MIM 2016 Users from AD to AD

October 10, 2016, 5:11 am

≫ Next: MIM AD outbound syncronization error

≪ Previous: MIMCM Modern App supported workflows

Hi,

i'm testing MIM2016 to synchronize user from Domain A to Domain B. Now i have configured two Active Directory agents. The MA of Domain A Import the selected attributes and MA of Domain B exports them. The whole Agent configuration is the same except attribute flow.

I also created run profiles. For Domain A Full Import, Full Sync, Delta Import and Delta Sync. For Domain B i created the run profile to Export the Metaverse Data.

My Problem is that the data from Domain A are imported, but the Metaverse data would not be exported to Domain B.

I'm only using MIM synchronization Service. I don't want to use the Service Portal. Could anyone help me?

↧

MIM AD outbound syncronization error

October 10, 2016, 2:37 am

≫ Next: attribute precedence

≪ Previous: MIM 2016 Users from AD to AD

Hi All,

Requesting assistance.

I am facing a issue during provisioning of user in Active directory from MIM portal, MIM service sync shows following error

Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'AD outbound user'. Details: Object reference not set to an instance of an object.
at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)

I checked that OU information is in "Normal Disconnected state"

would this be causing the sycn to error out ?

Awaiting help

Best regards

Sri

↧

attribute precedence

October 10, 2016, 4:45 am

≫ Next: Creating users in Azure AD using MIM

≪ Previous: MIM AD outbound syncronization error

Hello!
I have a question about attribute precedence.
I have a Manager attribute in HR system which need to be authoritative source for MIM.
So, I have a such precedence:

When I try to run export from MIM to AD I get such message:

Can somebody explain what is wrong?

Thanks!

↧

Creating users in Azure AD using MIM

October 10, 2016, 8:05 am

≫ Next: MIM Vs FIM Add-ins and extensions

≪ Previous: attribute precedence

Hi,

I am trying to create linked users(user exiting in other Azure AD) into a new Azure AD under a separate subscription. Can I use MIM for that?

-AK

↧

MIM Vs FIM Add-ins and extensions

October 11, 2016, 4:52 am

≫ Next: FIM/MIM CM - Private Keys + storage question.

≪ Previous: Creating users in Azure AD using MIM

Hello There,

Can someone please suggest whether FIM add-ins and extensions will be supported with MIM?

Thanks and Regards,

Suman

↧

FIM/MIM CM - Private Keys + storage question.

October 11, 2016, 7:11 am

≫ Next: Sending user's details in mail

≪ Previous: MIM Vs FIM Add-ins and extensions

Hi I'm hoping that someone can help.

I'd like to understand what data the certificate management module actually stores in its database and whether any of this is private key material.

I keep failing to install the systems (although I'm back trying as we speak) and can find nothing in any of the documentation, other than references to interfacing with CA and PKI systems to get key material in certain situations.

What about the keys needed as part of the CM management agent identification or any other certificate creation.

Thanks in advance.

Regards

Andrew

↧

Sending user's details in mail

October 11, 2016, 7:46 am

≫ Next: MIM error on manual Join

≪ Previous: FIM/MIM CM - Private Keys + storage question.

Hello!

I have a problem with configuring initial password sending to user's manager by this article: http://social.technet.microsoft.com/wiki/contents/articles/2121.fim-how-to-use-workflows-to-automate-the-calculation-and-notification-of-initial-passwords.aspx

Additionally I have configured MPR to run this workflow, but without success.

After I run Export to AD I get a created account (in disabled state). I can make a reset for this account and enable it, but this is not what I want.

My Sync cycle is:

MIM MA Delta-Import

Delta-Sync

Export

Delta-Import

AD MAExport

Delta Import

After second run situation is same.

Does somebody have any ideas where is a problem?

↧

MIM error on manual Join

June 16, 2016, 5:38 pm

≫ Next: Powershell MA connector issues

≪ Previous: Sending user's details in mail

I have installed MIM Sync 4.3.2195.0. It was a fresh install and not an upgrade.

When trying to do a manual join I get the following error:

"Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.DirectoryServices.MetadirectoryServices.UI.PropertySheetBase.MMSErrorMessages.resources" was correctly embedded or linked into assembly "PropertySheetBase" at compile time, or that all the satellite assemblies required are loadable and fully signed."

