I'm concatenating some values into a Summary field in a workflow activity as follows:

IIF(Eq([//Target/Code1],True),"1,","")+IIF(Eq([//Target/Code2],True),"2,","")+IIF(Eq([//Target/Code3],True),"3,","")

So if Code1 and Code2 are true I get a Summary Value of 1,2,

Now I want to trim the trailing comma.

So I did this

Left([//Target/Summary],Add(Length([//Target/Summary]),-1))

This part doesn't work.  It says Left is improperly formatted or missing a parameter.

If I put a numeric value like 1 or 2 as the second value it works.

 Any suggestions on how to get trim a character off the end of a string in a FIM Workflow activity?

Hi,

I had a requirement. We are provisioning users from FIM to Google(Generic Rest API MA). There is an attribute 'att1' at FIM. I want to update that attribute on successful export(provision) into Google.

For example, If I am provisioning 4 users from FIM to Google, on two users got exported successfully and two got failed. In that case, fro success users i need to update 'att1' attribute to 'True' at FIM and for failed users i need to update false in "att1" attribute at FIM.

Can i know the proceedure to do that.

Thanks

Prasanthi.

FIM SSPR quickstart has two MAs - FIMMA and ADMA. Associated with these MAs are three run profiles (actually five but generalizing) - Import, Sync and export.

Can someone please clarify what these do for each MA?

ADMA :  Import -> This creates holograms in AD connector space?

             Sync -> Syncs the AD connector space data with MV?

             Export - ??

FIMMA :  Import -> imports data from MV to fim connector space?

              sync -> syncs data with MV??

              export -> exports to FIM portal database?

I am developing this ECMA2 based MA, but for some reason, the OpenExportConnection() and the CloseExportConnection() methods are being called, but the PutExportEntries() method is not being called. There is no exceptions thrown anywhere, so I cannot think of any reason why the PutExportEntries() method would not be called. Any insights /suggestions?

namespace FimSync_Ezma
{
    public class EzmaExtension :
    IMAExtensible2CallExport,
    IMAExtensible2GetSchema,
    IMAExtensible2GetCapabilities
    {
        [System.ComponentModel.DefaultValue(1000)]
        public int ExportMaxPageSize { get; set; }

        [System.ComponentModel.DefaultValue(100)]
        public int ExportDefaultPageSize { get; set; }

        //
        // Constructor
        //
        public EzmaExtension() { }

        public MACapabilities Capabilities
        {
            get
            {
                MACapabilities myCapabilities = new MACapabilities();

                myCapabilities.SupportExport = true;
                myCapabilities.FullExport = true;
                myCapabilities.ExportType = MAExportType.ObjectReplace;
                myCapabilities.NoReferenceValuesInFirstExport = true;
                myCapabilities.ExportPasswordInFirstPass = false;

                myCapabilities.SupportImport =false;
                myCapabilities.DeltaImport = false;

                myCapabilities.ConcurrentOperation = false;

                myCapabilities.ObjectRename = false;
                myCapabilities.DeleteAddAsReplace = false;

                myCapabilities.DistinguishedNameStyle = MADistinguishedNameStyle.None;
                myCapabilities.Normalizations = MANormalizations.None;

                return myCapabilities;
            }
        }

        public IList<ConfigParameterDefinition> GetConfigParameters(KeyedCollection<string, ConfigParameter> configParameters,
                                                            ConfigParameterPage page)
        {
            List<ConfigParameterDefinition> configParametersDefinitions = new List<ConfigParameterDefinition>();

            switch (page)
            {
                case ConfigParameterPage.Connectivity:
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("URL", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateEncryptedStringParameter("Username", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Domain", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Password", ""));
                    break;

                case ConfigParameterPage.Global:
                    break;

                case ConfigParameterPage.Partition:
                    break;

                case ConfigParameterPage.RunStep:
                    break;
            }

            return configParametersDefinitions;
        }

        public ParameterValidationResult ValidateConfigParameters(KeyedCollection<string, ConfigParameter> configParameters,
                                                                   ConfigParameterPage page)
        {
            ParameterValidationResult myResults = new ParameterValidationResult();
            return myResults;
        }

        public Schema GetSchema(KeyedCollection<string, ConfigParameter> configParameters)
        {
            Microsoft.MetadirectoryServices.SchemaType personType = Microsoft.MetadirectoryServices.SchemaType.Create("Person", false);

            personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("accountName", AttributeType.String, Microsoft.MetadirectoryServices.AttributeOperation.ExportOnly));
            personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("displayName", AttributeType.String, Microsoft.MetadirectoryServices.AttributeOperation.ExportOnly));

