I was having a problem using the Length function in a FIM Workflow activity and got the following answer:
Length isn't a function supported by the FIM Function evaluator Workflow activity. (Which is frustrating).
I find this be very true. It just leads me to wonder what other functions are not support and if there is any reference for this. I would rather not find out through trial and error.
Thanks, J.Greene
Hi all,
I feel like I must be missing something obvious, but I have a CustomExpression sync rule that looks like this:
IIF(IsPresent(staff_title),UpperCase(staff_surname)+" "+staff_knownas+" ("+staff_title+")",UpperCase(staff_surname)+", "+staff_knownas)
FIM won't let me save it - it says '' is not a valid attribute.
If I change the rule to:
IIF(IsPresent(staff_title),UpperCase(staff_surname)+" "+staff_knownas+" ("+staff_title+")",UpperCase(staff_surname)+" "+staff_knownas)
It works fine. I've tried lots of other characters; full stops, hyphens all work fine. But the comma breaks it. A colleague suggested flowing statically the comma to every user as an attribute and referring to the attribute name, but surely that's not a good workaround.
Please tell me I'm doing something stupid!
Thanks,
Paul.
Hi, I've been trying to replace a bracket in the sync rule, i.e.
ReplaceString(ReplaceString(someattribute,"(","#"),")","#")
but FIM is complaining the function ReplaceString is not correctly formatted.
Also I notice
If I use CustomExpression
ReplaceString(someattribute,"(","#")
FIM fails with ReplaceString is not correctly formatted.
but if I select FIM function -> ReplaceString and enter oldstring as ) and newstring as #, FIM would happily accept.
Any idea how I can get around this?
Thanks,
John
I have what appears to be a bug. The scenario is as follows.
I am importing users from a SQL DB the table has the following fields, "First_Name", "Last_Name" and “Known_As”. Unfortunately not all identities have the "Known_As" value captured. Additionally the oorganisation captures user first and second name in the First_Name attribute and all values are captured in uppercase (e.g. John Michael Smith is captured as follows
First_Name = JOHN MICHAEL
Last_Name = SMITH
Known_As =
When I inbound the identity into the FIM portal I use the following custom expression
IIF(IsPresent(Known_As),ProperCase(Known_As),ProperCase(Word(First_Name,1," ")))
Unfortunately this returns a null value
However, if I use the following custom expression
IIF(IsPresent(Known_As),Known_As, Word(First_Name,1," "))
I get the value for firstname in the portal as JOHN
It would appear to me that the functions propercase and word do not play well together.
Hi experts :)
I'm working on setting up a cross forest synchronization for GALsync purposes. I want to modify the "description" field of a user in the target domain to identify that it comes from the source domain. From my findings, I need to do this in code, by recompiling the GALSYNC.dll file. My initial attempt fails miserably :)
Public Sub MapAttributesForImport( _
Select Case FlowRuleName
This fails with this error message:
System.InvalidOperationException: attribute description is read-onlyWhy is the imported field read only?
This is an issue that is happening after an upgrade from FIM 2010 to MIM 2015 -
I have a criteria based set in FIM that has 91 users as members.
I have a set transition MPR that has a workflow associated with it.
I have the workflow set to "Run on Policy Update" - set as checked
When I disable the MPR then Re-Enable the MPR it runs for 15 users and no more.
Trouble shooting I've done:
No errors in the application event log.
Turned on Verbose logging on the FIM Service and checked the trace logs - no errors.
The users in the set that it does run for shows as completed in the requests page - no post processing error or anything like that. It doesn't have the other 76 users in the request page as pending or anything.
Thanks in advance
The server encountered an unexpected error in the synchronization engine:
"BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(3753): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(11786): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sqlstore\csobj.cpp(1815): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sync\expcall.cpp(911): 0x80004005 (Unspecified error)
ERR_: MMS(5316): d:\bt\800\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {B4C4E2D3-AE50-E511-8012-0050569FA105} with 0x80004005 (pass 1 of 5)
Forefront Identity Manager 4.1.3419.0"
________________________________
The management agent controller encountered an unexpected error.
