Hello all,
Hope I have the correct forum category for this. I see disconnectors when I do an import from AD in AD Sync (about 800) and I think that this could be some issue, because this states that there are a lot of accounts in the CS that do not have a connection anymore with an object in the metaverse. I wonder how I can effectively find out if this is an issue and what kind of objects that are.
Hi,
We use FIM 2010 R2 SP1 to sync a user database with AD. As explained in official links
https://technet.microsoft.com/en-us/library/ee534902(v=ws.10).aspx, but db in place of file)
and official installation guides
https://technet.microsoft.com/en-us/library/hh322906(v=ws.10).aspx
https://docs.microsoft.com/fr-fr/microsoft-identity-manager/deploy-use/microsoft-identity-manager-deploy)
sync process may be DB import, DB Sync, FIM export, ...
Howerver we noticed on the third step (FIM Export) a such slow behaviour. As far as we know, we have respected all of the guides requirements, and the server hardware configuration is quite "strong" (4 cpu x 4 cores, 16 Gb), but here are some performance data.
Considering 1000 entries, in a fresh FIM environnement (only one sync rule inserted in configuration, no MPR, no workflow) :
- DB import (from db to db connector space): 18 seconds (~55 entries/s)
- DB sync (from db connector space to MV, including FIM MA provisionning for export) : 19 seconds (~53 entries/s)
- FIM Export : 180 seconds (5 entries/s) !!!!!!!!!!!!!!!!!!!!!!!!
Considering we have to work with about 300 000 entries for real, and that a full cycle is such longer (after FIM Export, we may have FIM sync, AD export, AD import, AD Sync, FIM Export) with EREs and DREs to sync with FIM...
There is something missing, something we cannot see, but what ? Anyone had similar issues ? Any way to solve this slow slow behaviour ?
We have noticed a real cpu increase during export too. 2 or 3% during import and sync, but 40 to 50 % during export !!!
BR,
Emmanuel IT
Hi Team,
in my customer i have two oracle application, peoplesoft campus solution and oracle finance
my customer want to implement single sign on, they already have office 365 and no Active Directory on premise
My company propose solution using azure graph API, to authenticate directly to azure. like this schenario
https://www.youtube.com/watch?v=dXMrIjNGYqw
is it posible to do single authentication with oracle application using universal API?
can you share the workflow and logic ?
thanks
regards
Hello All,
Need help!
We have implemented SSPR in our environment and there are workflows set for a each user as per their language.
But for one of the user while registration security question are coming in english and other description on the page is coming in his regional language.
Kindly suggest.
Regards,
Suman
Hi,
When deploying MIM SSPR, can we:
1. Provide one set of users with the OTP option, and another set of users with the Question & Answer option on the same MIM SSPR Portal (Registration and Reset Portal)? Or do we need multiple Registration and Reset Portals deployed linked to different Sets?
2. Can we offer a user the both options at Registration (Question&Answer or OTP) and they can pick which one they want to register for?
3. Say a user is registered for BOTH 'Question&Answer' and 'OTP', do they have to get both correct in order to reset their password, or is there a way for them to only get one of them correct?
Thank you,
SK
Hi All,
When I try to connect AD via Powershell MA I am getting below error
The extensible extension returned an unsupported error.
The stack trace is:
"System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.IdentityManagement.Connector.PowerShell.Bridge.ConfigBridge.GetSchema()
Forefront Identity Manager 4.1.3441.0"
I get this error with both impersonation and without it.What is the access required for the impersonated account or the FIM Sync account without impersonation.Below Schema file works in other environment but not in one.
Schema File
I've set up the BHOLD MA (Access Management Microsoft) in MIM 2016to export users to the BHOLD Core.
I'm using the http://technet.microsoft.com/en-us/library/jj853094(v=ws.10).aspx lab guide to help me out.
The only difference, I'm preferring to use portal sync rules instead of using the attributeflow in the BHOLD MA itself. (easier and powerful)
I've configured a Synchronization rule in the FIM Portal, however, it complains that when I'm trying to flow department (MV) to OrganizationalUnit (CS) (a BHold orgunit is not the same as an AD OU) are not matching types: String versus Reference.
When I configure this on the BHOLD MA agent itself as explained in the above lab guide, there's no error!
Question: has anyone ever used portal sync rules to populate BHOLD CORE with users? Is it possible
Hello guys,
this is my first entry in this forum :)
I want to install Microsoft Identity Manager and so far i have followed those instructions:
https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/microsoft-identity-manager-deploy
I have two Windows Server 2012 - one as a domain controller with Active Directory and the other one with SQL Server 2014 and SharePoint Server 2013 installed on it. On the second Server i installed MIM Synchronization Service and MIM Service and Portal without any errors or warnings.
So now i wanted to synchronize Active Directory with MIM Service by creating a MIM management agent. When i try to open the Synchronization Service Manager the following error message appears:
"Unable to connect to the Synchronization Service.
