Hello!

I only use the Synchronization Service and no Portal.
In this example I have two agents HR and Phone. The two HR and Phone are just simple databases

I run these profiles
Full Import for agent HR so the CS contains the Data
Full Sync HR which call the provision which create Phone object that links to MV object

Now when I run Full Sync HR a second time I can see that the provision is create the Phone connector again which
I find strange. So my question is why is not this variable targetAgent.Connectors.Count equal to 1 telling me that you already have a connector

//Here is the code that provision Phone
void ProvisionPhone(MVEntry mventry)
        {
            CSEntry csentryKatalog;
            ReferenceValue dn;
            int connectorsSourceSystem = mventry.ConnectedMAs["Projekt - Personal"].Connectors.Count;
            if (connectorsSourceSystem == 0)
            {
                connectorsSourceSystem = mventry.ConnectedMAs["Projekt - AD"].Connectors.Count;
            }
            ConnectedMA targetAgent = mventry.ConnectedMAs["Projekt - Phone"];
            
            if (connectorsSourceSystem >= 1 && targetAgent.Connectors.Count == 0)
            {
                dn = targetAgent.CreateDN(mventry["personnummer"].Value);
                csentryKatalog = targetAgent.Connectors.StartNewConnector("Katalog");
                csentryKatalog.DN = dn;
                csentryKatalog["MAID"].Value = mventry["personnummer"].Value;
                csentryKatalog.CommitNewConnector();
            }

//Tony

Hi,

We have a MIM Sync & Portal deployed and working in Production.

We are deploying a new DEV & TEST environment, and would like to backup and restore the Production MIM into these new environments.

Is this sufficient?

• Backup FIMService and FIMSyncService databases in Prod
• Deploy MIM base in DEV & TEST environments (same version of MIM as Prod)
• Restore FIMService and FIMSyncService databases in DEV & TEST environments
• Copy any custom PowerShell add-ins/modules, scripts
• Copy contents of C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions across to DEV & TEST

Anything else?

Thank you.

We've got a lot of data (employee licenses / charge out rates / first aid certifications / etc) that we would like to synchronize between multiple systems.  I was looking at the REST capabilities of MIM, but MIM seems to be emphasized as a on-premise solution, and Azure AD as the cloud solution.

My concern is that a lot of the data I'd like to replicate isn't appropriate to put into Azure AD, and Azure AD doesn't really need to know about it.  With FIM, I can synchronize attributes only to the data sources that need them (so our HR System <-> Payroll system for example, without going to the AD data source).

Does Azure AD have a metaverse-style repository for this purpose? I'm not sure if I've articulated this very well...

Hi, we have configured FIM to use a Google smtp gateway based on Brad's great post.  All is working well and FIM is able to successfully send email to a Google Apps instance which we use for corporate email.  We have gotten a request to change the display name of the FIM email account that notifies end users so the address appears as something friendly in their email box instead of "fimmailbox@acme.com".  The specific request is to change the display name in the email from "fimmailbox@acme.com" to "Acme Provisioning Team".  Sounds like this should be simple to do but we are stuck.

1. We confirmed that "fimmailbox@acme.com" has the friendly name "Acme Provisioning Team" set in Google apps.  When we manually go in to the Google Apps mailbox and send directly from Google mail, the desired display name appears.
2. However, when FIM sends the notification the "from" display name appears as "fimmailbox@acme.com" instead of "Acme Provisioning Team".
3. We attempted to modify Microsoft.ResourceManagement.Service.exe.config  and updated <add key="sendAsAddress" value="Acme Provisioning Team<fimmailbox@acme.com>" />  when we restart the FIM Service it bombs out so we reverted back to <add key="sendAsAddress" value="fimmailbox@acme.com" />.
4. We created a .net console smtp app and ran it on the FIM service server to see how it would react. This code gives us the desired email format as well. 

try
            {
                MailMessage mailMessage = new MailMessage();
                mailMessage.To.Add("my.testaccount@acme.com");

               //**Key line, this gives desired format option!
                mailMessage.From = new MailAddress("Acme Provisioning Team<fimmailbox@acme.com>");

                mailMessage.Subject = "FIM Welcome Email";
                mailMessage.Body = "FIM Rocks!";
                SmtpClient smtpClient = new SmtpClient("localhost");
                smtpClient.Send(mailMessage);
                Console.Write("E-mail sent!");
            }
            catch (Exception ex)
            {
                Console.Write("Could not send the e-mail - error: " + ex.Message);
            }

The question at hand is how can we configure FIM to show the desired display name like we do here?

//**Key line, this gives desired format option!
mailMessage.From = new MailAddress("Acme Provisioning Team<fimmailbox@acme.com>");

Cheers!

Hi,

There is this concern about a folder has been created in my users directory with Chinese name. This happened after I installed MIM 2016 in my server.