After clicking OK I can see the error details which are as follows:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentNullException: Value cannot be null.
Parameter name: value
   at System.String.IndexOf(String value, Int32 startIndex, Int32 count, StringComparison comparisonType)
   at System.String.IndexOf(String value, StringComparison comparisonType)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSErrors.AdjustErrorTextForExtensionException(String& sErrorString)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.AccountJoiner.AccountJoinerControl.Join()
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
miisclient
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/miisclient.exe
----------------------------------------
PropertySheetBase
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/PropertySheetBase.DLL
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34251 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34238 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
UiUtils
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/UiUtils.DLL
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34234 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
MmsServerRCW
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MmsServerRCW.DLL
----------------------------------------
System.ServiceProcess
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
----------------------------------------
Operations
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Operations.DLL
----------------------------------------
GroupListView
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/GroupListView.DLL
----------------------------------------
MaExecution
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MaExecution.DLL
----------------------------------------
AccountJoiner
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/AccountJoiner.DLL
----------------------------------------
mmsuihlp
    Assembly Version: 0.0.0.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/mmsuihlp.DLL
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
ObjectLauncher
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectLauncher.DLL
----------------------------------------
ObjectViewers
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectViewers.DLL
----------------------------------------
Preview
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Preview.DLL
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

http://www.wapshere.com/missmiis

↧

Powershell MA connector issues

October 11, 2016, 9:14 pm

≫ Next: Approval URL in Approval Email?

≪ Previous: MIM error on manual Join

Hi All,

When I try to connect AD via Powershell MA I am getting below error for detailed logs(miisserver config file)

ConnectorsLog Verbose: 0 : Method Name : PowerShellRuntime : InvokePowerShell
InvokePowerShell completed
ConnectorsLog Error: 3 : Method Name : ImportBridge : GetImportEntries
Unable to run Import on PowerShell Connector

I can see the objects getting created but fails in creating objects in Connector space.It fails in the New-FIMGetImportEntriesResults method and pops the above error.

Any help would be appreciated.

↧

Approval URL in Approval Email?

March 22, 2016, 1:31 pm

≫ Next: FIM External Connector licensing

≪ Previous: Powershell MA connector issues

I know that this is possible with the MIM Outlook extensions but I wanted to see if anyone has gotten this to work with just a HTMLL email. Here's the scenario:

Manager is sent the standard approval email asking them to either approve or reject request. The standard link to portal to go to the awaiting approvals is included. My question is, can a URL be constructed and included in the email which allows the manager to click a URL to approve a request without having to go into the MIM portal? Basically, I am looking to replicate the MIM Outlook extension for approvals and rejections but in a simple HTML link.

If anyone has gotten this to work, please let me know!

If this post has been useful please click the green arrow to the left or click Propose as answer

↧

FIM External Connector licensing

October 12, 2016, 3:52 am

≫ Next: Sending user's details in mail (MIMWAL)

≪ Previous: Approval URL in Approval Email?

Hi,

Could anybody help me on my query. we have few users their emails are registered in other domains, but we are managing their identites in FIM SYNC for sharepoint and other application access. But, we are planning to to provide PWD registration and reset to our internal employees. As per my knowledge MS is charging FIM CALS for all the users in Metaverse. Please correct me if i am wrong. Is there any way to segregate external users and internal users. Can we give poral access only to our internal employees? what is the use of FIM External connector? Will it help in my case? Any suggestions are welcome.

↧

Sending user's details in mail (MIMWAL)

October 11, 2016, 7:46 am

≫ Next: FIM 2010 without Portal

≪ Previous: FIM External Connector licensing

Hello!

Post was edited to include new information.

I have a problem with configuring initial password sending to user's manager by this article:

http://ithinkthereforeidam.com/mimwal-for-setting-and-communicating-password-for-new-users

Users are created in AD, but manager don’t receive a email.

I think that a problem somewhere in Outbound sync rule, maybe some flows needed (or don’t needed) in it.

As I understand, in Sync rule we also need two flows:

Some strong (temporary) password to create a user account, ie.

P@ssw0rd -> unicodePwd

And “checkbox” to recreate password at first user login:

0 -> pwdLastSet

After my sync cycle I get users in AD in enabled state, but with unknown password.

With this two options (without MIMWAL) users are created in AD with this password.

After I add MIMWAL functions users get a new password (which is unknown to me and manager).

Service account can get access to mailbox and send/receive emails.

My sync cycle is

MIM MA Delta-Import

MIM MA Delta-Sync

MIM MA Export

MIM MA Delta-Import

AD MA Export

AD MA Delta Import

After second run situation is same.

Does somebody have any ideas where is a problem?

↧

FIM 2010 without Portal

April 15, 2011, 3:23 am

≫ Next: BHOLD Access Management Connector provisions inherited parent OU roles as disabled

≪ Previous: Sending user's details in mail (MIMWAL)

Hi, I am a complete FIM newbie and I have just installed the FIM sync engine into our lab.

I am trying to configure FIM as a basic DirSynch between two AD domain, so when a user gets created in AD1 I would like FIM to pick the user up and create a duplicate in AD2.

