Quantcast
Channel: Microsoft Identity Manager forum
Viewing all 7443 articles
Browse latest View live

Fetching the enabled attribute with ADObject.

August 28, 2019, 1:02 pm
$
0
0

Enabled attribute only lies in the AD User Object class as it falls under 'user account control' . I have a query that needs to fetch all the members of the AD group consisting of AD User as well as AD Groups (a group is a member of another group). So, to list all the members I have to get the attributes using Get-ADObject command so what I am doing is this:

Get-ADObject -Filter {ObjectGUID -eq '16e76214-6306-4359-9dde-91c9d98accc8'} -Properties *| Select Name, Enabled, useraccountcontrol

What I want is if the Enabled is present in the attributes it should give either True/False value and if it is a group it should be Null as there is no 'Enabled' attribute. Instead I am getting some weird number which I found out to be a code for the account status and whether the password is expires or never expires. Like 512, 66050

I just want to get member name & enabled value. In every case enabled is coming blank.

Search

AD group membership : How to populate "memberOf" attribute for a user in AD

August 13, 2012, 7:03 am
$
0
0

Hi,

I am using Out of the box Active Directory MA. Users are being created in AD. How to add the users groupmembership using FIM.

Any clues on this.

Regards

Sai

The server encountered an unexpected error in the synchronization engine:

August 29, 2019, 8:46 am
$
0
0

Hi,

In one of the MIM server, I see below error in application logs. Does anyone know whats the resolution for this ?

The server encountered an unexpected error in the synchronization engine:

BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\shared\entry\tower.cpp(3989): 0x80004005 (Unspecified error) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\shared\entry\tower.cpp(12133): 0x80004005 (Unspecified error) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sqlstore\csobj.cpp(1833): 0x80004005 (Unspecified error) 
BAIL: MMS(8132): d:\bt\30017\private\source\miis\server\sync\expcall.cpp(905): 0x80004005 (Unspecified error) 
ERR_: MMS(8132): d:\bt\30017\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {1AC10E43-196A-E311-8F38-0050569E0CF1} with 0x80004005 (pass 1 of 5)

MIM - remove a specific character during import

August 6, 2019, 4:15 am
$
0
0

I have a management agent for SQL that runs just fine, it can import value from my SQL server and store it on the metaverse.

My problem is the string from the SQL server contains a single quote (') , I wonder if there's a way I can remove that single quote during import to metaverse

e.g. value from SQL server is :

'12345'

what i want to keep in the metaverse is only like this:

12345
any ideas will be very much appreciated.. thanks in advance

MIM portal: Unable to process your request

August 16, 2019, 8:46 am
$
0
0

Hi,

When I try to access the MIM 2016 portal using installation account 'miminstall'it throws an error unable to process your request. The event viewer generates the following error when I try to access portal:

Event ID: 3

Requestor: Internal Service
Correlation Identifier: 1c15d6bd-a92e-4b37-ab64-e7b67eae8ea4
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.InvalidOperationException: Unable to generate a temporary class (result=1).
error CS0016: Could not write to output file 'c:\Users\業獭牥楶散\AppData\Local\Temp\ax3nbhf5.dll' -- 'The directory name is invalid. '

   at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence)
   at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, XmlSerializerCompilerParameters parameters, Assembly assembly, Hashtable assemblies)
   at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence)
   at System.Xml.Serialization.XmlSerializer.GenerateTempAssembly(XmlMapping xmlMapping, Type type, String defaultNamespace)
   at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
   at Microsoft.ResourceManagement.WebServices.XmlTypeObjectSerializer..ctor(Type type)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Get(Message request)
   --- End of inner exception stack trace ---

I don't know why it is throwing this strange error. I have checked the pool accounts in IIS and sharepoint farm accounts. Everything seems to be fine. Any help will be greatly appreciated

Thanks,

Vishnu

Do you want to be acknowledged as Microsoft Forefront Identity Manager Guru? Submit your work to Sep 2019 competition!

September 1, 2019, 10:37 am
$
0
0


What is TechNet Guru Competition?

Each month Microsoft TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated official post, a tweet fromMicrosoft Wiki Ninjas Twitter account, links will be published atMicrosoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in Sep 2019 and must be in English. However, the original blog or forum content can be from beforeSep 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discuss advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but HIGHLY Recommended) Add a link to your article at the TechNetWiki group on Facebook to get feedback and tips from the council members and from the community. The group is very active and people love to help. You can even get direct improvements to your article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from Ronen Ariely.

Thanks & Regards,
Kamlesh | Blog | Twitter | Posting is provided "AS IS" with no warranties, and confers no rights.

extension-unexpected-attribute-value error during deltasync of two MA's

September 2, 2019, 2:12 am
$
0
0

Hi ,

I have a MIM server where I saw the below error.