Some possible reasons are:
1) The service is not started
2) Your account is not a member of a required security group.
See the Synchronization Service documentation for details."
The services Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service are both running. I am not sure what the second error message means. Does it refer to the local administrator account, the domain administrator account or to any other account? What are the required security groups this account has to be a member of?
Thank you for your help!
Hi
I would like to implement MIM GALSync across three Exchange Organizations. One of them uses Office365 (AzureAD and ADDS are synchronized using AzureAD Connect). But they don’t have an Exchange Server on-premises anymore. From my perspective the only way to establish proper GALSync is to deploy Exchange 2013 CAS Server on-prem to be able to provision mail-enabled contacts. Is there a more elegant way?
Another question. What would be the best way for GALSync if an Organization has Cloud-only Identities (No Sync between AzureAD and ADDS)?
Thanks for any suggestions best regards
Pirmin
Hello,
I have setup Identity Manager for the first time to use with a new SharePoint 2016 environment. I had tried to use the default AD sync but could not pictures to work there way over. I have followed a few instructions on getting MIM installed, hot fix applied, SharePoint connector installed, GitHub files downloaded, and scripts run. I am running in the issue where I cannot get the ADMA and SPMA to run successfully with the following command.
Start-SharePointSync -Confirm:$false
When I do I am getting two different Return Values.
The first is for the ADMA FullSync. I get stopped-extension-dll-file-not-found. The dll listed in the ADMA Agent is SharePointSynchroniation.dll. When I navigate to the extensions folder it is not listed. Tried another extension that was and received the same error. Event viewer giving this:
The server encountered an unexpected error:"Could not load file or assembly 'file:///C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\SharePointSynchronization.dll' or one of its dependencies. The system cannot find the file specified. at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark) at System.Reflection.Assembly.LoadFrom(String assemblyFile) at Microsoft.MetadirectoryServices.Impl.ScriptHost.InitializeWorker(InitializeArguments pArgs) InnerException=> none"
On the SPMA FullImport, Export, and DeltaImport I am seeing extensible-connector-refresh-required. No clue on this one as I have no support I can locate.
I have deleted and recreated the Run Profiles and Updated the Management Agents no avail. No users appear in the Metaverse search and no user data is getting to SharePoint from AD. Looking for advice and direction.
After updating a MA schema (in this particular case I had added a column to an Oracle MA), I got this error in the event log:
Event 6331, FIMSynchronizationService
A update on the configuration of a MA or MV failed to replicate to a target connector directory that is capable of storing MA/MV configurations. As a result, the MA/MV configuration data in this connector directory is not up to date. Please correct the condition
that causes the error, and triggers a resync by updating the password information of the target MA.
This error has been reported on other occasions, and I'm afraid that there is no better solution than re-installing, which would be annoying on a production system.
Has someone found out a way to deal with this without reinstalling?
Thanks,
Paolo
P.S: I have submitted a bug on connect: mv-data replication failure after MA schema update. Please vote it if you think it's useful.
I am trying to install MIM CA Files on a 2008 32 bits CA Server, where CLM was installed and worked fine. Here is a snipped of the log, where it failing.
Thanks in advance for your help!
-----------------------------------
MSI (s) (14:7C) [15:09:36:226]: Executing op: RegisterSharedComponentProvider(,,File=F_CENTRAL_msvcr100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,Component={9983C931-37BE-3C6E-AD32-8B6E789B6881},ComponentVersion=10.0.30319.460,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,PatchSize=0,PatchAttributes=0,PatchSequence=0,SharedComponent=0,IsFullFile=0)
MSI (s) (14:7C) [15:09:36:242]: Executing op: RegisterSharedComponentProvider(,,File=F_CENTRAL_msvcp100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,Component={E822F933-C70D-3CF4-A92D-7263B8ACCF30},ComponentVersion=10.0.30319.460,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,PatchSize=0,PatchAttributes=0,PatchSequence=0,SharedComponent=0,IsFullFile=0)
MSI (s) (14:7C) [15:09:36:242]: Executing op: CacheRTMFile(SourceFilePath=E:\Software\Certificate Management\x86\System32\Win\System\msvcp100.dll,FileKey=F_CENTRAL_msvcp100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,Attributes=512,,,,CopierFlags=0,FileSize=421200,,,,,)
MSI (s) (14:7C) [15:09:36:258]: Note: 1: 2318 2: C:\Windows\Installer\$PatchCache$\Managed\1EE4AF45EB474514FB7C0BE2DF5D5D54\4.4.1237\F_CENTRAL_msvcp100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3
MSI (s) (14:7C) [15:09:36:289]: Executing op: CacheRTMFile(SourceFilePath=E:\Software\Certificate Management\x86\System32\Win\System\msvcr100.dll,FileKey=F_CENTRAL_msvcr100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3,,ProductCode={54FA4EE1-74BE-4154-BFC7-B02EFDD5D545},ProductVersion=4.4.1237,Attributes=512,,,,CopierFlags=0,FileSize=768848,,,,,)
MSI (s) (14:7C) [15:09:36:289]: Note: 1: 2318 2: C:\Windows\Installer\$PatchCache$\Managed\1EE4AF45EB474514FB7C0BE2DF5D5D54\4.4.1237\F_CENTRAL_msvcr100_x86.F1DD796A_B984_3DCA_A68D_6B352BDC86F3
MSI (s) (14:7C) [15:09:36:320]: Executing op: CacheSizeFlush(,)
MSI (s) (14:7C) [15:09:36:320]: Executing op: ActionStart(Name=REGISTERCMEVENTS,,)
Action 15:09:36: REGISTERCMEVENTS. .
