Hello There,
We are AD as an authorative source using which we are pushing user in FIM portal, but there are few users for whom "country" attribute is coming with value "-1". However this attribute is having value in AD (like India).. We have import sync rules defined in portal.
I have chekced in the AD connector space and there as well i have noticed value is coming as "-1" . Kindly suggest.
Regards,
Suman Baurai
Hey. I've been checking everywhere for more information on the following statement in the Hotfix Build 4.3.2124 information from Microsoft:
That's completely awesome, that we finally can do some more customization on the portal header without digging into the Sharepoint CSS files. However, I've been trying this out and have so far had zero success. Has anyone been able to try it out yet?
What I've done is to create a "Customizations" folder and added the CustomPortalHeader.html file there: C:\Program Files\Microsoft Identity Manager\2016\Portal\Customizations\CustomPortalHeader.html
After IISRESET, deleted client cache and even FIM Service restart, no changes in the header. What am I doing wrong?
Note: I have only added a few simple lines of HTML so far to see if I get it to work - does it expect something more spesific?
<html><body><h1>TEST</h1><p>Test 2</p></body></html>
Hello,
We are running in a very critical issue. Need your kinds thoughts, please review below details.
Background : We are running SharePoint 2013 on premises farm with 2 WFEs, 2 APPs and 1 DB server. As per the architecture we are running User Profile Service on APP1 & APP2 and User Profile Synchronization Service on APP1 server. Everything is running smoothly and AD profiles are syncing with SharePoint 2013.
Problem : We ran a security scan using a third party tool which scanned the whole farm and pointed few Vulnerabilities in servers. Most of them are fixed. However its pointing to http://localhost:5725 or http://MyServerIP:5725 saying that its allowing ClickJacking on this URL. This Vulnerability is appearing only on the server that is running User Profile Synchronization Service (i.e APP1). I am unable to find this binding in IIS with any site or web service. Research on Google says that it belongs to Forefront Identity Manager Synchronization Service which connects with AD for User Profile Synchronization Service.
I can see Inbound Rules in firewall and found that this port is allowed with below name.
ILM Web Service - RMS (Port 5725)
ILM Web Service - STS (Port 5726)
Question : Any idea how i can get to source of this service or prevent from ClickJacking?
I'll glad to provide more details on it and really thankful for your kind thoughts.
Regards,
Muhammad Zeeshan Tahir
Do you guys know if the 2016 release or the current CTP has responsive design for the portal?
A case we are working on requires it.
Hello All,
TLDR; Upon deleting ALL entries of a multivalued reference attribute, the Generic SQL connector does not export the changes. Removing only some of the entries works fine. Reproduction steps at the end.
We have 3 management agents:
We provide users from the first MA, and permissions from the Generic SQL MA. Then we use BHOLD to assign these permissions to the user roles. In the MetaVerse BHOLD permissions are translated into group objects. The users that have these permissions are stored in a multivalued reference attribute (called UserID) of each corresponding group object.
These group objects later update their permissions in the Generic SQL connectorspace via a basic attribute flow (allow nulls is checked). Afterwards they get exported to the destination datasource and we can verify that the permissions are assigned to the users.
Everything works like a charm except when we remove a certain permission from ALL users in BHOLD (removing the permissions from some users works fine). In the MetaVerse this translates in the removal of all values from the multivalued reference field (and again, leaving just 1 or more values present works fine).
This works like a charm and propagates properly to the datasource
This does not work (note that this screenshot was taken after we removed the first two entries shown in the screenshot above thus only one entry is present).
We expect the cause to be a not implemented scenario (bug?) in the Generic SQL connector. Upon debugging the code of the generic SQL connector using reflection we encountered the code below. Since we have a multivalued attribute we enter the first (highlighted) if-statement. Once inside it counts the 'ValueChanges' of the attribute, but apparently this count returns zero, causing the code to pass the two next if statements.
A result of this is represented in the export run profile logfile you can find below. The former logfile removes all but one entry of the reference field and the latter removes all of them. As you can see the '<dn-attr>' element in the latter is empty (which according to us is originating in the code above).