Event ID :1000

Event Description: Faulting application name: miiserver.exe, version: 4.1.3733.0, time stamp: 0x56edbcbe
Faulting module name: clr.dll, version: 4.7.3416.0, time stamp: 0x5cabfc63
Exception code: 0xc0000005
Fault offset: 0x00000000005dfeb0
Faulting process id: 0x1548
Faulting application start time: 0x01d55fccc169d656
Faulting application path: D:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: ce0ad3c2-cbcb-11e1-b44b-0050521117ee

Upon checking the issue I found ADMA and another MA  which runs after ADMA,throws error "extension-unexpected-attribute-value" during sync.And stack trace shows below error.

Synchrozization Step : Provisioning

Extension Name : MV Router.dll

Microsoft.MetadirectoryServices.UnexpectedDataException: IMVSynchronization.Provision Management Agent:SMBX XYZ ADMA:XYZAD_MVExtension:RenameSMBXGroupInAD: MV Object Type: SMBXGroup: Provision Exception: An object with DN "CN=MESG_SMBR_PDL,OU=XYZStaticMailSecGroups,OU=XYZMailEnabledSecGroups,OU=XYZStaticDistGroups,OU=XYZDistributionGroups,OU=XYZGroups,OU=XYZ,DC=XYZ,DC=NET" already exists in management agent "SMBX XYZ ADMA".
   at Mms_Metaverse.MVExtensionObject.RenameSMBXGroupInAD(MVEntry mv, ConnectedMA SyncMA)
   at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry)
   at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in C:\Users\DS013289071-3@XYZqa.net\Documents\Visual Studio 2010\Projects\SMBX25\MVRouter\MVRouter.cs:line 204

Can anyone help me here to understand what the issue is and how this can be fixed ?



Custom Error message for "ambiguous-import-flow-from-multiple-connectors"

September 2, 2019, 6:55 am
$
0
0

Hi Guys,

I have a HR MA with multiple joins before project.

sometimes I get "ambiguous-import-flow-from-multiple-connectors" on Delta or Full sync in this MA.

I don't want for the moment fix this issue automatically but just customize the error message and get more info about the multiple connectors.

is-it possible to do that and if Yes can someone give me an example ?

FYI, I am using a Rule extension for the join .

Search

SharePoint Site Collection Not Loading

September 2, 2019, 6:54 pm
$
0
0

I'm installing the FIM Portal and following the guide here https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-deploy

I'm up to the SharePoint configuration so haven't even installed the portal yet. This is the page I'm up to https://docs.microsoft.com/en-us/microsoft-identity-manager/prepare-server-sharepoint. I've completed all of the steps on the page and all the scripts executed successfully. I can see the web application and default '/' site collection when I navigate SharePoint Central Admin but when I navigate to my URL (the one that's shown as the web app and that was scripted), I get a 404 as if there's nothing there. I've installed the MIM Portal quite a few times and this step has always just worked. What could be the problem? I'm not that well versed in SharePoint.

Need some help planning a new MIM environment.

September 4, 2019, 1:39 pm
$
0
0

Current environment: FIM 2010 R2 using 3 servers
FIMSYNC01 - Running Forefront Synchronization Service Manager on Windows 2012 R2
FIMSQLS01 - Running FIMSynchService db and FIMUtility db on SQL Server 2012 on Windows 2012 R2
FIMPRTL01 - Contains FIM Portal which is not being used, may not be needed

I inherited this FIM environment and have learned how to manage it from documentation left by the previous admin. However, I was not involved in setting it up. So, there is a lot I don't know. What I have been told is that there was a lot of customization done to get FIM to do what it is doing so, an in-place upgrade is not going to work.

I will attempt to explain what FIM is doing in my environment:
I have a corporate domain and 6 customer domains. There are no trust relationships between any of these domains. The FIM servers listed above are members of the corporate domain. FIM watches some specific groups in the corporate domain. Any users in these watched groups are provisioned to the customer domains and placed in respective groups in the customer domains.

So, my questions are:

Will MIM 2016 SP1 do this out-of-the-box or will customization be needed? (I already have the licensing needed.)

How many servers do I need? I would like to have just 2 if possible, one for the sync service and one for the databases; as below:
MIMSYNC01 - Running MIM Synchronization Service Manager on Windows 2016
MIMSQLS01 - Running MIMSynchService db and MIMUtility db on SQL Server 2016 on Windows 2016

Performance Issue in lithnet dll while saving data to MIM

September 4, 2019, 6:53 pm
$
0
0

We have used lithnet dll to communicate with MIM. While saving data in MIM using lithnet dll(CreateIdentity function) for first time it is taking too much of time which is causing slowness and end application freeze.

Can anyone suggest which action should we take to decrease time and slowness.

How to approve add new/ Modify employee properties on MIM

September 6, 2019, 2:50 am
$
0
0

Hi everyone

Our system with some factors are:

  • HRMS: Human Resources Management System
  • MIM
  • AD
  • ADFS

I have 2-ways synchronization

HRMS => MIM => AD and AD=> MIM

How can I have approve via the workflow when employee are added / Modified to HRMS?

Thank you for any suggestion


How to approve add new /Modify employee attributes on MIM

September 6, 2019, 2:53 am
$
0
0

Hi everyone

Our system with some factors are:

  • HRMS: Human Resources Management System
  • MIM
  • AD
  • ADFS

I have 2-ways synchronization

HRMS => MIM => AD and AD=> MIM

How can I have approve via the workflow when employee are added / Modified to HRMS?

