trying to export organizationunits into the bhold core.
Gettting export error "required objectidentifier is missing" on running export.
Have followed the microsoft documentation but still facing issues.need help
Thanks in advance
shakti
↧
BHOLD Organizationunits export error. "objectidentifier" is missing
↧
EXporting a copy of the metaverse to an AD LDS
Hello Everyone,
hope you can help out with this small question i have,
i'd like to have an AD LDS be an exact copy of my metaverse. so i've created a schema on my AD LDS server that is similar to my MV, but i'm not sure if i can just export the whole metaverse to AD LDS.
is that in any way possible ?
thanks !
Hitch Bardawil
↧
↧
FIM GALSync ma-extension-error
Hi,
Getting the following event setting up FIM.
Message: The property 'AddressListMembership' is on a read-only object and can't be modified.
This is syncing contacts into a domain with Exchange 2010 SP1. The other domain (where the FIM server lives) is running exchange 2013 and not experiencing errors.
I have followed the steps outlined here for rights: http://social.technet.microsoft.com/wiki/contents/articles/4868.permissions-for-galsync-user.aspx#_Toc305417939
I can't find any attribute for AddressListMembership, so I assume this is associated with an Exchange role? What can I do to give these rights to the FIMGALSync Account? I want to keep these rights as limited as possible.
Cheers.
------------------------
Log Name: Application
Source: FIMSynchronizationService
Date: 9/05/2013 1:26:05 PM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CORP-FIM01
Description:
The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local
computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=User,OU=Contacts,OU=GalSync,DC=domain,DC=com.
Type: System.Management.Automation.RemoteException
Message: The property 'AddressListMembership' is on a read-only object and can't be modified.
Stack Trace: at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke()
at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)
the message resource is present but the message is not found in the string/message table
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="FIMSynchronizationService" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-05-09T03:26:05.000000000Z" />
<EventRecordID>1963</EventRecordID>
<Channel>Application</Channel>
<Computer>CORP-FIM01</Computer>
<Security />
</System>
<EventData>
<Data>
There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=user,OU=Contacts,OU=GalSync,DC=domain,DC=com.
Type: System.Management.Automation.RemoteException
Message: The property 'AddressListMembership' is on a read-only object and can't be modified.
Stack Trace: at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke()
at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)</Data>
</EventData>
</Event>
↧
Stopped-extension-dll-load Error with Extensible MA
I have created Extensible MA in visual studio 2010 and added .dll file to Extensions folder.
I made sure that the file name is consistent through out the wizard.
Also pulled in the latest Metadirectoryservicesex.dll and compiled and retried but it throws this error "stopped-extension-dll-load" in the status message.
I don't know why this is throwing this error message.
Any idea?
Thanks,
↧
FIM 2010 - AD attribute anchor changed
Hi,
I´m running FIM 2010 and I have set anchor for few attributes. One of this anchor attribute changed. Let´s say user Alex Boss had Office attribute like US01 and then this attribute was changed to US02. FIM management agent gives me error during Full sync now. Do you have idea?
Error:
A Forefront Identity Manager error has occured: completed-sync-errors
MA Name: AD-MA
MA Run Profile: Full Synchronization
Start date & time: 2013-08-30 08:21:09.907 End date & time: 2013-08-30 08:21:46.890
Total connector space objects: 2134
Total Connectors: 2036
Connectors: 2036
Explicit Connectors: 0
Total Disconnectors: 96
Disconnectors: 95
Explicit Disconnectors: 0
Filtered Disconnectors: 1
Total Placeholders: 2
Import Add: 96
Import Updates: 6
Import Deletes: 0
Import No Change: 2030
Export Add: 0 Export Updates: 0
Export Deletes: 0
↧
↧
How can we restrict the user for not allowing the space and '&' in display name while creating the group in FIM portal
Hello All,
While creating group user are entering space and '&' in display name,How can we restrict the user for not allowing the space and '&' in display name while creating the group in FIM portal. Is something need to be change in RCDC? Kindly help.
Regards,
Anirban Singha(India)
↧
Powershell script runs from command line but not from within FIM Workflow
Following is a sample of a powershell script that runs fine from the powershell command line but not from within a FIM PowerShell Workflow Activity. Note that the “solaris” session specified in the snippet below is defined in PuTTY with applicable IP address. During execution of the workflow, the script does run up until the last line (it does some log file writing and some other processing not reflected in the snippet below). The last line is an attempt to logon to a remote machine and execute MyScript.sh. MyScript.sh never gets executed.
Additionally, the rest of the workflow that follows this PowerShell Workflow Activity ALSO never executes. Thus it appears that the script below hangs on the last line. I thought adding the –batch would alleviate this, but not so. Again the script runs fine from the powershell command line.
