Lokesh SG
Hi,
I am assuming that FIM SSPR utilizes the password complexity settings of the associated AD environment (that FIM is deployed in)?
When resetting a password via SSPR, and a password not complex enough is typed in, does FIM SSPR tell you the password does not meet complexity requirements and offer that you type another password (that matches the complexity requirement)?
Thanks,
SK
Hi,
When PCNS intercepts the password change on a DC, what format does it send the password to FIM in? is it clear text?
I am asking this because we require to sync AD passwords with a systems where we do not have a Management Agent for (via FIM).
Came across this script, and was wondering if it can be used for password sync & FIM?
http://blog.goverco.com/p/psmapwdmanage.html
Thank you.
SK
Hi,
With MIM now available, I'd like to test an upgrade scenario.
First question though - what are the requirements for MIM? OS? SQL? etc
FIM Sync:
I assume this is a simple in place upgrade of the binaries?
FIM Portal:
I assume we need to remove FIM Portal and Sharepoint 2010 first (as in our case)?
Then deploy Sharepoint 2013 and MIM portal again?
Thanks,
Sk
More or less related to my upgrade question.
Situation to start from:
Situation to go to:
Now my question: is the MIM 2016 SERVER software backwards compatible? E.g. can FIM 2010 clients connect and perform a SSPR against a MIM 2016 server?
Or is it the other way round? Can a MIM 2016 SSPR client talk to a FIM 2010 server?
I've got quite some clients to upgrade and the first option, server is backwards compatible, would be very very convenient...
Hello!
I need export attribute EmployeeID from FIM Portal to AD.
When I export EmployeeID to AD (Relationship criteria accountname = samaccountname) - all OK
When I export EmployeeID to AD (Relationship criteria Firstname = givenname and Lastname = sn) - EmployeeId does not export to same user in AD.
Help!
Alex
Hi ,
I need to publish my existing FIM Portal on internet, below is my plan for that:
Current Scenario:
- We have 2 FIM Portal Servers published internally using our internal Hardware load balancer (HLB). We have FIM Sync server and one FIM Portal Admin server.
Proposed plan:
we are going to publish FIM servers using Windows Server 2012 R2's Web Application Proxy (WAP) servers.
We will configure two WAP servers in DMZ network behind our external HLB.
Queries:
1- Does WAP servers are supported in this scenario?
2- Do we require both WAP servers in DMZ to be domain joined?
3- Will this method will work us in publishing Password Register Portal?
http://blogs.msdn.com/b/angeos_blogs/archive/2014/10/01/publishing-forefront-identity-manager-fim-self-service-password-reset-sspr-portals-through-web-application-proxy-wap.aspx
4- Will this method will work for us in publishing password reset portal?
http://blogs.msdn.com/b/angeos_blogs/archive/2014/10/01/publishing-forefront-identity-manager-fim-self-service-password-reset-sspr-portal-through-web-application-proxy-wap.aspx
5- We are going to export and use the same certificate as our current internal servers are using, i think this is fine?
The documentation at https://technet.microsoft.com/en-us/library/mt219041.aspx speaks of a FIM 2010 R2 upgrade to MIM 2016. But I've got a customer who still has a FIM 2010 who is now looking to upgrade to MIM 2016.
The target situation is to have all MIM 2016 software on new servers installed.Will the MIM 2016 installer be able to update the FIM 2010 databases? Or do we need to to a FIM 2010 -> FIM 2010 R2 -> MIM 2016 upgrade?
Could this be a possible strategy:
I am having a problem setting the compatibility level for SharePoint, prior to installing FIM.
The property is read-only. Is there are registry entry that will complete this?
Here is the environment:
Freshly installed VM with Windows 2012 Std. Server is named: FIMS.
It is domain joined with .Net 3.5 installed.
It also have SQL 2012 Std installed including full-text search.
It has SharePoint 2013 installed...
Configure SQL Server 2012 for SharePoint 2013
http://sharepointpromag.com/sql-server-2012/configure-sql-server-2012-sharepoint-2013
I am stuck at step 1 in the following article to prepare SharePoint for the FIM install.
Installing FIM 2010 R2 on SharePoint Foundation 2013
https://technet.microsoft.com/en-us/library/jj863242(v=ws.10).aspx
Violating any of the above conditions will be caught by the setup prerequisite checks and will block the installation of the portal.
When I run the command it reports the value is read-only. Advice on how to set this via registry or other mean, is much appreciated.
PS C:\> $spSite = SpSite("http://fims")
PS C:\> $spSite.CompatibilityLevel
15
PS C:\> $spSite.CompatibilityLevel = 14
'CompatibilityLevel' is a ReadOnly property.
At line:1 char:1
+ $spSite.CompatibilityLevel = 14
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyAssignmentException
Thank you
Hi All,
I am testing GAL sync between 3 forests. With 2 forests, everything is fine. When I try to add the third GAL sync management agent, Synchronization Service Manager fails to connect to the forest and shows error alert with number 80230904.
I suspect the reason of failure is in the new forest which FIM tries to connect. What does this error number mean? Besides showing this number, nothing is recorded in logs. I am failing to find any info on this error.
FIM 2012 R2 SP1 version: 4.1.3646.0, works on Windows 2008 R2 machine, the first and second forests are of level 2012 R2, and the third new one (failing) is of level 2008 R2.
Regards
Dmitry
Hello,
I'm not sure if somebody asked for this already, i would like to know a detailed instructions in bulk update/modify phone number of users, it could be an MPR or powershell instructions or both. Users are from different departments. If there is an existing
script that i can modify, that would be great. Thank you!
Hi
I have tried to figure out how to create a set which contains all the security group owners. Is that someway possible to do?
I want to show security groups just to group owners so is there is some other way to do that, let me know.
I've configured my portal to have a set of HR users. HR users can access the portal, create users and modify certain attributes of existing Contractors and Staff.
To do this I created some MPRs and search scopes, I login as an HR user, click Users and can successfully create a new user. However, if I search for existing users using the default All Users search scope, or using my All Conteactors and All Staff search scopes, the portal returns:
An internal error occurred and your request cannot be processed. Please contact your system
administrator.
Usual objectSid, Domain, AccountName are in place. Am I missing something simple?
Thanks
Hi everyone,
I'm experiencing troubles while trying to upgrade FIM Synchronization by installing hot fixes.
My current version is (4.1.3114.0) and I need to go up to new hotfix (4.1.3613.0).
While installing the file (FIMSyncService_x64_KB3011057), I am getting this message :
" Forefront Identity Manager Synchronization Service was not successfully installed. To install Forefront Identity Manager Synchronization Service, run this wizard again."
When I run it again, I get the same message.
I will be grateful if someone can help.
Thanks in advance.
I'm having a problem on my FIM reporting installation, I did everything as noted in the technet documentation and as in missmiis docs, but I never get the MPSyncJob to actually show anything refering to FIM or Forefront.
In the SCSM console, I can see management packs on the administration node, but not in the data warehouse node, is there a catch somewhere or what am I missing? I cannot run the DW scripts on the DW server because it fails everytime saying that management packs aren't deployed....
The actual error message is "Base schema for FIM Datawarehouse has not been deployed. Please wait till this completes."
Microsoft Identity Manager 2016, successor of FIM 2010 is now available on MSDN / Volume Licensing sites. It is the "GA" version.
There is also a new site about MIM:
Microsoft Identity Manager at microsoft.com sites.
On-premises identity and access management:
Note that there is "Try now" button on the site, but it is currently redirected to /evalcenter/evaluate-microsoft-advanced-threat-analytics
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.