Hi
FIM 2010 on Sharepoint 2013.
Mapped the Picture properth to thumbnailPhoto attribute and do a full sync.
Everyrhing work fine except importing profile pictures.
I can see them in mms_metaverse table. There are not created in user photos list from my site roor with names as partitionid_id of user, from where Ican transform with update-spphotostore.
No errors in uls or event viewer.
Whatt should I check more ?
Thank you,
Sorin
Sorin Sandu
Hi Gurus,
one quick query. Is there an option in MIM to provide reminders on a daily basis for approvals and also is there a way for the approvers to reject approval mails with comments.
Regards,
Manuj Khurana
Hello!
I need to make outbound sync rule for users.
I have HR system with all employee data and Microsoft AD.
Main rures are:
1. If employeeStatus in MV=0 this is normal, not blocked account.
2. If employeeStatus in MV=1,2,3 this is locked account.
This can be done with flow like this:
Source Tab
Function
Function name
IIF
condition:Boolean
customExpression
Eq(employeeStatus,”0”)
ValueTrue:Object
customExpression
BitAnd(-3,userAccountControl)
valueFalse:Object
CustomExpression
BitOr(2,userAccountControl)
Destination Tab
userAccountControl
But, what will happens with system accounts (they are defined in AD, but not defined in HR system).
They will be locked?
I'm a little bit confused with statuses 1,2,3. Maybe it would be better to make a rule extension to handle this case?
Thanks!
1
Hello,
We are trying to change Employee Manager when Department attribute changed, and am unable to change manager attribute using MIMWAL Update Resource Activity, below what values am trying to use
Value Target
InsertValues([//Queries/SalesManager/displayName]) [//Target/Manager/ExplicitMember]
InsertValues([//Queries/SalesManager/displayName]) [//Target/Manager]
InsertValues[//Queries/SalesManager/displayName] [//Target/Manager]
"Sales Manager" [//Target/Manager]
am new in MIM and WAL, can you please help me to get correct format for this
Thanks
Ahmed
Hi..
We had configure MIM MA and AD MA all attributes sync correctly Manager while we already configure it in Inbound Sync rules and Outbound Sync rules, Also added in both MIM MA & AD MA.
where the issue?
Thanks
Ahmed
Receiving this error:
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
I have been through this article (https://jorgequestforknowledge.wordpress.com/2015/03/08/resolving-the-pwunrecoverableerror-error-with-fim-self-service-password-reset-sspr/) and still getting the same error.
At a bit of a loss now. Hoping someone could shed some light on this and help me out.
Thanks
Stephen
Hi,
Pls could someone explain SSPR and OTP.
In order to receive an OTP (either via email or phone), do people still need to register their Questions, and Answer them correctly to receive an OTP, and only then reset their password?
Or, with OTP, are you supposed to auto-register people with SSPR, and during a reset operation they would receive their OTP?
Thank you,
SK
We have a requirement to create Export files on different instances of Application Servers via FIM based on certain attribute value criteria. Is there any way of achieving it from one Management Agent to create different files for users.
Also, during de-provisioning of users, we have to remove the connector and create other xml based on instances where it was present. For FILE based Management agent, for de-provisioning scenarios do the mentioned code also generates the entries for de-provisioned user as well? "
public void ReadExportFile(KeyedCollection<string, ConfigParameter>
configParameters,
Schema types,
ReadExportFileRunStep exportRunStep)"
Regards,
Manuj Khurana
Hi,
I'm provisioning users to AD based on an input from a CSV file (it's actually a CSVDE). I've successfully synced around 6000 users and that has worked fine for a number of months. The process I'm using is as follows:
1. File MA --> Full import and delta sync (loads data from CSV file)
2. FIM MA --> Export, delta import and delta sync (provisions user to FIM portal)
(wait 10 minutes)
3. AD MA --> Export, delta import and delta sync (provisions user and mailbox in AD)
4. FIM MA --> Export, delta import and delta sync (updates domain attribute in FIM portal)
I'm using declarative rules, similar to this: https://technet.microsoft.com/en-us/library/ee534908(v=ws.10).aspx
The HR file is authoritative (i.e. takes precedence
Today I realised that around 50 users were provisioned to the MV, had a file MA connector and a FIM connector, but not a an AD connector. Looking at the account in the FIM portal I realised that the domain attribute was not populated for contoso and that an AD outbound sync rule was not pending.
I then decided to run the synchronisation steps at 1 to 4 above, but this time used full imports and full synchronisations. After doing this the number of accounts which did not have an AD MA connector dropped to around 10 (e.g. 40 additional accounts were provisioned to AD).
To provision the remaining 10 users, I firstly deleted the 10 users from my input CSV file and ran through the sync steps above. This ensured that the 10 users were removed from the MV and FIM portal. I then re-added the 10 users to my CSV and ran through the steps above, but this did not provision the 10 users! To ensure the 10 users and their mailboxes were created in AD/Exchange I did the following:
1. Logged on the FIM portal and checked to see if an AD outbound sync rule is pending (it's not).
2. Changed the user account employee type to "contractor" (bringing the user out of scope of a sync rule using the MPR\triple).
3. On the FIM MA, performed a delta import and delta sync. The MA shows an update, but prompts for a FIM MA export back to "FullTimeEmployee" for the user as the MV value takes precedence.
3b. I perform an export and delta import on the FIM MA.
4. The user account now shows as having an AD export sync rule pending.
5. If the synchronisation step in 3A shows an outbound sychronisation for the AD MA, I simply perform a:
5a. AD MA --> export, AD delta import & AD delta sync
5b FIM MA --> export, delta import & delta sync
If the synchronisation step in 3A does not show an outbound sychronisation for the AD MA, I do the following:
5c. Change the domain attribute for the user to "contoso" using the drop down in the FIM portal when clicking on the user.
