Quantcast
Channel: Microsoft Identity Manager forum
Viewing all 7443 articles
Browse latest View live

Export Error

October 2, 2018, 5:16 am
$
0
0

Hi,

Can anyone tell me what is this error related to ?

System.Runtime.InteropServices.COMExceptionSystem.Runtime.InteropServices.COMException (0x80040FA0): Notes error: You are not authorized to perform that operation
   at Domino.IDocument.Remove(Boolean bForce)
   at Microsoft.IdentityManagement.MA.LotusDomino.Core.Person.Delete(CSEntryChange csentry, Context exportContext, List`1 listChangeResult)
   at Microsoft.IdentityManagement.MA.LotusDomino.Core.Person.ExportEntry(CSEntryChange csentry, Context exportContext, List`1 listChangeResult)

Search

Custom error pages for MIM Portal?

September 27, 2018, 10:06 pm
$
0
0

Has anyone managed to use custom error pages (f.ex. 401 and 404) with MIM Portal? I have tried with couple of ways but seems like impossible to make it work even when trying to use the suggestions found for example here at https://stackoverflow.com/questions/2480006/what-is-the-difference-between-customerrors-and-httperrors#

MIM Notification when X number of account changes detected

September 23, 2018, 7:10 pm
$
0
0

Hi,

Is there a way for MIM to send out a notification when, for example, 25 changes are detected against a single account in a 5 minute window?

Thanks,

SK

FIM RCDC UocFilterBuilder and UocListView

September 14, 2018, 11:55 am
$
0
0

Hi,

I am trying to create a new RCDC  where RequestFilter attribute consists of valid XPath. I need to populate UocFilterBuilder with RequestFilter, make Preview button visible and populate UocListView with RequestFillter rendered values only when Preview button is clicked. My code looks like below.

The issue is the Button does not work  when I click it

<my:Control my:Name="ComplexFilterBuilder" my:TypeName="UocFilterBuilder" my:RightsLevel="{Binding Source=rights, Path=RequestFilter}" my:ExpandArea="true"><my:Properties><my:Property my:Name="PermittedObjectTypes" my:Value="Person,Group" /><my:Property my:Name="Value" my:Value="{Binding Source=object, Path=RequestFilter, Mode=TwoWay}" /></my:Properties><my:Events><my:Event my:Name="PreviewClicked" my:Handler="OnClickPreview"/></my:Events></my:Control><my:Control my:Name="FilterBuilderwithpreview" my:TypeName="UocListView" my:RightsLevel="{Binding Source=rights, Path=RequestFilter}" my:ExpandArea="true"><my:Properties><my:Property my:Name="ColumnsToDisplay" my:Value="DisplayName,ObjectType,AccountName" /><my:Property my:Name="EmptyResultText" my:Value="There is no members according to the filter definition." /><my:Property my:Name="PageSize" my:Value="10" /><my:Property my:Name="ShowTitleBar" my:Value="false" /><my:Property my:Name="ShowActionBar" my:Value="false" /><my:Property my:Name="ShowPreview" my:Value="false" /><my:Property my:Name="ShowSearchControl" my:Value="false" /><my:Property my:Name="EnableSelection" my:Value="false" /><my:Property my:Name="SingleSelection" my:Value="false" /><my:Property my:Name="ItemClickBehavior" my:Value=" ModelessDialog "/><my:Property my:Name="ReadOnly" my:Value="true"/></my:Properties>

How to find those persons that don't join

September 6, 2018, 11:40 pm
$
0
0

Hello!

I have a source for HR and one for AD and two agents. In AD I have a unique attribute called SSN and in HR I have a unique attribute called SocialSequrityNumber.
I project HR because these owns the data and then I join AD.
I have some persons that doesn't join with HR because these only exist in AD and I want to find them and write them to a file.
I have also some persons that only exist in HR and I also want to find them and write them to a file.
As a summary I want to find all the persons that doesn't join.

I don't use any portal I only use Synchronization Service Manager.

How do I best solve this ?

//Tony



MIM Removing Users from Groups randomly?

December 10, 2018, 10:13 am
$
0
0

Hey all, 

So, not entirely sure what happened - using the basic documented MIM AD and FIM Agents in Sync tool, followed up by the Inbound / Outbound Group Sync rules in portal. All of a sudden a few random users were removed from Groups and I am not sure why, or even where to look for a logical explanation. 

MIM Is getting all AD users INbound 

MIM Is getting a selected OU for Groups (other groups exist outside of this OU) 

MIM Outbound rule is pointing to a specific OU to create Groups from the portal. 

The groups get created in the Metaverse but don't show up in AD, but running it will remove some users from Groups that are not in this "specific OU" just in the "In Bound Groups OU" - 

Any ideas? 

Thanks! 