            Schema schema = Schema.Create();
            schema.Types.Add(personType);

            return schema;
        }

        public void OpenExportConnection(KeyedCollection<string, ConfigParameter> configParameters,
                    Schema types,
                    OpenExportConnectionRunStep exportRunStep)
        {
            // Do nothing
        }

        public PutExportEntriesResults PutExportEntries(IList<CSEntryChange> csentries)
        {
            foreach (CSEntryChange csentryChange in csentries)
            {
                string accountName = string.Empty;
                string displayName = string.Empty;

                foreach (string attrib in csentryChange.ChangedAttributeNames)
                {
                    switch (attrib)
                    {
                        case "accountName":
                            accountName = csentryChange.AttributeChanges["accountName"].ValueChanges[0].Value.ToString();
                            break;
                        case "displayName":
                            displayName = csentryChange.AttributeChanges["displayName"].ValueChanges[0].Value.ToString();
                            break;
                        default:
                            //ignore
                            break;
                    }
                }

                // TODO: Make API call
            }

            PutExportEntriesResults exportEntriesResults = new PutExportEntriesResults();
            return exportEntriesResults;
        }

        public void CloseExportConnection(CloseExportConnectionRunStep exportRunStep)
        {
            // Do nothing
        }
    };
}

Hello,

I was wondering if someone can help me out on adding a new attribute in the FIM Metaverse. It seems that every time I try to add a new attribute to an Object Type, I keep getting this error: "Update metaverse schema failed" "Error HRESULT E_FAIL has been returned from a call to a COM component."

Has anyone else received the same error? What does this error mean?

Would highly appreciate your help, please and thank you!

Greetings,

I'm piloting the BHOLD suite to see if it will meet our company's needs.

I added some attributes in the BHOLD core configuration pages (web site).

Now in the FIM sync service, I need to refresh the schema to see them. The Schema refresh fails with the following error logged in the event log. Any ideas?

-Doug

Log Name:      Application
Source:        FIMSynchronizationService
Date:          1/15/2014 8:42:27 AM
Event ID:      6801
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxxxx
Description:
The extensible extension returned an unsupported error.
 The stack trace is:
 
 "System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'WindowsIdentityImpersonationFactory'.
   at Microsoft.AccessManagement.BHOLDConnector.Context.WindowsIdentityImpersonationFactory.CreateImpersonation()
   at Microsoft.AccessManagement.BHOLDConnector.DataAccess.IntegratedSecurityDataAccess..ctor(String serverName, String databaseName, String username, String password, String domain)
   at Microsoft.AccessManagement.BHOLDConnector.BHOLDConnector.GetDataAccess(KeyedCollection`2 configParameters)
   at Microsoft.AccessManagement.BHOLDConnector.BHOLDConnector.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.1.3114.0"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="49152">6801</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-15T14:42:27.000000000Z" />
    <EventRecordID>110324</EventRecordID>
    <Channel>Application</Channel>
    <Computer>xxxxx</Computer>
    <Security />
  </System>
  <EventData>
    <Data>System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'WindowsIdentityImpersonationFactory'.
   at Microsoft.AccessManagement.BHOLDConnector.Context.WindowsIdentityImpersonationFactory.CreateImpersonation()
   at Microsoft.AccessManagement.BHOLDConnector.DataAccess.IntegratedSecurityDataAccess..ctor(String serverName, String databaseName, String username, String password, String domain)
   at Microsoft.AccessManagement.BHOLDConnector.BHOLDConnector.GetDataAccess(KeyedCollection`2 configParameters)
   at Microsoft.AccessManagement.BHOLDConnector.BHOLDConnector.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.1.3114.0</Data>
  </EventData>
</Event>

Hi,

I am getting "cd error" on group provisioning in bhold access management agent.

I am populating all attributes like bholddescription,bholdtaskname,bholdmaxusers,bholdmaxroles,application description and members.

But getting errors.

event viewer reads:-

The extensible extension returned an unsupported error.
 The stack trace is:
 
 "Microsoft.MetadirectoryServices.ExtensibleExtensionException: The anchor attributes were not set in export entry.Forefront Identity Manager 4.1.3419.0"

Any help

shakti

I am developing this ECMA2 based MA, but for some reason, the OpenExportConnection() and the CloseExportConnection() methods are being called, but the PutExportEntries() method is not being called. There is no exceptions thrown anywhere, so I cannot think of any reason why the PutExportEntries() method would not be called. Any insights /suggestions?

namespace FimSync_Ezma
{
    public class EzmaExtension :
    IMAExtensible2CallExport,
    IMAExtensible2GetSchema,
    IMAExtensible2GetCapabilities
    {
        [System.ComponentModel.DefaultValue(1000)]
        public int ExportMaxPageSize { get; set; }

        [System.ComponentModel.DefaultValue(100)]
        public int ExportDefaultPageSize { get; set; }