MSI (s) (14:7C) [15:09:36:320]: Executing op: CustomActionSchedule(Action=REGISTERCMEVENTS,ActionType=3073,Source=BinaryData,Target=CAQuietExec,CustomActionData="WevtUtil.exe" im "E:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate
Management\Bin\CertificateManagementEventsManifest.man" /rf:"E:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\Bin\Microsoft.Clm.Configuration.dll" /mf:"E:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate
Management\Bin\/Microsoft.Clm.Configuration.dll")
MSI (s) (14:24) [15:09:36:320]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI4731.tmp, Entrypoint: CAQuietExec
MSI (s) (14:A4) [15:09:36:320]: Generating random cookie.
MSI (s) (14:A4) [15:09:36:336]: Created Custom Action Server with PID 7580 (0x1D9C).
MSI (s) (14:3C) [15:09:36:382]: Running as a service.
MSI (s) (14:3C) [15:09:36:382]: Hello, I'm your 32bit Elevated Non-remapped custom action server.
CAQuietExec: Invalid option rf. Option is not supported. The parameter is incorrect.
CAQuietExec: Error 0x80070057: Command line returned an error.
CAQuietExec: Error 0x80070057: CAQuietExec Failed
Nosh Mernacaj, Identity Management Specialist
Hello,
i wish to use MIM to connect to Data sources with Web Services exposed. Can I use
1. The PowerShell MA to achieve this ? How Reliable\efficient is this approach ?
2. Can i customize the Web Services Connector to achieve this for my various application identity data sources, even though the default Web Services Connector Projects are specific to Oracle, SAP, PeopleSoft etc.
Thanks
Akinzo
Hi,
Busy reading on how to enable on-prem MIM 2016 SSPR SMS/Phone Gate to use Azure MFA - https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/working-with-self-service-password-reset
The article does not mention anything about whether it is required that the user identities also exist in Azure AD, via AADConnect.
So based on this article, I dont need any Azure identities for this SSPR Azure MFA solution to work then? Is that correct?
Thank you,
SK
Hello All,
We have currently two environment(test and Prod) and below is there our environment .
1) win 2008 R2
2) .NET 3.5
3) SQL native client 9.0
4) SP 2007
5) FIM versions 4.1.3613, and 4.1.3559
Can any one please help is these versions can be supported while i am upgrading to MIM 2016.???
Regards,
Suman
Dear all,
Is MIM 2016 supported to be installed on SQL 2012 SP3 for synchronization and fim service components? TechNet article state SQL 2012 SP2 but do they mean this is the minimum requirement on SQL 2012?
thanks.
MM
Hi Guys,
Our client Is actually a museum/ Exhibition still not operational. We are managing identities based on user webmember registration. Basically if any visitor comes to our museum/Exhibition and if he subscribe any membership we will create a AD user account and provide access to application based on his subscription. The number of managing identities through FIM Sync engine is keep on increasing. That’s not a problem. The problem is we are going to hire 600 staffs. We want to manage 600 staffs through FIM Portal, and we plan to provide password reset portal and group management. But, in FIM Sync MV will have all web registers and 600 staffs. So, do we need to purchase only 600 CAL license or we need to buy CAL for all the users in Metaverse? Currently we have only FIM server license. Without Purchasing CAL license can we implement SSPR atleast?
Hi,
Recently I updated FIM -> MIM SP1 for one of my customers (happily first in TEST environment). After upgrade when I open portal locally on MIM server dialog boxes are not showing any data (they are empty, infinitely "loading"). When I try to open portal from another server it is showing dialog box but if I'm trying to select something in identity picker, second dialog box is opening empty. Accessing portal from third server everything works ...
Anyone seen something similar? As there are not errors in event log I assume it is some client issue. Are there any requirements for browser for use with MIM SP?
These servers are as follows:
MIM server - Win 2012 Data Center, IE 10
other server - Win 2018 R2 SP1, IE 8
third server - Win 2012 Data Center, IE 10
Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)
Hi,
We are searching for the FIm BP Analyzer but no way to download it, the link seems to be broken.
http://www.microsoft.com/en-us/download/details.aspx?id=30419
Is there anyway to get it ?
BR,
Emmanuel IT