Does anyone have any idea about it.

Thanks

Hi, 

i set up a new installation of MIM 2016 for User Profile Sync with SharePoint 2016.
The customer wants to filter out active directory users which have a value in "extensionAttribute10".

I tried to create a new connector filter, but i don't find these extensionAttributes to filter:

Maybe because it's an Exchange Attribute? Is there another possibility?

Best regards,

Hi,

One of the steps mentioned during the migration from hotmail to outlook live is this:

Edit the MX record for the domain

Hello Experts,

I am working on PAM deployment and would appreciate if you could assist me in solving some of my queries:

1) MIM/PAM SharePoint 2016 High Availability

We are planning to use SharePoint 2016 servers for MIM 2016 deployment for PAM to allow users to request access through GUI. With SharePoint 2013 foundation (free), it was simple to just install SharePoint component on each server. SharePoint 2013 mainstream support is ended this year so management does not want to go with SharePoint 2013. 

Could anyone of you please advise if we should go with SharePoint Farm deployment with 2 FE and 1 clustered SQL Instance as the backend for MIM Portal or should be installed SharePoint 2016 standalone on each MIM portal server? 

2) PAM MFA (Bastion Forest)

We Install PAM in bastion forest and it is recommended to integrate MFA with PAM to provide an extra layer of security. Do we need to sync bastion forest users with the Azure portal using AD Sync to assign them the Premium license for PAM MFA Authentication or would it work without Syncing their bastion forest accounts with Azure?

Thanks!

Hello,

I can't seem to find a definitive response as to whether FIM 2010 R2 SP1 Supports integration with a 2016 Domain Controller?

Can anyone answer this?

Thanks

Twice now on a production FIM server, WMI got corrupted in some fashion preventing us from running Scheduled jobs that start run profiles on MAs. I know others have experienced the same issues. What are some things people are doing in attempts to prevent WMI from becoming corrupt on FIM servers, if anything?

First issue: ILM namespace disappeared or became corrupt
Resolution: - Open a command window
- Browse to the installation\bin folder (default: C:\Program Files\Microsoft Identity Integration Server\Bin)
- Run "mofcomp mmswmi.mof" to recompile the mof file and add the namespace to wmi  (source: http://social.technet.microsoft.com/Forums/en/identitylifecyclemanager/thread/2a4c8f42-4123-4297-aa35-29a96956946e)

Second Issue: WMI repository became corrupt

Failed to initialize all required WMI classes.

 Win32_Processor. WMI: Invalid namespace

 Win32_WMISetting. WMI: Invalid namespace

 Win32_OperationSystem. WMI: Invalid namespace

Resolution: -

Stop the WinMgmt service. Then run the following commands:

1 - "C:\WINDOWS\system32\wbem> for /f %s in ('dir /b *.dll') do regsvr32 /s %s" (without quotation marks)

2 - "C:\WINDOWS\system32\wbem\Repository>for /f %s in ('dir /b *.dll') do regsvr32 /s %s" (without quotation marks)

3 - Rename the existing C:\WINDOWS\system32\wbem\Repository to C:\WINDOWS\system32\wbem\OLDRepository.

4 - Start WinMgmtand allow WBEM to rebuild the repository again in C:\windows\system32\wbem\repository.

5 - Stop Service via Services snap-in or net stop winmgmt, and register the files in the rebuilt c:\windows\system32\wbem\repository folder

6 - Rebuild ILM namespace

7 - Issue should be be resolved.

HI ALl,

Need some help.

I have customer who wants to mark few attributes as mandatory while creating users in MIM portal. Also, customer wants us to convert few field like Regions as drop down menu and not direct string value.

Thanks in advance

Hi,

i noticed that on some pages, MIM already does an "empty" search, showing all results when visiting a page.

I would also like to enable this for the Users page. I want to list all users that a person can see when he/she selects "Users" in the navigation bar, just like if an empty search was made

Thanks in advance

Regards

I have installed MIM Sync 4.3.2195.0. It was a fresh install and not an upgrade.

When trying to do a manual join I get the following error:

"Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.DirectoryServices.MetadirectoryServices.UI.PropertySheetBase.MMSErrorMessages.resources" was correctly embedded or linked into assembly "PropertySheetBase" at compile time, or that all the satellite assemblies required are loadable and fully signed."