5d. FIM MA --> delta import and delta sync (MA reports update due to 5c).
5e. FIM MA --> export, delta import and delta sync.
5f. FIM MA --> delta import and delta sync (now the AD MA shows an outbound synchronisation)
5g. AD MA --> export, delta import and delta sync (user account and mailbox provisioned in AD)
5h. FIM MA --> export, delta import and delta sync (tidy up)
I don't know why these additional steps were required for the 10 users, it just feels as if they got stuck in the system!
Any ideas on how to avoid this oddness would be appreciated in future...
On a slightly different note, am I right in thinking that full synchronisations and imports on valid existing objects simply updates the existing object if applicable, rather than delete and create new objects?
Thanks in advance
IT Support/Everything
Hi..
Is there any way to manage IBM AIX OS Accounts/Groups/Password using MIM 2016?
I try to search only fond thired party connector below:
Regards,
Hi,
We don't have AADConnect at the moment, looking at this screenshot, what options exist in the "Directory Type" drop down box?
Can this be any Directory Service? e.g. AD, ADLDS, OpenLDAP, etc etc?
Thank you
I've seen one video on Access on Demands & Entitlements on Youtube for providing time based access to users. But I'm not able to find anything on how to add these features in the existing FIM Setup. Can anybody please help in adding them to FIM, or is there any other way of achieving time based access?
FYI - The product is "Blue Athene product add-on for Forefront Identity Manager 2010"
Regards,
Manuj Khurana
Hello,
I had protected my Excel File using IRM on Office 2010 Pro .
I am now using Office 365 Home . Now I am not able to access my Excel File .
Request inputs from anyone having knowledge regarding this .
Thanks!
Hi,
Anyone know the time of expiration of the security code that is sent by e-mail gate in password reset portal?
I read somewhere about it that expiration occurs in the same time of application session, but I did not see any microsoft document with this information.
I appreciate any help!
Thanks in advance,
Vitor Silva
Hi,
I am trying to achieve something as below:
There is a checkbox control and only when user selects the checkbox, he should be presented with another control which is Radio Button with 2 options available, Ex:A and B. Now when user selects B option, he should be presented with another control which is a checkbox option.
Is this possible?
I tried something as below, but doesn't seem to be working. None of the Radio Button options are selected when the page is loaded, even though I am setting default value to False.
<my:Control my:Name="CheckBox1" my:TypeName="UocCheckBox" my:Caption="{Binding Source=schema, Path=CheckBox1.DisplayName}" my:Description="{Binding Source=schema, Path=CheckBox1.Description}" my:RightsLevel="{Binding
Source=rights, Path=CheckBox1}" my:AutoPostback="true">
<my:Properties>
<my:Property my:Name="ReadOnly" my:Value="false" />
<my:Property my:Name="Checked" my:Value="{Binding Source=object, Path=CheckBox1, Mode=TwoWay}" />
<!--<my:Property my:Name="Text" my:Value="%SYMBOL_CheckBox1_END%" />-->
<my:Property my:Name="Hint" my:Value="{Binding Source=schema, Path=CheckBox1.Hint}" />
</my:Properties>
</my:Control>
Kindly Help!!
Thanks,
Veena
Hello All,
Need Suggestion.
We are currently using FIM 2010 R2 ver 4.1.3613 SSPR. We want to upgrade our environment to MIM 2016.
I want to know about the licencing of MIM 2016. Can we use the same licence of FIM 2010 R2 in MIM 2016.
Regards,
Suman
Hi,
Just reviewed the PAM FAQ, and have a few questions (https://social.technet.microsoft.com/wiki/contents/articles/33363.mim-2016-privileged-access-management-pam-faq.aspx)
Thank you,
SK
Hello guys,
this is my first entry in this forum :)
I want to install Microsoft Identity Manager and so far i have followed those instructions:
https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/microsoft-identity-manager-deploy
I have two Windows Server 2012 - one as a domain controller with Active Directory and the other one with SQL Server 2014 and SharePoint Server 2013 installed on it. On the second Server i installed MIM Synchronization Service and MIM Service and Portal without any errors or warnings.
So now i wanted to synchronize Active Directory with MIM Service by creating a MIM management agent. When i try to open the Synchronization Service Manager the following error message appears:
"Unable to connect to the Synchronization Service.
Some possible reasons are:
1) The service is not started
2) Your account is not a member of a required security group.
See the Synchronization Service documentation for details."
The services Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service are both running. I am not sure what the second error message means. Does it refer to the local administrator account, the domain administrator account or to any other account? What are the required security groups this account has to be a member of?
Thank you for your help!
Hello There,
i just concluded an single server install of MIM 2016 on SP 2013 Foundation SP1/SQL 2014 as per the product documentation. Authentication fails when I attempt to login to the MIM Service Portal using either the domain administrator or the account used to install the SP 2013 SP1.
I see here a similar problem posted but yet to be reported resolved
https://social.technet.microsoft.com/Forums/en-US/69ae1c15-3abd-40f2-9993-144e9d94c1ab/cannot-login-to-microsoft-identity-manager-2016-portal?forum=ilm2
I have followed the guidance below.
# Set a reference to the MIM portal website
$MIM = Get-SPWeb -Identity http://[MIM_PORTAL_NAME]/IdentityManagement
# Display the list of users
$MIM.Users
I could see NT AUTHORITY\authenticated users in the list that returns
Any further help will be appreciated
Akinzo