Quantcast
Channel: Microsoft Identity Manager forum
Viewing all 7443 articles
Browse latest View live

TLS 1.2 support for OOB SQL MA in MIM 2016 SP2

June 15, 2020, 12:47 pm
$
0
0

Can someone clarify whether the built-in SQL Server management agent in MIM 2016 SP2 can support TLS 1.2?  The sync engine database is on a locally installed SQL Server instance and it doesn't have any trouble.  However, whenever I disable TLS 1.0 and TLS 1.1 via the registry and restart, I am unable to get my SQL MA connecting to a remote SQL Server instance to connect.  I've installed the latest OLE DB driver (18.4) and the MS SQL Server 2012 Native Client build 11.4.7462.6 is also installed.  I can use SQL Server Management Studio 18.5 (build 15.0.18330.0) to connect to the remote instance from the MIM server, so I'm pretty sure the issue is not at the OS or network level.  

Based on what I have seen online, indications are that TLS 1.2-only environments should be supported, but the documentation could be read as the product can be installed with 1.2 but the MAs are not specifically called out.

This is a fresh install of MIM on Windows Server 2016.  (We're replacing FIM 2010-not-R2 and I don't know that we can locate the installers required to do the step-wise upgrades required to maintain the old metaverse.)

Thanks for any information or suggestions you can offer.

Chris Clayton

Search

MIM - change admin user

June 17, 2020, 8:17 am
$
0
0
I changed the MIM administrator user at SQL and Sharepoint level, now I enter the MIM portal and no option is shown. How can I solve it?

IAM

June 19, 2020, 6:00 pm
$
0
0

Hello

some references

Could you please know if the below is doable with IAM and if yes can i have some links to help for understanding how can apply it

Azure IAM service configured to support password management.

Azure IAM service configured to support multi-factor authentication

Azure IAM service and Windows domain(s) configured to support biometrics-based user login to respective Windows Domain using campus machine.

MCP MCSA MCSE MCT MCTS CCNA

MIM 2016 Password Reset QA Gate

June 21, 2020, 9:21 am
$
0
0

Hi,

There are three questions regarding MIM 2016 Password reset with QA Gate :

1- Answers of the questions stored on MIM Service database in an encrypted format [Yes/No], and is there any reference from Microsoft about that?

2- is there a power-shell script or event log to report each user request for password reset? [currently only implemented MIM with password reset no reporting feature].

3- how to list all registered user with QA gate?

Thanks.

How to rename samaccountname in a domain from X123450 to X678900? using MIM

June 22, 2020, 6:37 am
$
0
0
we are in process of re-structuring our domain infrastructure. Planning to rename samaccountname in domain using MIM. Let me know if it possible to rename samaccountname using MIM console?

How to rename samaccountname in a domain using MIM?

June 22, 2020, 6:41 am
$
0
0
we are in process of re-structuring our domain infrastructure. Planning to rename samaccountname in domain using MIM. Let me know if it possible to rename samaccountname using MIM console?

Lost Delete Button for Admins on user object

June 22, 2020, 10:02 am
$
0
0

Somehow, I did something that cause the delete and new button to be removed from Admins view.
I see the buttons on other objects fine.

Thanks,

Nosh

Nosh Mernacaj, Identity Management Specialist

Restore "User Administrators" set

June 23, 2020, 4:45 am
$
0
0

I found the hard way that this set is important.

deleted the set “User Administrators”. In doing so, I lose “New” and “Delete” Buttons on user’s set.

I can reproduce this in another environment and I get the same result. I now know this is important.

The set in question has a well known ObjectID “77197b15-6f61-40ea-8d69-10f3f1fe4904”

There is very little mention of this set anywhere, but I am convinced it is hardcoded based on that objectId.

How can I restore it without doing a DB restore, which I cant do?

Thanks in advance

Nosh Mernacaj, Identity Management Specialist


Search

Search button on the MIM portal not working

June 8, 2020, 7:10 pm
$
0
0

Hi Everyone,

We upgraded MIM 2016 from SP1 to SP2.

1. When we choose the "Connect as" setting in IIS for the hosted MIM portal as "Logged in User" following is happening:

* After the upgrade, the user accounts with readonly access to MIM portal are able to login to the portal with readonly capabilitiy but the Search, Advanced search options are not clickable.

