All the votes are in! 

And below are the results for the TechNet Guru Awards, August 2015 !!!!

The TechNet Guru Awards celebrate the technical articles on TechNet, contributed from valued wiki authors like YOU!

Each month, the contributions are scored by a panel of judges (5 per category, 2-3 in each are MS experts), and the winners of each category are showered with love and attention from all corners of TechNet.

See the links at the bottom, to find out more about the competition and how to enter.

We have picked the top three highest scored contributions for each category to bestow our awards upon.

The awards are in gold, silver and bronze, the gold obviously being the top winner of the category.

The last column is just a few of the comments judges made during the judging process.

In some cases, we have not obtained permission to use the judges names, so they have been reduced to initials.

My fellow wiki ninjas will be digging deeper into some of these articles in this blog series, so watch out for those.

Starting this month you will notice some articles are marked as failing to meet our minimum bar for quality or content.

Any of our judges can exercise their right to veto an article, if they do not feel it meets minimum requirements for a medal.  

When this is the case, we will at least give an indication of the reason, so you understand why.

A big thank you also to the other authors who did not make the top three of each category.

Some articles only just missed out, so we may be returning to discuss those too, in future blogs.

BizTalk Technical Guru - August 2015

Also worth a mention were the other entries this month:

• Performance issues in BizTalk and How to maintain and troubleshoot BizTalk Server databases by Kamlesh Kumar
  LG: "Link to this article is broken. Seems it is broken on TechNet."
  Sandro Pereira: "Despite the content is good, the article needs a new layout, it need to be more organized (header, toc, ...) to have more value. At the moment it's too confused"

Forefront Identity Manager Technical Guru - August 2015

Also worth a mention were the other entries this month:

• Cut down on your PowerShell code with the Lithnet FIM Service PowerShell module byRyan Newington
  PG: "nice article, interesting comparison but majority of the article is from Paul Williams content. And you should add proper credits (now fixed)"
• How to Run Management Agent - XML Source with Powershell by AnirbanSingha
  PG: "Small but interesting, quick fix"

Microsoft Azure Technical Guru - August 2015

Also worth a mention were the other entries this month:

• Developing a Recommender Solution with Azure Machine Learning byChervine
  AS: "Good. However the ML engines is failing - I would not recommend Life of Pi to someone how has watched The Lego Movie :)"
  JH: "This one was already covered in our Article Spotlight. I love the articles from Chervine." 

Miscellaneous Technical Guru - August 2015

Also worth a mention were the other entries this month:

• ASP.NET: How to consume WEB API from MVC4 using RestSharp byGaurav Kumar Arora
  Philippe Levesque: "Good contents and article layout is really nice"
  Richard Mueller: "Good use of Wiki guidelines. Are the images out of order? Grammar needs work."

SharePoint 2010 / 2013 Technical Guru - August 2015

Also worth a mention were the other entries this month:

• SharePoint 2013: Working with REST API using jQuery Ajax byDanish Islam
  Ashutosh Singh: "good and well structured article"
  KB: "Like already mentioned by others, it is better to elaborate further in order to have more added value on top of the already existing MSDN articles."
• K2 for SharePoint byAshish Mishra
• Disable IE Esc for Windows Server 2008 byDanish Islam
• Real World Problem and Solution  -  Sandbox Solution: Disable List Throttling byAshish Mishra
  Ashutosh Singh: "Changing the standard throtlling setting more than 500 causes table lock inplace of row lock so for normal users in genral scenario is highly not recommended"
  KB: "For which version of SharePoint is this? You cannot have code behind in a sandboxed solution in SP2013. "
• Rename Central Admin Database in SharePoint 2010 using PowerShell byDanish Islam
  KB: "Very useful article, but the layout is rather primitive: your code snippets should be rendered differently to make it easier to read."
  
• Sharepoint Content Hub Rollback / Cleanup Script byGanesan Rajesh Kumar 
  KB: "Useful script!"
  

Small Basic Technical Guru - August 2015

SQL BI and Power BI Technical Guru - August 2015

Also worth a mention were the other entries this month:

• Power BI - Building Relationships Between Tables when Each has Duplicate, Non-Common Values in Columns by smoupre
  PT: "This is a common stumbling block for model designers and a good technique. Thanks"
  RB: "Interesting subject but not really wel explained"

System Center Technical Guru - August 2015

Transact-SQL Technical Guru - August 2015

Universal Windows Apps Technical Guru - August 2015

Visual Basic Technical Guru - August 2015

Also worth a mention were the other entries this month:

• Surface Areas and Volumes Calculator by.paul.
  Richard Mueller: "Good formulas. Some examples using this could help."
  Carmelo La Monica: "Great article and content. Congrats!" 