After clicking OK I can see the error details which are as follows:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentNullException: Value cannot be null.
Parameter name: value
   at System.String.IndexOf(String value, Int32 startIndex, Int32 count, StringComparison comparisonType)
   at System.String.IndexOf(String value, StringComparison comparisonType)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSErrors.AdjustErrorTextForExtensionException(String& sErrorString)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.AccountJoiner.AccountJoinerControl.Join()
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
miisclient
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/miisclient.exe
----------------------------------------
PropertySheetBase
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/PropertySheetBase.DLL
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34251 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34238 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
UiUtils
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/UiUtils.DLL
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34234 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
MmsServerRCW
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MmsServerRCW.DLL
----------------------------------------
System.ServiceProcess
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.ServiceProcess/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
----------------------------------------
Operations
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Operations.DLL
----------------------------------------
GroupListView
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/GroupListView.DLL
----------------------------------------
MaExecution
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/MaExecution.DLL
----------------------------------------
AccountJoiner
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/AccountJoiner.DLL
----------------------------------------
mmsuihlp
    Assembly Version: 0.0.0.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/mmsuihlp.DLL
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.34209 built by: FX452RTMGDR
    CodeBase: file:///C:/windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
ObjectLauncher
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectLauncher.DLL
----------------------------------------
ObjectViewers
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/ObjectViewers.DLL
----------------------------------------
Preview
    Assembly Version: 4.3.2195.0
    Win32 Version: 4.3.2195.0
    CodeBase: file:///C:/Program%20Files/Microsoft%20Forefront%20Identity%20Manager/2010/Synchronization%20Service/UIShell/Preview.DLL
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

http://www.wapshere.com/missmiis

Hi All,

How to export the multi valued attributes from FIM into a csv file with values separated  by ;.

Like if we want to export a single valued attribute, we can acheive the same with the below command

 $Attribute_Name = (($i.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "AttributeName "}).Value)

how can we perform the same for multi values attributes like secondary owners of a group where we have multiple values and we need to export into a single column of a csv file with each owner seperated by ;

Thank you

-Rajesh

Rajesh

any one know where I can get KB2926490 for FIM 2010?  it's no longer available from Microsoft

Thanks

Ulf Lindström

What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in November 2018 and must be in English. However, the original blog or forum content can be from beforeNovember 2018.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

Thanks,
Kamlesh Kumar

If my reply is helpful please mark as Answeror vote as Helpful.

My blog | Twitter | LinkedIn

Hi,

We have recently tried to install MIM service and portal ("Service and Portal.msi" from "SW_DVD5_Identity_Manager-CAL_2016w_SP1_64Bit_English_-2_MLF_X21-21816.ISO" image) and ran into the following problem.

After analyzing the netmon trace we realized that the installer is trying to establish TLS handshake over TLS 1.0, which was disabled on the SQL server. The only way we could finish the installation was after enabling TLS 1.0 on the SQL server. On the other hand Synchronization service MSI installer from the same ISO image is working as expected against SQL server where TLS 1.0 is disabled.

Is the product team aware of this issue? Are there any plans to "upgrade"Service and Portal.msi to support TLS 1.1/1.2?

Thanks,

Jaksa

I migrate my Powershell Management Agent from an older Version and get an error in the "End Import" script part.
The script run successfully in Version:
FIM Powershell Management Agent Version 4.3.1082.0

Now I tried these versions:
MIM Powershell Management Agent Version 1.1.830.0 and Version 1.1.8610

The script is quit simple
[CmdletBinding()]           
param(               
    [Microsoft.MetadirectoryServices.ConfigParameterKeyedCollection]    
    $ConfigParameters,
   
    #[ValidateNotNull()]           
    [Microsoft.MetadirectoryServices.OpenImportConnectionRunStep] $OpenImportConnectionRunStep, 

    #[ValidateNotNull()]           
    [Microsoft.MetadirectoryServices.CloseImportConnectionRunStep] $CloseImportConnectionRunStep,         
               
    [PSCredential] $PSCredential,           
           
    [string]
    $scriptDir = [Microsoft.MetadirectoryServices.MAUtils]::MAFolder            
)

$result = (New-Object Microsoft.MetadirectoryServices.CloseImportConnectionResults)
$result.CustomData = "My custom data"
Write-Output $result

The Error is:
The extensible extension returned an unsupported error.
The stack trace is:

 "Microsoft.MetadirectoryServices.ExtensionException: The following exception occurred while executing the PowerShell commands: System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.IdentityManagement.Connector.PowerShell.Engine.PowerShellRuntime.InvokePowerShell(PSCommand command)
   at Microsoft.IdentityManagement.Connector.PowerShell.Engine.PowerShellRuntime.InvokePowerShell(PSCommand command)
   at Microsoft.IdentityManagement.Connector.PowerShell.Engine.PowerShellContext.ExecuteScript(List`1 commandParameters, String scriptFilePath, Boolean enableSetLocation)
   at Microsoft.IdentityManagement.Connector.PowerShell.Bridge.ImportBridge.GetCloseImportConnectionResult(String scriptFileConfigKey, CloseImportConnectionRunStep closeImportRunStep)
Forefront Identity Manager 4.5.202.0"

If I do not use a script in "End Import" at all the sync runs without error. But I need this step to set additional information in the CustomData field.

Any help is appreciated
Henry.