……………………………………………………………………………………………………………………………………………
Param
(
[String]$USERID,
[String]$USERNAME
)
$myApp = "D:\plink.exe"
[Array] $Creds = ("root", "<root-password>"), ("sysadmin", "<sysadmin-password>")
$sshcommand = & $myApp -load solaris -batch -l $Creds[0][0] -pw $Creds[0][1] /root/SOFTWARE/MyScript.sh $USERID $USERNAME
Return ""
……………………………………………………………………………………………………………………………………………
I replaced the last line with the following and got the same results:
D:\plink.exe -batch -load solaris -l $Creds[0][0] -pw $Creds[0][1] /root/SOFTWARE/MyScript.sh $USERID $USERNAME
I tested initiating this script from the FIM workflow activity using both the “Read from File” option and the “Include in Workflow Definition” option. I get the same results either way.
I noted that the command line was running PowerShell Version 3.0, while FIM was running Version 2.0. I tested running this script from the command line as both Version 2.0 and Version 3.0, and it works successfully in both cases. Thus the issue does not appear to be related to the version of PowerShell that FIM is running per se. I understand that PowerShell 3.0 requires .NET Framework 4.0 and that the FIM Service runs on the 3.5 Framework, so perhaps the issue is related to these differences?
Any thoughts on what may be causing this issue and how to resolve? Does FIM perhaps not support Plink? I appreciate that the issue might not have anything do with FIM and may just be powershell-specific, so I am posting on a powershell forum as well. But also posting here in case anyone has seen this with FIM and been able to resolve. Thanks for any ideas!
Ramona Balke
↧
Add users to groups using workflows
Hi,
My scenario is I need to create Distribution Groups that meet the following requirements:
1. Initially populated with every "Active" user account
2. New "Active" user accounts will be added to the automatically
3. Users can leave and join the DGs at will using the Portal (I would also like to enable users to leave DGs through a hyperlink in an email but this is optional at this point in time)
The solution I am thinking of involves using manually managed DGs and two workflows one for adding all existing active users to the DGs and a second one that adds new active users to the DGs. The problem I am having right now is I can't figure out or find any documentation on how to add a user or a group of users to a FIM DG using a workflow. Does anyone in this forum know how to do this and care to share this knowledge?
↧
Computed Actor and Approver - quick question
Just wondering whether 'Computer Actor' and 'Approver' always points to the same persons?
If I would set a group as 'approver' in my approval WF it still comes up as a person (or persons) in both fields in request details.
Does 'Computer Actor' field mean that MS is planning to have an Approval Delegation scheme in FIM in a future?
the only thing I really miss in FIM now is delegation... It would be nice to have 'approve on behalf', delegation of rights for users on vacations and so on...
↧
↧
Security Group Lifecycle Management
I am looking to implement group managment via FIM within our organization. Along with this I would however like to add some lifecycle managment onto to these groups. Other than an setting an expiration date on the groups what other options are out there? I would obviously like to have this automated as possible. Major concerns are scenarios where a group owner gets terminated can this trigger a change in ownership of the group etc...
↧
Can FIM web service enable HTTPS?
Can FIM web service enable HTTPS?
↧
Powershell Xpath to Query to find the membership of the set.
Hi All,
Can we use Powershell to find the membership of the set ?
I have to get the list of membership to the set All people using powershell.
The below is the powershell I am trying to achieve to get the list of membership, kindly advice.
# Load FIMAutomation module
if(@(Get-PSSnapin | ? { $_.Name -eq "FIMAutomation" } ).Count -eq 0)
{
Add-PSSnapin FIMAutomation;
}
$Set = Export-FIMConfig -customConfig "/Set[DisplayName='All people'/ComputedMember]" -Uri "http://localhost:5725" -OnlyBaseResources
$Set
Regards,
Anirban Singha(India).
↧
Need to create a script on MIIS
Would someone help me in creating a script read from CSV file to disconnect objects form a CS, only one connector needs to be disabled from object that has 3 connectors.
I’m using MIIS server 2003 SP2, and windows Server 2003 enterprise SP2
↧
↧
OpenLDAP XMA don't understand objects deletion
Hi guys,
I am using the Open LDAP XMA to import user information to an AD.
Everything is going fine, except when a user is deleted on OpenLDAP. The MA appear to don't understand this because its information disappear on the XML file but still on the OpenLDAP XMA connector space.
Thank you
Diego Shimohama
- Diego Shimohama http://www.dshimo.com.br
↧
Creating custom workflows using powershell
I am trying to create a workflow using the FIM powershell module from codeplex.
I have created a attribute in FIM called "mygroupexpiration" and it is linked to user object.
My aim is to add current date + 90 days to "mygroupexpiration" when user transition in to a set.
I have created transition in MPR and which in turn calls a custom workflow to add date to mygroupexpiration.
In the custom workflow, i have selected action and selected powershell module and added the following script , but in the portal request section i am getting an error that workflow was aborted.