2. When we choose the "Connect as" setting in IIS for the hosted MIM portal as "specified user service account" everything is working as expected.

Please help out.

Thanks!

Microsoft Identity Manager SharePoint 2019

June 25, 2020, 9:46 am
$
0
0

I have setup Microsoft Identity manager in a SharePoint 2019 environment. Not using the portal only sync service. 

There is custom fields setup in SharePoint UPA (wrTitle, wrkPhone, MyDept). I am trying to sync those fields back to AD but every time I run a full sync or a delta sync if I search for a user in the metaverse those fields are blank.

I did added those fields in the Metaverse designer, the funny thing is I have 2 test account and the first run I did it did sync the fields back to AD but any other accounts arecoming blank. 

I am using the same account used in our previous 2013 environment with FIM which has all the necessary permissions to write changes to AD.

I did clear the connector and refresh schema as well and every time I import I do get blank values for those 4 fields, it feels like MIM is not picking up that the values from SP don't match AD.

any help would be appreciated if you could point me in the right direction. 

Azure Password Protection with Banned Password List policy change and MIM SSPR

June 25, 2020, 2:45 pm
$
0
0

Hello Everyone,

 My client is updating password policies and they are introducing Azure Password Protection with Banned Password List and they have MIM SSPR. I question is how we can enforce that protection into MIM SSPR.

Thank you.

Cross-forest group membership management with MIM2016

June 28, 2020, 11:34 am
$
0
0

Hello,

I'm very new to MIM and I'm trying to implement group membership management across multiple forests.

Several forums referenced this guide (however it is for FIM2010 not MIM2016): https://docs.microsoft.com/en-us/previous-versions/mim/ff720154(v=ws.10)

There are some points that I don't really understand (and I think that the guide is not completely migrated from the original site) I hope someone can explain:

- Sync MPR: https://docs.microsoft.com/en-us/previous-versions/mim/ff720154(v=ws.10)#synchronization-mpr -> it states that the MPR is triggered when an object's membership is changed and triggers the FSP provisioning workflow. Based on my testing and understanding, it will only apply to group objects and sets - so only this type of object will be added to the sync policy scope. Am I missing something? 

- FSP set: https://docs.microsoft.com/en-us/previous-versions/mim/ff720154(v=ws.10)#to-create-activedirectory-people-fsps-sets -> it says that "The Resource ID should be in the FSP set that is associated with the forest for which the domain in this set provisions. " Does it mean that I should add this set to the FSP provisioning set (declared in the domain configuration object)? How will be the user FSPs added to the set?

- FSP sync rule: https://docs.microsoft.com/en-us/previous-versions/mim/ff720154(v=ws.10)#to-create-the-synchronization-rule-for-activedirectory-user-fsps -> displayname attribute is also added to the outbound attribute flow, but I think that FSP objects in AD do not have displayname attribute. Can I omit this attribute?

- What will happen if there are membership changes outside of MIM? If I understand correctly, the next MIM sync will add the user's FSP to the provisioning set which will trigger the sync MPR -> but it should fail as the FSP already exist in the target domain. Should I create an inbound sync rule to match FSPs with Person objects?

Thank you in advance for your help!

Getting error "The required field cannot be empty"after updating an RCDC

June 30, 2020, 4:54 am
$
0
0

Hello, 

I've updated my RCDC to control the first and last name when creating a new account in MIM, I added a regular expression that forces the first character to be  a-zA-Z, but after uploading the file, I cannot add users anymore. I uploaded the original file again, but it didn't work, it's still giving the same error "The required field cannot be empty". 

Is there a way to find what's the exact value/field that is causing this issue ? 

Thanks in advance 

MIMWAL Referenced Assemblies not found

June 30, 2020, 7:23 am
$
0
0

Hi all,

I'm looking at installing MIMWAL. I'm using the documentation from here:

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/mim-wal-installation-guide-part-1/ba-p/974591

The documentation says I need 4 assemblies from a specific version of FIM:

Following files from FIM hotfix build v4.1.3496.0  (https://support.microsoft.com/en-us/kb/2906832)
1. Microsoft.IdentityManagement.WebUI.Controls.dll
2. Microsoft.IdentityManagement.WFExtensionInterfaces.dll
3. Microsoft.ResourceManagement.dll
4. Microsoft.ResourceManagement.WorkflowContract.dll

I've come up against 404 page not found, or that the hot fix is no longer available.