Visual C# Technical Guru - August 2015

Wiki and Portals Technical Guru - August 2015

Windows PowerShell Technical Guru - August 2015

Windows Presentation Foundation (WPF) Technical Guru - August 2015

Windows Server Technical Guru - August 2015

A huge thank you to EVERYONE who contributed an article to August's competition.

Hopefully we will see you ALL again in September 2015's listings?

If you haven't contributed an article for this month, and you think you can create a more useful, clever and better presented wiki article than the winners above,here's your chance! :D

Best regards,
Pete Laker

More about the TechNet Guru Awards:

• TechNet Guru Competitions

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

I'm getting the "Unable to process your request" error quite a lot here. Most often it happens right after making a change to an object. I click Finish, the popup closes, the page tries to refresh, and then goes (after only a second or two) to the "Unable to process your request" page. In all cases the change I was making does in fact get made.

I thought it was poor performance due to an initial bulk load, but that's finished now and it's still happening, pretty much all the time. The server is a new build and I have not yet made any changes inside the portal, apart from loading in around 40k objects. The big difference is they have forced me to put the DB on a seperate SQL server (version 2008 R2). As far as I can tell the throughput is ok - I have a 100 Mbps link and during a large export it uses 25% of it.

I don't see anything in the svclog at the time the error occurs.

Any ideas?

Hi,

We have an HR system, and one of the user attributes is the 'manager' field, which contains the firstName and surname of their manager.

Since the AD manager attribute is a reference attribute, can we just export this HR manager value (firstName and surname) into the AD Manager field?

Or do we need some means of a work around and use code to set the manager attribute in AD?

Thanks,

SK

We have a SQL Table of users and their managers as main source to MetaVerse.

The table is provided by HR and gives the ids for all the INTERNAL users + managers.

However, some of the INTERNAL users may have EXTERNAL managers and these manager ids will not exist in the Sql table as "user ids".

In this case FIM will flow a null to manager field in the MetaVerse as it cannot find (dereference the external manger's id)

All is not lost, all managers should have AD accounts. The manager's id not in HR table can be found in AD 99 times out of 100.

What I want to know is the best strategy to fill in the MV manager attribute when null by getting it from AD. What confuses me is the manager being a 'reference' field. This fact may limit my options.

What if I wrote some C# import attribute flow rule for the HR MA, is it OK just to push the DN *string* of the manager found in AD into MV:manager attribute? If not what should this C# code do??

What is best way to cover this hole, I am sure we are not unique in this situation?

Hi, 

I have a cd-error when I run an export on AD Management Agent 

The message error is "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." 

On the export changes there is an update of the useraccountcontrol 514 -> 512. 

I don't know why I have this problem ? 

Any idea to fix it. 

Thanks

Greetings and salutations.

I am attempting to alter an existing Powershell script that we have for creating groups in FIM that pulls groups from Active Directory and creates them in FIM.  We target a single OU.

What I attempting to do should be very straight forward, but obviously not because here I am! All I want to do is update the FIM group object(s) organizationalUnit attribute with a new value. To finish that thought to help you understand what it all does; the group will then be moved to that new OU later in the script.

The function I created is a piecemeal of an existing function that adds members to a group in FIM. It's very similar code to what you find in this Technet article https://technet.microsoft.com/en-us/library/ff720152(v=ws.10).aspx

Here is the function I wrote to accomplish the organizationalUnit attribute update:

function UpdateFIM_SetNewOU ($ADCredentials, $LocalDC, $SearchRootGrp, $LDAPFilter, $PropList, $FIMPortalCredentials, $ResourceManagementURI)
{
	Try
	{
		Connect-QADService -Service $LocalDC -Credential $ADCredentials

		Get-QADGroup -SizeLimit 0 -SearchRoot $SearchRootGrp -LdapFilter $LDAPFilter -SearchScope Subtree -IncludedProperties $PropList	|
		Select-Object $PropList |
		Foreach-Object {
			If($debug){Write-Host $_.sAMAccountName}