I have created a AD MA to AD1 and I have managed to pull a few test users into FIM (I can see them in the connector space), now how do I export them to AD2? I thought it would be just a case of creating a MA to AD2 and set the flow to export but reading on some web pages I think I will need to install the FIM service and create a FIM Service MA.

Any help gratefully received!

David

↧

BHOLD Access Management Connector provisions inherited parent OU roles as disabled

October 12, 2016, 3:20 pm

≫ Next: MIM CM, what's new?

≪ Previous: FIM 2010 without Portal

I noticed the fact that the Access Management Connector does not enable inherited parent OU roles on a FIM 2010R2 (hotfix 4.1.3766.0 applied) and another MIM 2016 (hotfix 4.3.2266.0 applied). Both installations are single server installs. The setup is as follows:

One MA getting users and departments from a HR database. Each department has a parent department, each department has a list of users. I am using the SQL management agent with a classic setup. Object type is determined by database attribute, database parent attribute contains parent department identifier, multivalue links multiple users with department

A second MA gets permissions from a test application. Each permission has tow attributes in the connector space, ID and name.

Further there is a BHOLD Access Management Connector with following attribute flows:

I have extension code that does the provisioning into the BHOLD connector space, the result of this provisioning is:

After export to BHOLD I notice that inherited roles are not enabled:

In this screen you can see that department 5 is a child of department 3. BHOLD picks correctly up that there is an inherited role "MR-Department 3", but the role is disabled.

According to the hotfix updates applied this issue should have been resolved, the information of the update packages tell me that:

Issue 3

When you use the Access Management Connector to provision new OUs with a parent OU, all the parent OU roles are inherited but are also disabled.

There is always the possibility that I am doing something wrong, but for me the issue still remains. Does anyone of you have the same issue or know how to resolve it?

Thank you in advance.

Wilke Jansoone

↧

MIM CM, what's new?

October 12, 2016, 6:58 pm

≫ Next: Encryption keys

≪ Previous: BHOLD Access Management Connector provisions inherited parent OU roles as disabled

Hi,

I've worked with FIM CM quite a bit before, but havent had time to look at MIM CM.

Is there a place that lists what's new? what's changed? what's deprecated?

Does the UI still look the same?

Thanks,

↧

Encryption keys

October 13, 2016, 4:50 am

≫ Next: FIM interview questions

≪ Previous: MIM CM, what's new?

Hi All,

I am facing an issue while exporting an encryption key of FIM sync service.

error "crdentials do not have access to MIIS encryption keys".

Kindly help.

Regards,

SUman

↧

FIM interview questions

January 15, 2013, 4:03 am

≫ Next: FIM

≪ Previous: Encryption keys

Hi,

Please give me list of FIM question/answer for interview.

Thanks

Harry

↧

FIM

October 13, 2016, 2:10 am

≫ Next: MIM 2016 - SCOM 2012 R2 Management Pack?

≪ Previous: FIM interview questions

Is it possible to take the back up FIM database from different domains ?

FIM MA only uses classic attribute flow ?

CAN WE IMPORT THE SET WITH EXPLICIT REFERENCE TO PERSON OR GROUP TO EMPTY ENVIRONMENT?

ADDING A VALUE TO MULTIVALUED ATTRIBUTE IS A VALID OPERATION UNDER A REQUEST MPR ?

CORRECT STEP SEQUENCE TO ADD/EXECUTE ORGANIZATIONUNIT IN AD MA ?

P/W STORED IN RCSW FIELD QUEUES ARE ENCRYPTED UNTIL THEY ARE DELIVERED?

↧

MIM 2016 - SCOM 2012 R2 Management Pack?

February 3, 2016, 8:48 am

≫ Next: Statistics not reflected for extensible connectivity 2.0 Management Agents

≪ Previous: FIM

Will there be a new/updated SCOM2012 R2 compatible management pack for new Microsoft Identity Manager 2016?

If so, when?

If not, are we expected to try and monitor with the FIM 2010 MP?

↧

Statistics not reflected for extensible connectivity 2.0 Management Agents

September 27, 2016, 7:04 pm

≫ Next: Reporting using powershell scripts for FIM

≪ Previous: MIM 2016 - SCOM 2012 R2 Management Pack?

Hello,

For an Extensible Connectivity 2.0 file based MA, Export profile is configured and execution of the profile is success and also we can find the exported accounts available in the file.

But the statistics of the same is not reflected. Adds , Updates remain zero even-though we have changes and those changes have been exported successfully.

Can anyone please suggest possible reasons for this behaviour and resolution for the same.

Let me know if any further information is needed.

Regards,

Jyothishree SP

↧

Issue 3

Latest Images