        //
        // Constructor
        //
        public EzmaExtension() { }

        public MACapabilities Capabilities
        {
            get
            {
                MACapabilities myCapabilities = new MACapabilities();

                myCapabilities.SupportExport = true;
                myCapabilities.FullExport = true;
                myCapabilities.ExportType = MAExportType.ObjectReplace;
                myCapabilities.NoReferenceValuesInFirstExport = true;
                myCapabilities.ExportPasswordInFirstPass = false;

                myCapabilities.SupportImport =false;
                myCapabilities.DeltaImport = false;

                myCapabilities.ConcurrentOperation = false;

                myCapabilities.ObjectRename = false;
                myCapabilities.DeleteAddAsReplace = false;

                myCapabilities.DistinguishedNameStyle = MADistinguishedNameStyle.None;
                myCapabilities.Normalizations = MANormalizations.None;

                return myCapabilities;
            }
        }

        public IList<ConfigParameterDefinition> GetConfigParameters(KeyedCollection<string, ConfigParameter> configParameters,
                                                            ConfigParameterPage page)
        {
            List<ConfigParameterDefinition> configParametersDefinitions = new List<ConfigParameterDefinition>();

            switch (page)
            {
                case ConfigParameterPage.Connectivity:
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("URL", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateEncryptedStringParameter("Username", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Domain", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Password", ""));
                    break;

                case ConfigParameterPage.Global:
                    break;

                case ConfigParameterPage.Partition:
                    break;

                case ConfigParameterPage.RunStep:
                    break;
            }

            return configParametersDefinitions;
        }

        public ParameterValidationResult ValidateConfigParameters(KeyedCollection<string, ConfigParameter> configParameters,
                                                                   ConfigParameterPage page)
        {
            ParameterValidationResult myResults = new ParameterValidationResult();
            return myResults;
        }

        public Schema GetSchema(KeyedCollection<string, ConfigParameter> configParameters)
        {
            Microsoft.MetadirectoryServices.SchemaType personType = Microsoft.MetadirectoryServices.SchemaType.Create("Person", false);

            personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("accountName", AttributeType.String, Microsoft.MetadirectoryServices.AttributeOperation.ExportOnly));
            personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute("displayName", AttributeType.String, Microsoft.MetadirectoryServices.AttributeOperation.ExportOnly));

            Schema schema = Schema.Create();
            schema.Types.Add(personType);

            return schema;
        }

        public void OpenExportConnection(KeyedCollection<string, ConfigParameter> configParameters,
                    Schema types,
                    OpenExportConnectionRunStep exportRunStep)
        {
            // Do nothing
        }

        public PutExportEntriesResults PutExportEntries(IList<CSEntryChange> csentries)
        {
            foreach (CSEntryChange csentryChange in csentries)
            {
                string accountName = string.Empty;
                string displayName = string.Empty;

                foreach (string attrib in csentryChange.ChangedAttributeNames)
                {
                    switch (attrib)
                    {
                        case "accountName":
                            accountName = csentryChange.AttributeChanges["accountName"].ValueChanges[0].Value.ToString();
                            break;
                        case "displayName":
                            displayName = csentryChange.AttributeChanges["displayName"].ValueChanges[0].Value.ToString();
                            break;
                        default:
                            //ignore
                            break;
                    }
                }

                // TODO: Make API call
            }

            PutExportEntriesResults exportEntriesResults = new PutExportEntriesResults();
            return exportEntriesResults;
        }

        public void CloseExportConnection(CloseExportConnectionRunStep exportRunStep)
        {
            // Do nothing
        }
    };
}

Hi There,

How to export users from FIM portal with dispaly name, domain, account name title, office Location, Manager, Employee ID, Manager id and whatever attribute its there in FIM Portal from powershell or any method.

Even am ot able to export FIM SQl Database.

Please help on this.

Thanks very much in Advance.

Thanks

Veerappa

Hello experts,

We are deploying the Self Service Password Reset feature with FIM 2010, and while creating the first Management Agent for FIM Service, we get a problem stating "Failed to retrieve the Schema".

I've already installed Net Framework 4.0 and edited the "miiserver.exe.config".

What is the recommended solution for this one?

Thanks in advance,

Hi everyone,

What would happen if I import a security group object but only a subset of the users that are members of the group are in FIM? When an outbound rule is performed, will the set of users not in FIM be removed from the group?

Source: http://www.microsoft.com/licensing/products/products.aspx
Download the “Microsoft Product Use Rights (WW, English, April 2015)” document at http://www.microsoftvolumelicensing.com/userights/Downloader.aspx?DocumentId=8488

In short, prior to 1st of april 2015, you required

• a FIM server license for every FIM server installed and a CAL for every user managed in the FIM Service, or
• Forefront Identity Manager 2010 R2 External Connector

After 1st of april 2015:

• Windows Server license (Standard & Datacenter) will include FIM server entitlement
• FIM Server 2010 R2 licenses will not be available anymore on the price lists

The FIM server will no longer be sold as a separate license, but instead Windows Server licenses will allow customers to install the FIM Server software.
Azure Active Directory Premium (AADP) and any suite that contains AADP, including Enterprise Mobility Suite (EMS) and Enterprise Cloud Suite (ECS), will also entitle users to access FIM.
Since FIM users already required a Windows Server CAL or equivalent to access FIM running on Windows Server, no additional Windows Server CALs (or Windows Server External Connector) will be required.