			$GroupAccountName = $_.sAMAccountName
			$OU = $NewGroupOUDN

			If($debug){Write-Host "`r`n$(Get-Date): Group Name: $GroupAccountName" -foregroundcolor white -backgroundcolor darkred}
			If($debug){Write-Host "$(Get-Date): New Group OU: $OU"}
			Add-Content $ResultFile "`r`n$(Get-Date): Group Name: $GroupAccountName"
			Add-Content $ResultFile "$(Get-Date): New Group OU: $OU"

			#Get the group object from the FIM Portal.
			$ImportObject = $null
			$ImportObject = QueryResource -filter "/Group[AccountName=""$GroupAccountName""]" -uri $ResourceManagementURI -Credential $FIMPortalCredentials

			if($ImportObject)
			{
				#Initialize variables for modifying a FIM Portal object.
				$ModifyImportObject = $null
				$ModifyImportObject = ModifyImportObject -TargetIdentifier $ImportObject.ResourceManagementObject.ObjectIdentifier -ObjectType "Group"
				if($ModifyImportObject)
				{
					#Set organizationalUnit attribute in modified import object
					SetSingleValue $ModifyImportObject "organizationalUnit" $OU
					$UpdateObject = $null
				  	$UpdateObject = (,$ModifyImportObject)
				  	$UpdateObject | Import-FIMConfig -uri $ResourceManagementURI -Credential $FIMPortalCredentials
				}
			}
		}

		Disconnect-QADService
	}
	Catch [System.ArgumentException]
	{
		#Potential bug with Import-FIMConfig.  The FIM Portal request completes without any errors.
		Add-Content $ResultFile "`n$(Get-Date) The object $ObjectID was updated in FIM."
		$ReturnValue = $true
	}
	Catch [Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException]
	{
		Add-Content $ResultFile "`n$(Get-Date) The object $ObjectID was not updated in FIM."
		$ReturnValue = $false
	}
}

Here is the error I receive at the point where it pipes UpdateObject to the Import-FIMConfig cmdlet.

SourceObjectIdentifier : urn:uuid:d55e4f2e-912d-45ca-a677-7efb16b9f7b5
TargetObjectIdentifier : urn:uuid:d55e4f2e-912d-45ca-a677-7efb16b9f7b5
ObjectType             : Group
State                  : Put
Changes                : {organizationalUnit}
AnchorPairs            :

Import-FIMConfig : Failure when making web service call.

SourceObjectID = urn:uuid:d55e4f2e-912d-45ca-a677-7efb16b9f7b5
Error = System.InvalidOperationException: Operation is not valid due to the current state of the object.
   at Microsoft.ResourceManagement.WebServices.Client.AttributeContainerHelper`1.GetAttribute(String attributeName)
   at Microsoft.ResourceManagement.Automation.ImportConfig.ConvertTypedAttributeValue(String objectType, String attributeNam
e, String value)
   at Microsoft.ResourceManagement.Automation.ImportConfig.UnifiedClientPut(List`1 changeList, UniqueIdentifier objectIdenti
fier, String objectType, CultureInfo locale)
   at Microsoft.ResourceManagement.Automation.ImportConfig.ProcessLocaleBucket(String objectIdentifier, String objectType, D
ictionary`2 localeBucket)
   at Microsoft.ResourceManagement.Automation.ImportConfig.Put(String objectIdentifier, String objectType, List`1 changeList
)
   at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()
At C:\MnDOT\Scheduled Tasks\Copy AD groups to FIM -Task.ps1:485 char:43
+                 $ModifyImportObject | Import-FIMConfig <<<<  -uri $ResourceManagementURI -Credential $FIMPortalCredentials+ CategoryInfo          : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException+ FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

When I do a Fuji apple to Granny Smith apple comparison of the existing group membership update function to this one, the objects all look to be identical in nature, with obviously different attributes and values being used.  I don't see how this is not working, and I am about ready to quit and become a gardener.

Cheers,

Jesse B.

P.S. I can upload the full script if necessary.

Hi,

I am looking for a solution using FIM 2010 r2.

