I followed the instructions in
http://fimspecialist.blogspot.com/2013/03/to-make-security-option-visible-to-non.html#!/2013/03/to-make-security-option-visible-to-non.html
to allow non-admin users to see the SG options on the portal. When I log in
with my non-admin account I see the links to My SG's and My SG Memberships.

I have added my non-admin account  to an SG (TestGroup1), which does have Owner and Displayed Owner attributes set.

Going off this article
https://social.technet.microsoft.com/Forums/en-US/27ba3c10-1a05-4e06-a6bc-dcb28fadf1f7/my-sg-membership-only-shows-groups-with-ownerdisplayedowner?forum=ilm2
I made that account a member of the Security Group Users set.

When logged into the portal I can  search All Security Groups, I see TestGroup1 and see myself as a member.

The issue is, when I click on My SG Memberships, there are no results.

Hi All,

I wish to know if anyone has experience creating a multi-modal type of Call based Management Agent. So Export does Web Services Call to the Target Connected Data Source and Import will use SQL Connection because API method to get all User records for import is not available/exposed in the connected system. This looks feasible in theory, but just want to know if that assumption is actually the case in practice. Any 'gotcha' to watch out for ?

Thoughts and Feedback appreciated.

Akinzo

I upgraded from 4.4.1302.0 to 4.4.1749.0 in a Test environment (Windows Server 2012R2, SharePoint Foundation 2013).

Now any screen which should show a filter builder instead shows the error page "Unable to process your request". So this happens if I click on "Advanced Search" from anywhere, and also if I try to open the "Criteria-based Members" tab on any Set, and the "Members" tab on any criteria group.

I ran the same upgrade in Dev a couple of months ago and have had no such problems there. I did also migrate a bunch of new config into Test on the same day as patching, but I have compared config between Dev and Test and don't think it is config related.

The only error in the event log is a Warning from Microsoft.ResourceManagement.PortalhealthSource:

I have looked through the SharePoint logs but all I see is when it shows the Error page - it doesn't say why. I've done a comparison between Dev and Test and the logs look identical up to that point.

I've re-installed the MIM Portal update and confirmed in the install log that there were no errors. I have rebooted all servers.

One thing I have noticed is that Windows patching is much more up-to-date in Test - they routinely patch Test at this customer, but not Dev. So I guess it's possible some combination of Windows patching and the MIM Portal patch has broken it - it would just be really helpful to get an error message from SOMEWHERE!

I have also figured out that the method for diagnostic logging has now changed. I generated a trace log but there are no errors at all, which does seem to indicate an error in the SharePoint layer, not reaching the MIM Service. There used to be a way of commenting out the "ILMErrors" line in the web.config to get more useful messages. but doing this now completely breaks the Portal - is there a new way to do that? (CustomErrors is set to Off but it's still showing the useless error page)

Final observation: the issue happens both when accessing the MIM Portal through its full address, and using localhost on the server.

http://www.wapshere.com/missmiis

Hi,

I wanted to know a simple vb script which i can use in FIM sync service for validating user. Like user should have this naming convention or automatically it should have that when i export user from FIM portal to AD.

Anything simple like this will be a great help.

Thanks,

zeet

Hi guys,

Having followed and satisfied the prerequisites from https://docs.microsoft.com/en-us/microsoft-identity-manager/working-with-identity-manager-hybrid-reporting, I have downloaded, installed and configured the MIM Hybrid Reporting Agent on the MIM Servers, which can reach the internet. But it so happens that SSPR Registration, Reset and SSGM activities are not reporting in Azure. Please, is there something I just might be missing out?

Thanks

Hi all.

I've come across an issue.
I try to create a new attribute on the portal.
Standard things: name, displayname and details. I've tried both indexed and unindexed string.

Once I click "finish" the wheel spins then I'm directed to an internal error then the whole portal crashes and will only load to the "internal error 3000" page. During this time The FIM sync will get an error during import, "failed-schema-access"
The only way I've been able to fix this is to restore the DB.

The eventlogs dont show a great deal, they shows errors along the longs of "something out of index or bounds" and nullpoint exception error.

I have created new attributes in the portal before without issue. To note I have tried this 3 or 4 times as originally thought I'd copied in some bad chars from winword but no, it's something else.