MIM2016 Attribute not declared as a dependency

December 12, 2018, 1:00 pm
$
0
0

In the connector flow the field userPrincipalName is checked under Select Attributes

Under Configure Attribute Flow the field is defined as follows:

When I process new imports I get the following error:

Microsoft.MetadirectoryServices.AttributeNotDefinedAsSourceException: Attribute "userPrincipalname" is not declared as a dependency.

   at Microsoft.MetadirectoryServices.Impl.EntryState.GetAttribute(String attributeName, IMacroCollectionBase collection)

   at GTI.IDAM.IDHubSync.MIMConnector.MFAADIafAnygtMemberfirmID(CSEntry csentry, MVEntry mventry) in C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\SourceCode\GTI.IDAM.IDHubSync.Dev\GTI.IDAM.IDHubSync\GTI.IDAM.IDHubSync.Import.cs:line 149

The code referenced on line 149  is:

 if (csentry["userPrincipalName"].IsPresent)

So why am I getting the error that it is not declared ??

ECMA2.0 MA discovery errors - invalid-attribute-value

December 6, 2018, 3:46 am
$
0
0

Hi everyone.

We have an ECMA2.0 management agent used to import employee/student data that is provided to us by a middle ware system that populates several SQL tables.  I should mention that this MA has been working for several years without issue and the issue we're seeing only started recently.

A delta import of the MA completes with discovery errors.  In the error list below there are three errors titled "entry 108", "entry 209", and "entry 125".  Each error type is 'invalid-attribute-value'.  So this suggests that someone upstream has given us some fields that don't conform to our data types/lengths.  If I click an error I get no useful information, just the error and entry number.  Distinguished name is "<unavailable>", and the 'Error details' button is greyed out.

My assumption was that "entry 108" refers to the 108th add/update/delete/whatever it tried to process.  I enabled logging for that MA, then counted through the records it gave me and checked the data for 108, 109 and 125 but the data looked fine, in fact those accounts are already in the metaverse and the values in the log for those records already exist in the metaverse.

Does anyone have any suggestions on how I can troubleshoot this further?

Thanks in advance!

Search

What exactly does Enable Synchronization Rule Provisioning do?

December 14, 2018, 7:07 am
$
0
0

I've searched as much as I can but unable to find a clear definition. According to https://blogs.msdn.microsoft.com/connector_space/2014/12/30/understanding-the-fim-service-management-agent-fim-ma/

"For any resource type that has an Object Type Mapping with a metaverse resource type, any object projected to the metaverse will provision to the FIM MA connector space.  Synchronization Rule Provisioning (tools->options) has no affect on this behavior"

If this is the case, what is the purpose of Sync Rule Provisioning?

Thanks

Implementing Enterprise RBAC System

December 14, 2018, 7:05 am
$
0
0

Hi Everyone,

i wish to use FIM SET and Group as Enterprise RBAC. I have gone through the article at the link below. I wish to take this further by extending the application Role with attributes that will be required for entitlement (literally serving as permission) in the target application.

My question is how do I query the members of the Resultant Group to sync to the Target application such that iterating through the Group membership (users) actually surface the defined Permission attributes on the Group Object. I don't want to define the Custom attributes on the user object. Is this doable and Any XPATH query sample that can help ?

Help appreciated in advance

https://social.technet.microsoft.com/wiki/contents/articles/3982.fim-2010-use-sets-and-groups-as-enterprise-rbac-system.aspx 

Akinzo

Step by Step MIM 2016 installation?

December 14, 2018, 7:05 pm
$
0
0

Hello,

I was wondering if anyone is happy to share their step by step MIM installation. I don't mind any of the version at this time as i just need to get one working. i have tried multiple documents online including doc.microsoft.com and i still cant get it to work. It all looks like there is always something missing in everydocumentation i have used.

i've had tried rebuilding my dev environment 12 times but i still cant get it to work. I'm not sure if its is permission issues or the steps i am following is wrong but the major hurdle has always beenMIM portal which end prematurely. There are someSharepoint steps not mentioned in Microsoft's documentation but exist is some blogs for previous installations.I'm not sure if that has changed or the documentation is not complete.

i'll really appreciate your help if anyone can sharetheir owndocumentation on how to install MIM.


Does MIM 2016 REQUIRE SharePoint?

December 14, 2018, 6:10 pm
$
0
0

I am configuring an ESAE environment using MIM 2016.  We will be using PowerShell scripts and the PAM commandlets to migrate admin accounts from the corporate domain to the red forest, migrate groups to create the shadow principles in the red forest, and manage roles.  I do not want to use SharePoint.  All ESAE installation instructions include the installation of SharePoint with MIM.  Is SharePoint REQUIRED or can the MIM be installed without SharePoint?