"BAIL: MMS(5316): d:\bt\800\private\source\miis\cntrler\cntrler.cpp(12397): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\cntrler\cntrler.cpp(9315): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\cntrler\cntrler.cpp(8091): 0x80004005 (Unspecified error)
Forefront Identity Manager 4.1.3419.0"
_______________________________
The server encountered an unexpected error in the synchronization engine:
"BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(3753): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\shared\entry\tower.cpp(11786): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sqlstore\csobj.cpp(1815): 0x80004005 (Unspecified error)
BAIL: MMS(5316): d:\bt\800\private\source\miis\server\sync\expcall.cpp(911): 0x80004005 (Unspecified error)
ERR_: MMS(5316): d:\bt\800\private\source\miis\server\sync\expbase.cpp(2954): PutAnchorWithDnInternal failed on CS object {CFF9C5EB-AE50-E511-8012-0050569FA105} with 0x80004005 (pass 1 of 5)
Forefront Identity Manager 4.1.3419.0"
_______________________________
Followed by a ResMA warning on the export, I see this in the CS object properties:
Error: dn-attributes-failure
Connected data source error code: 8373
Connected data source error: The name reference is invalid.|
would this be related/culprit?
Running on W2K8R2SP2, w/SQL2008R2SP2Thanks Pete
Pete
I'm stuck while installation of FIM patches. Our current build is of 4.1.3419 and I'm trying to install the patch 4.1.3441.0 and getting error as "Forefront Identity Manager Service and Portal Setup Wizard ended prematurely because of an error." Even tried directly to install the patch 4.1.3451.0 but got the same error message.
Additional Query : Is there need to install all the patches or we can directly jump over to the 4.1.3634.0?
Regards,
Manuj Khurana
Hello,
Is anyone had used something like //Target/Manager/DisplayName in a synchronization rule.
I have a CSV file on export and I want to export some manger's informations without calculating them on WFs
Any suggestions
Thanks
Hey all, I've been running this MA for many years. We recently had a new project to merge in an external organization's address book and I've noticed that metadata fields do not flow on contacts. Can anyone confirm or correct me on this?
Syncing:
DisplayName, name data, targetAddress, proxyAddresses, alias
Not Syncing:
Company, Department, TelephoneNumber, Title
Hi all,
I'm having some trouble at a customer running FIM 2010 R2 latest build 3646. If I run an export on AD MA and after that a delta import and a delta sync tha MA starts the delta import and after processing some ojects it stops and displays a stopped-server error. The strange thing is that if I look at the step performed is says "Full Import and Delta Synchronization".
So it look like the MA have switched to another run step by itself? Has anybody else seen this behaviour?
It seems to happen more frequivently if the export steps update a larger number of objects > 500 and not just a few.
Can mention that we had the same error on earlier builds of FIM also, like 3634
Regards
Patrik
Hello,
I have a functional lab environment with 2 x user forests and 1 x central forest on FIM 2010/R2 SP1. Porting that environment to 2016 causes lcssync.dll to fail owing to references to Microsoft.MetadirectoryServices.dll, Microsoft.MetadirectoryServicesEx.dll and logging.dll assembly version differences. I note that GALSync source is included, but no source or new version of lcssync.dll.
Does anyone know if lcssync.dll is going to be provided? Has anyone else seen this behavior?
Error details:
Log Name: ApplicationThanks,
Jarmo
Avanade Lync team
Hi all,
I've got a fresh installation of the MIM Synchronization Service and der MIM Service and Portal.
I've created a FIM Service MA in the Synchronization Service according to the documentation in TechNet.
https://technet.microsoft.com/en-us/library/mt219040.aspx
On the Selected Object Types page I've selected ExpectedRuleEntry, DetectedRuleEntry, SynchronizationRule, Person and Group. (The Synchronization Filter Resource in the Portal does also contain These object types, otherwise they would not show up in the MA.)
On the Configure Object Type Mappings page I don't have the Person or Group object available in the "data source object type" drop down list.
As you can see on the Screenshot I can successfully run a Full Import on the MA and receive the two Person objects from the Installation (my Installation account and the Service account itself.)
Any ideas why I don't see the Person object in the "Data source object type" drop down list? I don't see it on the MV side as well.
I've performed a Schema update severall times.
Thanks
Chris
Version : FIM 2010 R2 SP1 (4.1.3508)
Hi,
we're having trouble with a SQL deadlock occurring (postprocessingerror) when attempting to delete some identities from the FIM portal using the standard "ExpirationWorkflow". We have a temporal based set which works based on a calculated deletion date being in the past (so once the deletion date is in the past, the identity falls into a set which triggers the "out of the box" expiration workflow).
