms in FIM 2010 R2 Sp1

February 18, 2014, 10:27 am
$
0
0
I have FIM 2010 R2 Syncronization Server running on Windows 2008R2 OS. The available Galsync connectors that we have are Exchange 2003, 2007 and 2010. The FIM sync server runs on Exchange 2010 environment but in order to fulfill the requirements of establishing a connector with Exchange 2007 we followed the reference "http://social.technet.microsoft.com/wiki/contents/articles/3457.fim-how-to-export-to-an-exchange-2007-server-with-synchronization-server-in-an-exchange-2010-domain.aspx" to install Exchange 2007 EMC on the FIM Sync server. Now we have a new connector lined up to be added on our FIM server which is running on Exchange 2013 environment. I need to know how can we perform an upgrade from FIM 2010R2 to FIM 2010R2 SP1 without breaking the existing configuration especially with the connectors running legacy Exchange (2003 and 2007).

Jimmy George

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>