Export log file upon removing some entries:
<?xml version="1.0" encoding="UTF-16"?><mmsml xmlns="http://www.microsoft.com/mms/mmsml/v2" step-type="export"><directory-entries><delta operation="update" dn="CN=G01,OBJECT=role"><anchor encoding="base64">CAAAAEcAMAAxAAAACgAAAHIAbwBsAGUAAAA=</anchor><dn-attr name="UserID" operation="update" multivalued="true"><dn-value operation="delete"><dn>CN=U02,OBJECT=user</dn><anchor encoding="base64">CAAAAFUAMAAyAAAACgAAAHUAcwBlAHIAAAA=</anchor></dn-value><dn-value operation="delete"><dn>CN=U03,OBJECT=user</dn><anchor encoding="base64">CAAAAFUAMAAzAAAACgAAAHUAcwBlAHIAAAA=</anchor></dn-value></dn-attr></delta></directory-entries></mmsml>
Export log file upon removing ALL entries:
<?xml version="1.0" encoding="UTF-16"?><mmsml xmlns="http://www.microsoft.com/mms/mmsml/v2" step-type="export"><directory-entries><delta operation="update" dn="CN=G01,OBJECT=role"><anchor encoding="base64">CAAAAEcAMAAxAAAACgAAAHIAbwBsAGUAAAA=</anchor><dn-attr name="UserID" operation="delete" multivalued="true"></dn-attr></delta></directory-entries></mmsml>
Is this some mistake or a not implemented scenario in the Generic SQL connector, and if so, where do i report this? Since we only got part of the code using reflection is it possible to obtain the source code for the Generic SQL Connector so we can investigate further?
Reproduction Steps :
Hi All,
We have a requirement where we would require the line managers of users to manage their reportees roles through BHOLD self service. In BHOLD what i see is an option to provide Default Supervisor Role which doesn't distinguish between users. Is there an option to set a single user as a supervisor
Hi,
If I need to delete a single record from Connector Space, can I delete by executing delete command, something like:
delete from mms_connectorspace where rdn='xxx';
Is it the right process? Is there any impact if we directly remove entry from CS table? Please let me know. I need this in case some orphaned objects lying in connector space and their corresponding objects are removed from source. I can delete entire connector
space and rebuild it, but I want to know what should I do if I need to delete few objects instead of entire connector space. Please advise.
Thanks in advance!
Aritro Chattopadhyay
Come forth all you technical gurus and word wizards!
It's time to show us what you've got, what you know, what you found out!
Spare your fellow professionals from the same mistake!
Share your revelations and awesome ways of doing things!
All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.
Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
HOW TO WIN
1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.
2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!
Winning this award in your favoured technology will help us learn the active members in each community.
June's entries are with our judges right now, but here is a reminder of the previous month's winners.
 | BizTalk Technical Guru – May 2016 |
 | Kjetil Tonstad | Top 10 Tips From a BizTalk Admin to BizTalk Developers | TGN: “I love this, how to help each other. Well done Kjetil!” JS: “Integration apps are a lot more than coding. Always remember these.” SW: “Great article. With the current DevOps trend alignment between developers and administers is key!” Ed Price: “This is a good set of tips, with a few helpful images, and the Reference links at the bottom give more context. Great job!” |
 | Eldert Grootenboer | BizTalk Server: Processing large files (streaming) | Ed Price: “Great mix of code, images, and descriptions. Although the code isn’t broken up much (with explanations of what the code does), all the code comments make up for it and make it super clear! Good to end with the See
Also section!” SW: “Streaming large message can be a challenge with BizTalk. This article provide guidance in that area. Very good!” TGN: “I love this, well explained and a question that is very relevant to BizTalk” |
 | SMSVikasK | BizTalk Server 2013 R2 Dynamics CRM Online / On Premise CRUD Operations (Part 1) | JS: “Seeing a lot of CRM lately. Good info for anyone who hasn’t worked with it before.” SW: “CRUD om Dynamics guidance article. Good” Ed Price: “Great description (I like CRUD) and fantastic use of images, although it would be better with more explanations in the text.” TGN: “Why did you split these up into to articles? good article though” |
| Forefront Identity Manager Technical Guru – May 2016 |
| Peter Geelen | FIM2010 / MIM2016: Run profile statistics with PowerShell and Excel Pivot Tables | Ed Price: “I love the code formatting with the scroll bar. Great explanations and use of images!” |
| Peter Geelen | FIM2010 / MIM2016: Run profile statistics with SQL and Excel Pivot Tables | Ed Price: “It’s great to have the downloads on TechNet Gallery!” |
| Microsoft Azure Technical Guru – May 2016 |