If you can direct me how to gather more details that would help.

Error snippets:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.IndexOutOfRangeException: Index was outside the bounds of the array.
   at Microsoft.ResourceManagement.Schema.ServerSchemaManager.Reload()
   at Microsoft.ResourceManagement.ActionProcessor.SchemaActionProcessor.UpdateSchemaCache()
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
   --- End of inner exception stack trace ---

Requestor: urn:uuid: UUID REPLACED
Correlation Identifier: UUID REPLACED
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.ArgumentNullException: Value cannot be null.
Parameter name: key
   at System.ThrowHelper.ThrowArgumentNullException(ExceptionArgument argument)
   at System.Collections.Generic.Dictionary`2.FindEntry(TKey key)
   at System.Collections.Generic.Dictionary`2.TryGetValue(TKey key, TValue& value)
   at Microsoft.ResourceManagement.Schema.ServerSchemaManager.GetAttributeSchema(String attributeName)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ReadFragment(SqlDataReader reader, Int64& resultCount, Boolean& endOfSequence)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ReadQueryResults(SqlDataReader reader, Int64& resultCount, Boolean& endOfSequence)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecutePullActionImpl(PullRequestParameter pullParameter)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteEnumerateAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
   --- End of inner exception stack trace ---

Hi,

Currently MIM2016 SP1 only supports Windows Server 2016 and SQL Server 2016.

See link:

https://docs.microsoft.com/en-US/microsoft-identity-manager/microsoft-identity-manager-2016-supported-platforms

Does anyone know when Windows Server 2019 and SQL Server 2017 will be supported?

Thanks.

Br,

Leo

Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

MIM 2016 SP1, 4.4.1642.0 (also tested on 4.4.1749.0)

I have developed an ECMA2 connector to interface with a data source via a REST API, in order to update a small number of attributes; there is no provisioning to the data source. The connector exports changes successfully, but does not report failures to the UI. In order to force an error at the UI, I amended the PutExportEntries() method as shown below, to always return a failure, however, no failure appears in the UI, the UI just looks like the export completed successfully. Can anyone provide any guidance as to what might be amiss?

In addition, I am seeing event 6309 in the Application log with the following text:

PutExportEntries method:

public PutExportEntriesResults PutExportEntries(IList<CSEntryChange> csentries)
        {
            log("PutExportEntries-Start");

            PutExportEntriesResults exportEntriesResults = new PutExportEntriesResults();

            foreach (CSEntryChange csentry in csentries)
            {
                // Force an error to the UI
                exportEntriesResults.CSEntryChangeResults.Add(CSEntryChangeResult.Create(csentry.Identifier
                    , csentry.AttributeChanges
                    , MAExportError.ExportErrorCustomContinueRun
                    , "custom-error"
                    , "Custom error message."));
                continue;

                //rest of export code below but unreachable

            }
            log("PutExportEntries-End");
            return exportEntriesResults;
}

Does anyone know if there is an official description for the FIM XPath filter dialect akin to the official documentation for XPath in "ww.w3.org/TR"?

I am familiar with the usual webpages showing examples for the FIM dialect but haven't seen an official technical specification.

Joe Leibowitz

Hey everyone.  I was wondering if there was a was to set an account in MIM WF to never expire.  In our environment when a contract work converts to full time the employeeEndDate stays on the account and expires the account.  Currently we are manually going into portal and clearing the date which then allows us to set account to never expire in ADUC  We would like to automate this when they fall into the set to clear the employeeEndDate any help on this would be greatly appreciated.

What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in December 2018 and must be in English. However, the original blog or forum content can be from before December 2018.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

Thanks,
Kamlesh Kumar

If my reply is helpful please mark as Answeror vote as Helpful.

My blog | Twitter | LinkedIn

Hi,

We migrated our MIM schema and policy to a new environment, and we could log on as the 'MIM_Admin' account and see the MIM Portal for about 5 minutes...and then it just stopped. Now we get the following error in the MIM Portal:

Server Error in '/' Application.

---

Object reference not set to an instance of an object.