This works for the majority of identities but a small percentage intermittently fail with a SQL deadlock and I think this is because I can see the portal is attempting to run more than one workflow against the object when it is being deleted.
For example for identities that have been successfully deleted it appears that the "Applied Policy" is listing a transition out workflow at the same time as the deletion is taking place. I'm guessing that this is causing an update AND a deletion against the same identity in quick succession which may be the root cause of the deadlock.
I can't however work out why the transition out workflow is being triggered, the transition set is a criteria based set based on two boolean attributes being set to "True" but neither of them are being changed at the time of deletion. I'm wondering whether the deletion itself is being interpreted by the FIM service as being "removed" from the set.
Does anyone know of a way of preventing the "update" workflow from being triggered at the same time as the deletion of the identity ?
Hi,
I have a weird issue in a synchronisation of an attribute from FIM to AD.
I explain my problem, I manage the attribute userAccountControl from AD to FIM.
I have another boolean attribute which enforce the activation of a user
So we suppose that we have a person on FIM portal with userAccountControl (66050), I force the activation
so I export the value 66048 in AD it's OK for this step.
When I run a Delta Import + Delta Synchron from AD , then an export on FIM MA my userAccountControl is not updated as in AD.
When I run a full preview in AD MA for that identity i see that a change will be made on FIM MA, I commit it and export on FIM MA and the result is correct in FIM (66048)
But when I run a delta synchro in AD MA nothing is done in FIM .
Any idea please !!!
Thanks
Hi
I am facing an issue where users can't access to the FIM Portal. It doesn't matter are you a normal user or admin. The error message is allways the same, "Unable to process your request".
Also I have managed to get a Detailed error message from the portal but it does point me to nowhere. It is below:
Server Error in '/' Application. -------------------------------------------------------------------------------- Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.NullReferenceException: Object reference not set to an instance of an object. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [NullReferenceException: Object reference not set to an instance of an object.] Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key) +274 Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache() +118 Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap() +63 Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth() +90 Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e) +49 System.Web.UI.Control.PreRenderRecursiveInternal() +154 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4105 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34248
Any ideas what to do next?
We have determined that we can do this by flowing to the unicodePwd attribute in a suitably configured
Active Directory Domain Services Management Agent.
We know too that we can set an initial password using a Metaverse Extension.
Our problem: we have a mature AD and do not wish to change any passwords on existing accounts when we initialise
our system.
We will import our AD structure and parallel information which is stored in a SQL database.
The latter will include an 'initial password' which will not match the usernames actual password in all likelyhood.
Synchronize the two sources and with suitable projection rules join the related objects, with the objective of flowing
any changes from the SQL database to the AD Management Agent. Currently though, when we 'turn on' a flow of the
password every password is reset. Can we avoid this?
Any advice will be gratefully received. Thank you.
I am trying to change the text for an email template. I have gone under the Workflow Activities tab, expanded the EMail Notification, Selected the Edit button and clicked the Email Template name. It brings up the Template Type (notification), the subject and the body (HTML). Editing the text appears to work but it doesnt actually save the changes. Im not sure if its the way Im accessing the email template, if its a rights issue or something else.
Any help is appreciated.
LK
Hello All,
I have a FIM Lab set up that is all contained in one box. I was wondering how do I go about scaling this out to several boxes.
Sync on its own box
Self service register/reset on its own box
FIM Portal on its own box.
SQL on its own box.
Currently all these roles reside on the same server. How do I go about migrating them to different boxes without starting from scratch.
Any advise/suggestions is greatly appreciated.
Hey all,
So I have been working with Microsoft on an issue I have in my DEV and QA Fim Portal instances, and we cannot seem to find the issue.
On the FIM Portal Server DEV, I can login to the FIM Portal and IE passes the credentials through with no issue.
From Production I can hit the FIM Portal (DEV) and it passes the credentials and logs in fine
From any machine in DEV, when I try to login to fim portal, IE isn't passing the credentials and causing a security pop-up.
We have done tracing and looked at share point, IIS, and everything seems to be configured properly, but for some reason SharePoint is getting blank credentials, like a RUN-AS when trying to get to the FIM Portal.
I have verified my SPNs to make sure they are also correct and they match prod.
On the FIM Service Machine, the FIM admin does not have an issue passing the authentication, but any other account does get the security pop-up, asking for credentials, because IE is not passing any creds.
Once I manually enter credentials it gets me in fine.
Has anyone ever seen this?
Thanks
Russ
Russell Lema