1. Please let me know if it is possible to sync gal across 2 forests 1 exchange 2010 SP3 and 2nd Exchange 2007 SP3.

2. Do we need to create any sort of domain or forest trusts.

3. Do we need create VPN tunnel Connectivity between 2 forests.

4. Do we need to setup FIM servers in both the forests.

5. Do we need to setup FIM server in DMZ.

6. MIM 2016:- Can it be used with Exchange 2007 for GAL SYNC.Exchange 2010 and Exchange 2007 FIM 2010 R2 Gal sync without domain or forest trust

Hi All,

We have a group attribute in FIM Portal where the value for it is in the form of a drop down with 3 options. Ex: Its A, B, C. Now they want it to be replaced with X, Y, Z. We know that this can be handeled easily in Group Creation RCDC while creation of new groups in FIM Portal. We were wondering for the existing groups how do we manage? We updated the RCDC for Group Modify and View, but when we go to the groups we can see the the drop down values as A, Y, Z, X.

Does it mean that using PowerShell script we will have to update the attribute value to the new values as a One time cleanup for existing groups? Or is there any other way.

Kindly help!!

Regards,

Veena

Hello,

Currently we are syncing across forests, with a single source of truth, we have a couple thousand group objects and about 30,000 user objects. I was wondering if it is possible to configure de-provisioning for deletion of user objects only and make groups regular disconnectors.

We had an issue where someone deleted a couple of groups in the source of truth, by accident and it deleted the groups in the other forests. But we want to delete users when they are deleted from the source so we don't have a bunch of orphaned users in other domains.

Any suggestions would be appreciated.

Thanks

Russell Lema

So here is our scenario

We have an old domain, that we are currently using as the source of truth and provisioning and syncing across forests to 4 other domains

domainA -> DomainB, DomainC, DomainB-Dev, DomainB-QA - Auto every hour

We have rule extensions in place to modify everything due to OU structure and other attributes.

Now I have 2 other FIM instances in DEV and QA that have the same rules as prod - the main issue is that we aren't updating

DomainA-Dev ->DomainB-Dev , rest of MAs disabled - manually run

DomainA-QA -> DomainB-QA, rest of MAs disabled - manually run

So We are using quest to update DomainA-DEV &QA

The main question I have is, would it be better to stand up another instance of FIM to sync and provision to DomainA-DEV &QA or should I use the current instance, even though we massage some of the attributes being projected into the MV.

I see positives for both.

Thanks for any help.

Russell Lema

Greetings,

I'm having an issue with a FIM Sync server.  I have the typical PS script that runs MAs. But when I run the script I'm getting Provider load failure.  This PS line is the one causing the issue.

$MA = get-wmiobject MIIS_ManagementAgent -namespace "root/MicrosoftIdentityIntegrationServer" -filter "name='$MAName'"

When I run this line in PowerShell (substituting $MAName for the actual MA name), I get the same error. When I open WBEMtest.exe, I connect to Namespace: root\MicrosoftIdentityIntegrationServer, then run a Query: select * from MIIS_ManagementAgent and I get the same error.  When I click on Enum Classes, level the superclass name empty, click on Recursive I'm only returned 60 objects.  Interestingly enough when I do this on a FIM server that works it returns 72 objects.  The ones that are missing are the 10 that start off with CIM_ and the 2 that start with MSFT_.

I've tried wimmgmt /verifyrepository - all good.  Even did wimmgmt/resetrepository.  then did mofcomp mmswmi.mof. Still not working.

I re-installed FIM sync.  Still no luck.  I also ran wmidiag.  I did find this error in there: !! WARNING: MOF file of WMI Provider 'MIIS' ({9A6AE3F8-5DEF-416E-A569-BB74B3184DC6} / NETWORKSERVICEHOST) of namespace 'ROOT/MICROSOFTIDENTITYINTEGRATIONSERVER' CANNOT be located.

Any guidance would be appreciated

Hi FIM Experts,

For any Search Scope, FIM by default sorts out the result based on "Display Name" attribute. We have a requirement to sort the results for 1 particular Search Scope based on some other attribute.

Is there any way to do this? I am clueless at this point. I was able to add/remove attributes to be viewed in the Result panel but was unable to find a way to change the default sorting.

Any help would be appreciated.

Thanks!

Veena

Hi All,

I want to form a PowerShell query to fetch all the groups from FIM expiring on a particular date. Is it possible? I want to ignore the year and consider only month and date as this will be part of task scheduler and will be running on a monthly basis.

Currently the groups in FIM seem to have expiration time in the format mm/dd/yyyy 00:00:00 AM/PM.

I am guessing querying groups based on expiration time is not as simple as I thought. I have gone through the blog below as well but still I am not able to form the query for my requirement.

http://blogs.msdn.com/b/syamp/archive/2011/03/13/fim-2010-xpath-how-to-check-null-value-on-a-datetime-attribute.aspx

Any suggestions?