More info here:

• #FIM2010 licensing model is changing as of 1st of april 2015
• http://aka.ms/LicenseToFIM

Peter Geelen (Microsoft Belgium) - Premier Field Engineer Security Identity

[If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click "Vote as helpful" button of that post.
By marking a post as Answered or Helpful, you help others find the answer faster.

May the Thoughts be with you!

Well, a small nod there to Star Wars day, and we turn our thoughts to more the serious matter of ingesting the more valuable brain telemetry from and to our very own Internet of Thinkers!

Connect to the real network, the world wide workers!

Cut through the chatter and produce some pertinent protocols!

All over the world, highly intellegent autominous entities are uploading neural nuggets of gold, words of wisdom and inspirational instructionals!

So step forward... beacons of brain power, and download your technical torrent of tips to the Head Hub - TechNet Wiki!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

Hello,

Can someone please tell me the solution for this issue. I am trying to connect to my exchange server and its throwing this error. I have also imported the certificate and placed in root folder. But still find the same error. Going craxy from 3 days plz someone help me.Here is my code:

Thanks,

Sravani

We have got account objects for differnt system in our organization in FIM portal. Each of these account object has a system manager.

Whenever a new account is created a mail is triggered to system manager. We  have a workflow for this activity.

The issues is that FIM portal is sending emails to incorrect recipients. The mail is send out to system manger of other system.

My one guess is that when a new user is created; it also creates around 5 to 6 accounts. So aroung 5-6 emails are sent out using the same MPR/workflow. Could this be the reason?

Hi,

 We have provisioned users from FIM to Google(used Generic REST API MA) by mapping "Email" with "DN". Now we need to change that Email at FIM.We want to link the changed Email with the user present in Google.But when we do an export it is creating a new user at Google because of new DN.How we can modify the DN in FIM Sync Provision Code so that the new DN(Email) will be updated to the already existing user at Google.

Please suggest me.

Thanks

Prasanthi.

Hi,

In our organization, While creating a security group in FIM Portal, under the Roles tab when we type in the "Group Owner" name who is not in the list of "Membership Manager", it gives an message stating "Please select the Group Owner from the above Membership Managers". I want to understand where is this validation and the error message label configured in FIM Portal?

I looked into the RCDC, and checked the XML file for "Create, Edit and Read" operations of Groups. I could not find the validation or error message in there.

I navigated to the Portal folder which was created during FIM Installation and tried checking in there too. But could not find anything relevant.

Is there any other place where the validation and error message can be configured?

Any help would be appreciated.

Thanks!

FIM WAL is calling a powershell activity. After the activity is called, search requests throws " this workflow instance encountered an internal error during processing". In event viewer, I could see this error. I even tried with empty try catch statement. Iit's giving the same error.

param($oid,$fname,$AcctName,$lname)
try
{
$line = "test"
}
catch [System.Exception]
{
 return "bad value"
}

System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException()
   at System.Collections.Generic.List`1.get_Item(Int32 index)
   at System.Collections.ObjectModel.Collection`1.get_Item(Int32 index)
   at FIM.Workflow.Common.Activities.RunPowerShellScript.RunScript(String script, ArrayList arguments, Dictionary`2 parameters)
   at FIM.Workflow.Common.Activities.RunPowerShellScript.Run_ExecuteCode(Object sender, EventArgs e)
   at System.Workflow.ComponentModel.Activity.RaiseEvent(DependencyProperty dependencyEvent, Object sender, EventArgs e)
   at System.Workflow.Activities.CodeActivity.Execute(ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

I have a FIM environment which provision a cross forest link mailbox.

When using domain admin as destination FIM MA service account, provisioning works fine.

However when using a FIM service account, provisioning failed with a corrupted mailbox.

homeMDB is empty.

A quick look into FIM event viewer shows the error: ExchangeGuid is mandatory on UserMailbox. Property Name: ExchangeGuid

The service account has the following permission:

Forest wide directory read only and replicating directory changes rights

Full control for OUs involve in the provisioning

Exchange Recipient management

I tested logging in as the service account to create the link mailbox manually and it works.

Only after adding built in domain\builtin administrators membership does the provision start to work again. However, customer requirement dictate that this is not allowed.

May I know if I missed out any additional permission required for cross forest mailbox provisioning.

Thanks in advance!