It seems that the referenced Windosw SDK is unavailable as well.

Is there a fully up-to-date install guide or can someone please point me to where I can locate these files?

Any help would be greatly appreciated.

-- Tim.


Nested reference for allowed requestor in MPR doesn't work?

June 30, 2020, 9:02 am
$
0
0

The goal is to have a single MPR to allow modification of one set of attributes by a list of "department managers" users in each department for users only in their department.

So I might have department 1, with users a, b, c, and department manager d, and department 2, with users e, f, and g, and department manager h.  Department manager d should be able to modify firstname and lastname of users a, b, and c, but not of any other users.

I have set up a list of department resources with a multivalue reference attribute containing these "department managers".  I have added a single value reference attribute to the user resource for  "department reference" and have it populated with these departments resources.  

I thought that I would be able to create an MPR to grant access to modify those attributes to "relative to resource" DepartmentReference/DepartmentManager (as one might do with an MPR to allow access to modify some attributes by "Manager").  But it doesn't work.  

Is there some way I can do this without adding another attribute to users and having a workflow update it every time a user's departmentreference or the department managers list in department reference changes?

Search

Recieving Stopped-server errors in FIM 2010 R2

July 7, 2020, 11:32 am
$
0
0

Hello all,

I randomly get stopped-server error during my export to FIM Services MA.  When I look at event viewer i receive:

System.InvalidOperationException: The export session has timed out waiting for responses.  

 That amount of time can be configured using the exportActivityTimeoutInSeconds attribute of the resourceSynchronizationClient element within the Forefront Identity Management Synchronization Service application configuration file.  The default duration is 600 seconds.  If the volume of requests is very high, then using that attribute to increase the duration would be advisable. 

 However, one should investigate why no responses to export requests have been received within the default amount of time.  Requests created on behalf of the Forefront Identity Manager Synchronization Service should be investigated to determine whether they are taking an unexpectedly long time to process. 

What would be causing this?   If i run the export again, its okay. Is it because the FIM service database was locked because of a SQL maintenance job? or is there a permission issue?  I'm at a lost.

Just in case, we recently migrated our FIM SQL databases to a new server. Is there some configuration I  may have missed to cause this? 

Thank you in advance.

Device instance path of plugged in devices

July 7, 2020, 11:38 pm
$
0
0

Hi,

I wanted to know how a external plugged-in device is uniquely identified by windows device manager. Whether Device instance path of these devices is inbuilt into or being assigned by system after insertion?. If this device instance path ID is assigned to device by windows to uniquely identify , then whether this ID will be changed when the same device is inserted to other USB interface on the same windows machine?.

Thanks

PAM (privileged access management privilege account) settings

July 8, 2020, 1:42 am
$
0
0

一、【问题描述】:域控是Windows Server 2016,和Exchange 2015, skype for business,高度耦合,特权账号的对接和管理?

Active Directory 域服务的 Privileged Access Management

1、 [problem description]: the domain controller is Windows Server 2016,and  highly coupled with exchange 2015, Skype for business, and the connection and management of privileged accounts?
Privileged access management for Active Directory Domain Services

https://docs.microsoft.com/zh-cn/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services

二、【诉求】:AD 域控的相关对接账号该如何管理?

2、 [appeal]: how to manage the relevant docking accounts of ad domain control?


AD Accounts

July 10, 2020, 4:54 am
$
0
0
What does it mean where an account LastLogonTimeStamp is 01/01/1601 00:00:000 AND the PwdLastSet is also 01/01/1601
00:00:000; What does it mean where an account LastLogonTimeStamp is 01/01/1601 00:00:000 BUT the PwdLastSet field has a date/time? 

Maximum number of additions to a multi-value attribute in one request

July 12, 2020, 4:00 pm
$
0
0
Just curious, is there a maximum number of adds to a multivalue attribute in a single request in the MIM Portal? Like for the Add Member for a Security Group, how many users can I add to that box in one request? Is there a max or is unlimited?
Viewing all 7443 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>