Regards,

Veena

Hello,

We are about to upgrade existing Active Directory infrastructure from 2003 to 2012. Considering Domain name will remain as it is but IP for DC and Hostname will be changed. FIM Version currently being implemented is FIM 2010 R2 4.1.3419.0.

Require help in finding the feasibility & possibility as per the up-gradation activity. URLs for help are also welcomed. Appreciating in advance in case anyone can help with the steps to be performed.

Regards,
Manuj Khurana

I am trying to install PAM server. I have followed this guide https://technet.microsoft.com/en-us/library/mt345588.aspx with a couple of difference with my environment. 

I have allready done steps 7a and 7b, but in the step 7c I can't find any files under \the Privileged Access Management Portal\folder.

Also when I am trying to access to addresses http://localhost:8086/ and http://localhost:8090/ I get http errors.

This from the first one:

HTTP Error 500.19 - Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.



Detailed Error Information:



Module
   WindowsAuthenticationModule

Notification
   AuthenticateRequest

Handler
   ExtensionlessUrlHandler-ISAPI-4.0_64bit

Error Code
   0x80070021

Config Error
   This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

Config File
   \\?\C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management REST API\web.config



Requested URL
   http://localhost:8086/

Physical Path
   C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management REST API

Logon Method
   Not yet determined

Logon User
   Not yet determined




Config Source:
   36:       <authentication>
   37:         <windowsAuthentication enabled="true" useKernelMode="false"/>
   38:       </authentication>

And this from the second one:

HTTP Error 403.14 - Forbidden

The Web server is configured to not list the contents of this directory.



Most likely causes:
•A default document is not configured for the requested URL, and directory browsing is not enabled on the server.



Things you can try:
•If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.
• Enable directory browsing using IIS Manager. 1.Open IIS Manager.
2.In the Features view, double-click Directory Browsing.
3.On the Directory Browsing page, in the Actions pane, click Enable.

•Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.



Detailed Error Information:



Module
   DirectoryListingModule

Notification
   ExecuteRequestHandler

Handler
   StaticFile

Error Code
   0x00000000



Requested URL
   http://localhost:8090/

Physical Path
   C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management Portal

Logon Method
   Anonymous

Logon User
   Anonymous

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

Hi,

I have installed MIM 2016 (RTM) with SQL 2010 and SharePoint 2013 SP1.

I installed SharePoint 2013 SP Spanish Language Pack. I could configure SharePoint Central Administration Site in Spanish (Site Setting -> Language Settings) and it worked fine (I changed Internet Explorer language configuration and site language changed).

I could configure MIM Portal language setting too.

I installed MIM Service & Portal, MIM Laguage pack (Spanish) ...

But of I changed Internet Explorer Language configuration, MIM Portal DID NOT change language (but SharePoint did, I can see "Site Actions" in Spanish in right/up corner).

How can I install Language pack in MIM With SharePoint 2013 SP1

Thanks in Advanced

Best regards

JuanCC Technology Specialist

Hello All,

I got a chance to lead the project of migrating the oracle directory server enterprise edition database to Active directory  ..... we wanted to move oracle to AD for cost cuttings....

We have already Active directory application is in place .... but some applications are using oracle directory server with large custom schema around 300 attributes and 150 objectclasses and 1000 LDAP groups and 2500 nsroles ..

As a the process of moving .. i have identified the following things should take care ...

1)password policies

2)schema (custom schema)

3) Group migration

4) Migrating the ACI's permissions

5) Migrating the roles ...

6) Adding the more attributes to already existing users.

7) Migrate the applications from LDAP ..

 oracle directory server is running on NON-SSL .. so i believe .. cert migration is not necessary ...

What's my question is ....  is this the process enough for migration ...

and How can we migrate the data in simplest way ??

Does Active Directory supports  .... nsrole ??? how to move the nroles data base and where to ???

Can we move the  static and dynamic groups in to security groups ???

Please suggest me with your valuable inputs ..

I am expecting a quick reply from you guys as i have short period of time ... for project kick off ...

By the way we have FIM is in place to migrate the missing  users information ....

Thanks,Rakesh

Dear experts,

Can Q & A gate and SMS OTP gate coexist, if no, can email OTP and SMS OTP co exit? What if our default gate is SMS OP and user somehow has issues with their cell. Please assist.