| Bhushan Gawale | Getting Started with Azure Automation DSC | AS: “Very good and helpful article! Thanks for publishing!” Ed Price: “Great starting point for learning Azure Automation DSC! Good use of images and code, with excellent explanations!” |
| Sibeesh Venu | Creating Azure Mobile App With Visual Studio | AS: “Good starting point, but for me all screenshots are broken – none of them is visible. I would find it particularly useful if you just have provided links to a more detailed article(s) on how to configure Visual Studio
for windows Mobile development. And probably just show a sample with HTML/JS or UWP (if it is available)” Ed Price: “What an important topic that’s very well described! The images add a lot of value!” |
| Sandro Pereira | Azure Logic Apps: Tips and Tricks about the “new” Logic Apps Designer | AS: “A good overview of designer features! I would however also expect to see the less known fact that drop down lists are actually filtered and there is much more to discover when you begin typing into the search field.” Ed Price: “The images are magnificently assembled to make this process incredibly clear. A very important topic! Great job!” |
| Miscellaneous Technical Guru – May 2016 |
| Chilberto | Connecting a BitBucket Repository to Visual Studio Team Services | Richard Mueller: “Well explained. We need links/references.” Ed Price: “Great use of images. This is a fantastic scenario! It could use a See Also section. “ |
| Carmelo La Monica | Manage analog sensor with Raspberry pi2 | Richard Mueller: “Grammar needs work and we need links/references.” Ed Price: “Thorough, and great to have the code and images! But it could benefit from breaking apart the code and explaining what it does more, as well as ending with See Also and References sections. Great to have the TOC.” |
| SharePoint 2010 / 2013 Technical Guru – May 2016 |
| Dan Christian | How to build a custom report for SharePoint Server lists, libraries or sites | John Naguib: “Great one well done” Margriet Bruggeman: “Great article with not only text, but also images and videos to make this very user friendly.” Hezequias Vasconcelos: “Great article. Content technical good. Well detailed, great of attached reference materials. Excellent technical guide.” Ed Price: “Fantastically thorough, with great images and explanations, and once again, your YouTube videos just blow me away, with how well they help tell the story and are integrated into the article like this! It’s a true art form!” |
| Waqas Sarwar | SharePoint 2016 How to Change SuitBar’s Text PowerShell | Hezequias Vasconcelos: “Good content new platform SharePoint 2016. great scripts and well distributed in the Shell” Ed Price: “Short and sweet! Fantastic scenario. It could use more references and links to other Wiki articles.” |
| Vivek JAGGA | Alternative Solutions to the Deprecated Features in SharePoint 2016 | Ed Price: “I love how you’re very clear at the front of this article (as an overview) and then dig deeper into the specifics. Good references at the end.” John Naguib: “Nice article you can add also the development area” Margriet Bruggeman: “Useful article with good alternatives. “ |
| Small Basic Technical Guru – May 2016 |
| Philip Munts | Small Basic: Simpler and Cheaper Raspberry Pi GPIO | Michiel Van Hoorn: “This is really Awesome (see also the original article). It opens up Small Basic to the real world. ” Ed Price: “Building off his Raspberry Pi article, this article does an amazing job of digging deeper and showing you more options, such as Raspberry Pi Zero.” |
| Nonki Takahashi | Small Basic: Image | Michiel Van Hoorn: “Really cool overview of working with Images (like photos) in SmallBasic. We good topic to inspire programming” Ed Price: “Very thorough end to end overview of using Images!” |
| SQL BI and Power BI Technical Guru – May 2016 |
| Greg Deckler | Good Ol’ VLOOKUP – The Ultimate Guide to Lookups in Power BI | PT: “Quite a valuable and well-written article. Thank you for the extensive coverage of various lookup techniques.” RB: “Interesting comparison of the lookup techniques available within Power BI.” |
| Anil Maharjan | How to find a Calculated Measure and Calculated Dimension within a particular cube | PT: “This submission a very brief and just mentions a little information that is common knowledge and easily discovered with a simple web search.” RB: “Interesting tip, a screen dump of the result with all the columns would have been great.” |
| SQL Server General and Database Engine Technical Guru – May 2016 |
| Chervine | Stretching SQL Server 2016 tables to the Azure Cloud | JS: “Great article, your explanations and samples are spot on.” Ed Price: “Super valuable scenario! Love the diagram, code snippets, and screen shots!” |
| Shanky | What Does Fragmentation Means In a Heap Table In SQL Server | Ed Price: “Very thorough! Great references at the end.” |
| System Center Technical Guru – May 2016 |