Thank you for any suggestion


How to find unused Sets

September 6, 2019, 6:51 am
$
0
0

Hi,

How can I find which SETs are not used?

I have hundreds of sets and really need an automated way of doing this.

Thanks.

Regards,

JD

auto enrollment in MIM for password reset ?

September 8, 2019, 4:03 am
$
0
0
Dear any possibility to enroll all the user automatically in MIM for password reset portal like all the mobiles number we have in AD. auto enrollment ?
Search

MIM 2016 SP1 PAM – Integrate with Azure MFA

September 9, 2019, 5:31 am
$
0
0

Hi all,

After reading all the materials I could find on Microsoft docs I'm still not sure if/how cloud-based Azure multi-factor authentication is supported for PAM candidates. As of July 1, 2019 Microsoft no longer offer MFA server for new deployments. What are our options for enabling Azure MFA for PAM role activations?

Best regards,

Jaksa

Created Account in MIM erroring out on Sync - Microsoft.MetadirectoryServices.FunctionEvaluationException: Error

September 10, 2019, 3:22 pm
$
0
0

Hello

I have setup MIM 2016 and all AD users and Groups have been imported into MIM. 

I am trying to create a Contractor Workflow and when I run the MIMMA I get the following error.

Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'ActiveDirectorySponseredUsers'. Details: Object reference not set to an instance of an object.
   at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)

I have dn set 

Please let me know if you need any other information. Thank you in Advanced.

[Urgent] Error while synchronizing with approve workflow.

September 11, 2019, 7:17 am
$
0
0

Hi everyone

Our system with some factors are:

  • HRMS: Human Resources Management System
  • MIM
  • AD
  • ADFS

I have 2-ways synchronization

HRMS => MIM => AD and AD=> MIM

I using custom action https://github.com/Microsoft/MIMWAL/wiki/New-Accounts-Approvalfor approving employee from HRMS. It work fine but suddenly get the error and cannot investigate the root cause. I am newbie and I don't know why my MIM system account "MIMSharepoint" become to "Built-in Synchroniztion account" in this situation. Does it relevant to this error? 

Detail exception message below

System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. 
at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) 
at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes() 
at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString() 
at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly) 
at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime) 
at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, CultureInfo locale, Guid requestor, String[] attributeNames, Boolean includeInlineRights) at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, String[] attributeNames) 
at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.Read(Guid objectId, CultureInfo locale, Nullable`1 requestor, Nullable`1 resourceTime, String[] requestedAttributes, Boolean includeRights) at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessOutputRequest(RequestType request) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request) 
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)

Please help me to resolve it

Thank you very much for any suggestion!




MIM Advanced attribute Flow Precedence

September 12, 2019, 2:38 am
$
0
0

Hello everyone,

i struggling a little with a MIM Sync Engine i'm currently implementing

it syncs from AD to an SQL DB while Generating Emails and checking for duplicates .

so what i need to do is generate a unique email when synchronizing to SQL, then replace the value in AD with this new value 

SQL then becomes PRecedent over AD for Mail attribute

i have the following flow:

AD Mail to Metaverse Mail to SQL Mail

with an EAF from metaverse to SQL where i check for duplicates and generate the mail, 

my issue is that for some reason, when i sync, my flow shows as skipped not precedent... its unique one way flow, i don't understand what precedence is doing here ?

any ideas ?

i've added some snapshots by i can add more if needed

Thanks!

Hitch Bardawil

Error while synchronizing with approve workflow.

September 11, 2019, 7:17 am
$
0
0

Hi everyone

Our system with some factors are:

  • HRMS: Human Resources Management System
  • MIM
  • AD
  • ADFS

I have 2-ways synchronization

HRMS => MIM => AD and AD=> MIM

I using custom action https://github.com/Microsoft/MIMWAL/wiki/New-Accounts-Approvalfor approving employee from HRMS. It work fine but suddenly get the error and cannot investigate the root cause. I am a newbie and I don't know why my MIM system account "MIMSharepoint" become to "Built-in Synchroniztion account" in this situation. Does it relevant to this error? 

Detail exception message below

System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. 
at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) 
at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes() 
at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString() 
at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly) 
at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime) 
at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, CultureInfo locale, Guid requestor, String[] attributeNames, Boolean includeInlineRights) 
at Microsoft.ResourceManagement.Data.DataAccess.GetObject(Guid objectId, String[] attributeNames) 
at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.Read(Guid objectId, CultureInfo locale, Nullable`1 requestor, Nullable`1 resourceTime, String[] requestedAttributes, Boolean includeRights) 
at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessOutputRequest(RequestType request) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch) 
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request) 
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.DispatchRequest[TResponseType](RequestType request, Boolean applyAuthorizationPolicy) 
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessGetWorkItem(ReadRequestWorkItem readWorkItem) 
at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)

Please help me to resolve it

Thank you very much for any suggestion!







Viewing all 7443 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>