Robert

MIM CM - Issue with a new enrollment request - Error connecting to certificate authority

September 25, 2017, 7:05 am
$
0
0

Hello,

This is a new setup of MIM CM. I configured a new profile template for self-service and I'm getting the following error when a user from the subscriber's group try to request a new set of certificates! Any idea where should I investigate to fix this?

CM Portal error:

Error connecting to certificate authority: <certificate authority name>

https://ibb.co/g6ZvM5

Event Viewer - CM server - Certificate Management/Admin

Unable to complete request for profile template:  User Self-Service Profile Template (UUID fb46b125-a942-41c0-9bd6-37afc60c8ce6).
Certificate Authority:  <certificate authority name> is offline.
Start CA service.

Impersonated identity:  <DominName>\user1.
Windows identity:  <DominName>\user1.
Process ID:  2492.
Managed thread ID:  3.

https://ibb.co/hPVruQ

Thank you

Microsoft IDM and IAM solutons

November 19, 2018, 4:58 am
$
0
0

Hello Team,

Am aware that Microsoft offers IDM solution through PAM, does it also offers IAM(Identity access management).?

Is there any difference b/w these two.?

What all other features provided by MIM

MIM Newbie question: Features

May 17, 2018, 5:02 am
$
0
0

Do we have a password change and <g class="gr_ gr_12 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="12" id="12">organidational</g> chart feature in FIM/MIM?

And, is the SSPR supported for mobile devices?

Cheers, Manon.


Search

How to Send Email notification when new city Name added to FIM

May 18, 2018, 2:04 am
$
0
0

Dear All,

we are trying to trigger an email when New city/location/department added to SQL and imported to FIM with belonged users detail.

How it can be achieved ?

Need Your Help!

Thanks,

Shashidhar

Group management- Self Service Query

September 2, 2018, 10:55 pm
$
0
0

Hello All,

    I want that in SSPR users should be able to search Security Groups (which contains there department name)  and request to join them. I am not sure about the exact steps to follow . The default behaviour is that user is not able to search for the security groups created so far. So i think the following steps needs to be followed But getting lost as unable to put the pieces together (which i think i attribute to MIM processes like mprs etc)

Taking the department of Finance as example

a- A set for particular department "Finance" needs to be created.

b- A search scope for "My entitlements" needs to be defined.

c- A MPR/MPR's needs to be defined for the users to request 

Can anybody guide me in achieving this . 

Thanks in advance


   

Distribution group provisioning to AD

December 16, 2018, 10:25 pm
$
0
0

Greetings all,

Straight to the point. MIM/FIM is not provisioning distribution groups to AD. Strange is that it is provisioning security groups but not distribution groups.

Does anybody have any clue, what could be causing this?

Thanks,

zzeet

Question regarding migrated users in MIMPAM

December 18, 2018, 9:48 am
$
0
0

I am setting up an ESAE environment using MIM 2016.   I made the following assumptions when i started the project:

  1. An administrative account migrated to the privileged AD domain (a.k.a. red forest domain) as a PAM Object would be able to manage multiple corporate domains based on the roles the account is associated with.
  2. Once a user get's an admin account in the privileged AD domain, the user's admin account in corporate domains could get deleted if all of the associated functionality is also migrated to the privileged AD domain.  In other words, if the user's admin account in corporate domains is no longer a member of any group, then delete the account.
  3. If a new user requests an administrative account, simply create the PAM object and the MIM record

I question if those assumptions are correct because the MIM record for the administrative account maintains the source account name and source domain name of the original corporate admin account.  I have had some odd results with the set-pamrole command to add a user to the candidates list if the user is not in the corporate domain.

Thoughts?

Robert


Net SqlClient Data Provider: System.Data.SqlClient.SqlException (0x80131904): Could not find stored procedure 'fim.IsServiceBrokerEnabled'

December 18, 2018, 10:14 am
$
0
0
I am in the process of migrating FIM 2010 - 2010 R2 - MIM 2016.  Everything seemed to go well as no errors during the Synchronization service.  However I ran into an issues and I am stuck. Performed the migration, all looked good except that when I run the FIMMA Full Import (after successfully running ADMA Full import and Full synch) it triggers the following event:
Log Name: Forefront Identity Manager Management Agent
Source: ForefrontIdentityManager.ManagementAgent
Date: 12/18/2018 11:49:43 AM
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PSC-MIM-01.mso.intranet
Description:
.Net SqlClient Data Provider: System.Data.SqlClient.SqlException (0x80131904): Could not find stored procedure 'fim.IsServiceBrokerEnabled'

My SQL admin checked and did not find the 'fim.IsServiceBrokerEnabled' in neither of the old or new databases. New SQL Database is SQL 2012 R2.
Viewing all 7443 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>