| vishwanatham sridhar | SCOM Connector Design prototype | Ed Price: “Great scenario with some helpful reference links!” |
| Anders Rodland | SCCM 2012 R2 step-by-step: upgrade of SP1 to current branch – Step by Step | Ed Price: “Missing the images. Very thorough steps! Great use of the TOC. Could benefit from references.” |
| Anders Rodland | System Center Configuration Manager Build Numbers | Ed Price: “Good collection of builds and KBs!” |
| Transact-SQL Technical Guru – May 2016 |
| Universal Windows Apps Technical Guru – May 2016 |
| Namrah Khurram | Traffic Lights Simulation via LEDs on Raspberry Pi | TGN: “Man this is cool. Good information and well structured. well I’m impresses Namrah!” Ed Price: “A cool scenario that’s masterfully explained! The code has great formatting. It could benefit from See Also and References sections at the end.” |
| Manuel Cota | “DrawIndexedInstanced and the Concepts behind a Home-Made Game Engine” | Ed Price: “It could benefit from a TOC at the top and from See Also and References sections at the bottom, but I love how this breaks down the code and explains everything in depth! Great use of diagrams!” TGN: “I learned a lot from this article. Well done, thanks for sharing!” |
| Sajid Ali Khan | UWP: Things Required To Do Right After Creation of New Project | Ed Price: “Great use of images and good References section at the end! I love how the code is both on GitHub and MSDN Gallery and how the download links are given!” TGN: “This can help a lot of people, my favourite this month! Thanks for sharing Sajid” |
| Visual C# Technical Guru – May 2016 |
| Emiliano Musso | Entity Framework Introduction using C#, part I | Ed Price: “This is a masterful article, It’s thoroughly broken down, and it leverages images, great code formatting, and even a download and an Italian language version at the end!” Jaliya Udagedara: “Great article with step by step explanation. If you are a newbie to EF, read this one article which will cover most of the basics. And you can download the sample code from MSDN Code Gallery.” Carmelo La Monica: “Good and very impressive article, it explain in all parts Entity Framework 7, i attend second part “ |
| SYEDSHANU | MVC ASP.NET Identity customizing for adding profile image | Carmelo La Monica: “Very good expression, good images and very detailed in all parts.” Ed Price: “Very thorough steps! Great scenario!” Jaliya Udagedara: “Good article explaining how you can manage your profile picture with a ASP.NET MVC application. Sample code is available in MSDN Code Gallery.” |
| Wiki and Portals Technical Guru – May 2016 |
| Peter Geelen | Wiki: Fixing table layout (table right side off page) | Richard Mueller: “Great information that will help a great deal to fix tables in the Wiki. Good use of Wiki guidelines.” Ed Price: “This is a fantastic solution from Peter!” |
| Windows PowerShell Technical Guru – May 2016 |
| Matt McNabb | Office 365: How to Manager User License Lifecycle with PowerShell | Ed Price: “Wow! Great description of these steps, and it ends well with several other links to dig into!” Richard Mueller: “Good TOC. An excellent idea to code this and overcome limitations. This should be very useful.” |
| Arleta Wanat | SharePoint Online: Get all checked-out files using Powershell | Richard Mueller: “Good headings and TOC. Good ideas and well explained.” Ed Price: “Great scenario and use of PowerShell code!” |
| Windows Server Technical Guru – May 2016 |
| Kia Zhi Tang (Ryen Tang) | Nano Server: Using New-NanoServerImage with Show-Command to deploy Nano Server | Mark Parris: “Excellent article on the deployment of Nano server. ” JM: “This is an excellent article on building a new Nano Server, thanks for your contribution!” Richard Mueller: “Good use of Wiki guidelines, with even horizontal rules and Return to top links. Show-Command is a very interesting feature I like a lot. Good references.” |
#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and
you could win weekly awards!
Have you got what it takes o become this month's
TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!
I have two different forest with two-way trusted relationship, because of third part application software, I have to sync password for same user name which located different forest, my question is what part module need installation? I think needn't install every thing from FIM.
Thanks,
Peter
Hello,
I am receiving "This page cannot be displayed" while accessing SSPR sites. Please note that i have checke application pools and srvices are up and running.
Kindly suggets.
Regards,
Suman
Hi,
Does the B1 and FimService DBs have to be placed on the same sql instance? while installing the BHOLD FIM integration I'm getting an error that says 'Invalid object name FIMSERVICE.fim.Objects'. It's trying to create a view called FIM:Requests with a SELECT statement referencing FIMSERVICE.fim.[Objects]. any idea?