[NullReferenceException: Object reference not set to an instance of an object.]
   Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key) +266
   Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key) +25
   Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache() +96
   Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap() +87
   Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource) +43
   Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth() +59
   Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e) +46
   System.Web.UI.Control.PreRenderRecursiveInternal() +175
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Control.PreRenderRecursiveInternal() +272
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785

Looking in Event Viewer, we find the following:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2018 4:58:12 PM
Event time (UTC): 11/16/2018 4:58:12 AM
Event ID: f2427f75ca1f4dc382f821f7dee7032e
Event sequence: 51
Event occurrence: 23
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1742489732/ROOT-1-131868080209261945
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\80\
    Machine name: MIMService01
 
Process information:
    Process ID: 6056
    Process name: w3wp.exe
    Account name: TESTAD\svcsps
 
Exception information:
    Exception type: NullReferenceException
    Exception message: Object reference not set to an instance of an object.
   at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache()
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap()
   at Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource)
   at Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth()
   at Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e)
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
Request information:
    Request URL: http://portal.testad.com/IdentityManagement/default.aspx
    Request path: /IdentityManagement/default.aspx
    User host address: 192.168.205.123
    User: TESTAD\mimadmin
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: TESTAD\svcsps
 
Thread information:
    Thread ID: 18
    Thread account name: TESTAD\svcsps
    Is impersonating: False
    Stack trace:    at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.RetrieveFromCache(UserNonSharedKey key)
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache()
   at Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap()
   at Microsoft.SharePoint.WebControls.AspMenu.GetEditableSiteMapProvider(SiteMapDataSource dataSource)
   at Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth()
   at Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e)
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Does anyone have a clue on what the problem might (suddenly) be - it was working...

thank you,

SK

Hi,

In the MIM MA, I am able to map and export a user's ObjectSID...the MIM Service schema, in the MA, shows that there is an ObjectSID attribute for the Person object class.

However, when I open a user in the MIM Portal, I am unable to find the 'ObjectSID' attribute - should one be able to see it in the MIM Portal UI?

Thanks,

SK

Hi,

We'd like to move the MIM service account mailbox to Exchange Online for notifications & approvals - and we understand that its just a matter of re-running the MIM 2016 SP1 Portal/Service installation and selecting the EOL settings in the dialog box.

However, after running this, do we also need to re-run all the post SP1 hotfixes (that are currently applied to MIM)?

thank you.

Hello Experts,

<g class="gr_ gr_14 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="14" id="14">i</g> want in place upgrade FIM 2010 R2 to MIM 2016 SP1. in our environment FIM is integrated with HRMS portal . and lots of Sync rules and flow is <g class="gr_ gr_13 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="13" id="13">customised</g>.

if I  upgrade from FIM 2010 R2 to MIM 2016, is my all flow and setting on FIM will be intact?

Balwan Singh

Hello, I have been able to successfully upgrade my MIM system to 4.4.17949.0 without issue.  The system is running fine under 4.4.17949.0.  I recently attempted to apply hotfix 4.5.286.0 and I am receiving the following fatal error during the upgrade of MIM Portal and Service.  If anyone has seen this before and knows a solution I would appreciate any insights.

Hi all,

I performed all the steps which included in documentation of microsoft for self service password reset. I read all question and answar on technet but i did't find the right solution. 

For user account name, domain and resource sid is coming in the portal and i am able to login in the fim portal with a non admin user and user have the account in A.D. 

I check all required MPRs are enabled and user is coming in the password reset user set.

My fim portal and A.D. are installed on different server.

but when i click in the fim portal for register for password reset it shown an exception--

Password registration portal URL is not configured. please contact your helpdesk or system administrator.

Can anyone help  me to resolve this issue. I will be very thankful for the same.

Regards,

Shubham

Hi greetings to all,

I need to know the complete steps for validating any attribute in MIM portal. For example 'Company' 
      must be
             'Abc' (default value) or
             'Bcd' or
             'CIA' or
             'apple' or
             'microsoft' or
             'Glassdoor' or  
             'INheaven'

---------------------------------------------------------------------------------------------------------------------------------------------

Also, another query is that how to validate the attribute is required (must be filled). If the attribute upon user creation say last name is empty or not filled then it should show some error message.

Thanks,

zzeet