<RequestStatusDetail xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" DetailLevel="Information" EntryTime="2013-08-07T11:09:49.4741289Z">Workflow
Instance '8584232d-c896-437e-af02-39c3584ae583' was aborted.</RequestStatusDetail>
Any suggestion or help in the script is highly appreciated.
##--------------start of the script------------------
### Load the FIM PowerShell Module
###
if (-not (Get-Module FimPowerShellModule))
{
Write-Verbose "Loading the FIM Service Config Module from: C:\CodePlex\FimPowerShellModule"
if (-not (Test-Path C:\installers\FimPowerShellModule.psm1))
{
Throw "This script requires the FimPowerShellModule from http://fimpowershellmodule.codeplex.com"
}
Import-Module C:\installers\FimPowerShellModule.psm1 -Verbose:$false
}
Add-PSSnapin FIMAutomation -Verbose:$false
$ErrorActionPreference = 'Stop'
$ProgressPreference = 'SilentlyContinue'
$ENV:ADPS_LoadDefaultDrive = 0
$dates =([DateTime]::Now).ToString('M/d/yyyy')
###
### Get the Target
###
Write-Verbose ("Getting the Targetby ObjectID: {0}" -F $fimwf.TargetId.Guid)
###$Target= Export-FimConfig -CustomConfig ("*[ObjectID='{0}']" -F ###$fimwf.TargetId.Guid) | Convert-FimExportToPSObject
$Target = Export-FIMConfig -CustomConfig [System.String]::Format("*[ObjectID='{0}']") -Uri "http://localhost:5725" | Convert-FimExportToPSObject
New-FimImportObject -ObjectType Person -State Put -AnchorPairs @{ObjectID = $Target } -Changes @(New-FimImportChange -Operation replace -AttributeName 'mygroupexpiration' -AttributeValue $dates ) -ApplyNow
##-------------End of script---------------------------
AdiKumar
↧
FIM MA Server Stopped
Hi-
I'm trying to run FIM MA 'Full Import' and receiving an error 'Server stopped', FIM Sync Engine and FIM Portal are installed on differenet Windows Server 2008 R2.
Logs from FIM Sync Engine server says :The management agent "FIM SERVICE" failed on run profile "FI" because the server encountered errors."
Logs from FIM Portal Server says :A user request from the session with SPID 115 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.
Any suggestions/ideas pls...
FIM 2010 V4.0.3606.
↧
You could be September's TechNet Guru! Turbo charge your CV with awards and interviews! Get noticed!
TechNet Wiki is partnering with... YOU!
Give us some juicy technical content and we might big you up!
It really is that simple!
Show us your forum solutions or drop us some nifty snippets and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
If you spend any amount of time crafting an awesome answer to a forum question, or just learnt something new, then why not get the most back for your efforts, by posting it to TechNet Wiki.
1) Please copy over any solutions and revelations to TechNet Wiki.
2) Add a link to it on THIS WIKI PAGE, so we know you've contributed
3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
If you win, we will sing your praises, similar to the weekly contributor awards, however once "on our radar" and making your mark, you will probably be interviewed for your greatness, and eventually even invited into other TechNet/MSDN circles!
Either way, winning this award in your favoured technology can only be very good for your career! ;)
Feel free to ask any questions below.
Thanks in advance!
Pete Laker
#PEJL Got a good solution? If you invest your time in coding an elegant/novel or large answer on these MSDN forums, why not copy it over to our belovedTechNet Wiki, for future generations to benefit from!
↧
↧
Schedule FIM MA Run Profiles via Windows Task Scheduler
Hello,
I have connected FIM 2010 R1 with an Oracle Database through two Management Agents, in order to bring to FIM Portal some data from this Oracle Database. Everything works fine by manually executing the Run Profiles of the MAs. Now, I want to automate this work. Is there any way to schedule the execution of these profiles of MAs through Windows Task Scheduler?
Thanks in advance,
Griselda
↧
Values not getting saved in custom attribute at FIM portal. Error comes " Action was discarded because of access control policy"
I have created a custom attibute at FIM portal. Then i created its binding . I have added the attribute in Filter permissions of Administrator . The attribute is called Employee number and it appears at my User creation form. I am unable to rectify why iam not able to store values in the attribute.
I think its issue with MPR ! can anyone point the MPR which are to be updated for Custom Attributes.
Regards,
Shivam Pratap Singh
↧
FIM 2010 for GALSync cross forest, Exchange 2013
hi All,
We have a AD in Multiple Forest Multiple domain. Each forest and domain represent the single company. Each company have different Exchange version, Exchange 2007, Exchange 2010, and Exchange 2013. We only have FIM 2010 (not R2 version). Just simple question, Can FIM 2010 do the GALSync for Exchange 2013?
Based on this article, http://technet.microsoft.com/en-us/library/aa998597(v=exchg.150).aspx, Exchange 2013 is only supported by FIM 2010 R2 Sp1.
Thanks.
Endrik
Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
↧