Hello,
Please, I have a problem and would like to know if the FIM help me solve.
We have two Active Directory forests in the same company and single physical site, however we are implementing a third-party application that only allows LDAP integration with only a forest and not work with trust relationship.
To solve this issue I thought about synchronizing accounts that are in the forest A who need to access the system in forest B and thus not having to create user repeated in forest B and thus maintain synchronized accounts. Would it be possible?
Basically, this system would LDAP queries in forest B, but would be able to authenticate users of the forest that would be synchronized by the FIM.
Regards
William
So I am following this manua https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/step-7-elevate-user-access
Import-module MIMPAM
$r = Get-PAMRoleForRequest | ? { $_.DisplayName –eq "CorpAdmins" }
New-PAMRequest –role $r
klist purgeThe powershell above gives me this kind of error:
Get-PAMRoleForRequest : The caller was not authenticated by the service.
At line:1 char:6+ $r = Get-PAMRoleForRequest | ? { $_.DisplayName -eq "CorpAdmins" }+ ~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : NotSpecified: (:) [Get-PAMRoleForRequest], Secur
ityNegotiationException+ FullyQualifiedErrorId : GeneralServerError,Microsoft.IdentityManagement.
RequestorPamCmdlets.Commands.GetPamRolesCommand
So how the caller should authenticate or whats the problem? Hi
I have three entity Types within the same connector space (CS). Two are mapped to the same Metaverse (MV) Entity:
CS User -> MV Person
CS Contact -> MV Person
CS Organization -> MV Organization
Now my Problem: MV Organization references to a MV Person. I would like to flow that information to CS using Synch engine only (no FIMService, no syncRules, no Flow Scope - means coding, which is normally not a problem to me). Using direct flows I get ambiguous
flows as expected. So I need an advanced rule. But since I cannot use a MV Reference Attribute as Source-Attribute in an Advanced Export flow things get complicated.
What's the best option?
thanks for your help
Pirmin
Hello,
I have a functional lab environment with 2 x user forests and 1 x central forest on FIM 2010/R2 SP1. Porting that environment to 2016 causes lcssync.dll to fail owing to references to Microsoft.MetadirectoryServices.dll, Microsoft.MetadirectoryServicesEx.dll and logging.dll assembly version differences. I note that GALSync source is included, but no source or new version of lcssync.dll.
Does anyone know if lcssync.dll is going to be provided? Has anyone else seen this behavior?
Error details:
Log Name: ApplicationThanks,
Jarmo
Avanade Lync team
Hi,
I am having some difficulty setting up the PCNS. I noticed every time I configure or add the PCNS target, the PCNS service (pcnssvc.exe) is crashing. If I remove the target, PCNS service will run just fine. Any one has experience this?
Looking at the event viewer this is what I can see. Not much of information telling what is the reason for service to crash.
Faulting application name: pcnssvc.exe, version: 4.1.3114.0, time stamp: 0x50ad5a0dAppreciate any help here.
Thanks!
Gerard
We have a scenario where we are looking at a installation of several thousands of users, what are the scaling recommendations for MIM 2016?
I mean like installing the components by them selves is a thought we have at the moment to do:
1+ windows 2012 server - mim sync
1+ windows 2012 server - mim service
1+ windows 2012 server - mim portal
Is it maybe wise also to have different database hosts for the MIM sync / service databases?
Hi to all!
I'm in process of integration of existing AD and HR based on Oracle DB systems.
I want to make a sync users from Oracle to AD, but at this moment we have all users in AD.
How it would be better to make a such sync?
As I understand when we will start provisioning MIM will try to create in AD all users again?
Thanks!
1
Hi gents,<o:p></o:p>
We use FIM 2010 to manage identity lifecycle management in our “secure environment” but lately for business needs, we start to deploy Standalone Active Directory on “isolated environment” and unfortunately for security and operations constraints we cannot manage and sync directly those isolated AD with FIM.<o:p></o:p>
We think about exporting users db file from FIM to the isolated environment then develop a bunch of scripts to maintain the isolated AD up to date but I am a bit annoyed and wonder if there is a more “gentle” way to do it.<o:p></o:p>
So I am looking for any kind experience feedback/ advices/ best practices to solve this issue.<o:p></o:p>
Thanks in advance! <o:p></o:p>