Users unable to view security group details (e.g. membership list and owner)

December 27, 2018, 8:20 am

≫ Next: When running full import, I get stopped-extensible-extension-error in status.

Hey all, what are the steps required in order to allow normal (non-admin) users to view security group attributes such as the current membership list and owner in the FIM/MIM portal? So far I have tried the following:

Enabled MPR: Security group management: Users can read selected attributes of group resources
Validated that the target resource for the MPR is the set "All Security Groups" - and confirmed my groups are in this set
Modified the MPR so that members can see all group attributes
Added all my Users to the Set "Security Group Users" and modified the above MPR so that it applies to this Set

Still, when I log in as standard user I'm unable to see the current membership list as well as owner information. What am I missing?

Thanks in advance for any guidance!

↧

When running full import, I get stopped-extensible-extension-error in status.

December 28, 2018, 12:08 am

≫ Next: SharePont 2016 licensing for MIM use

≪ Previous: Users unable to view security group details (e.g. membership list and owner)

Hi,

I have a SAP inbound MA that is based on webservice configuration tool. I get stopped extensible extension error, when I run full import. I tested my sebservice in SOAPUI and was getting java.socket time out exception. But after changing the configuration in SOAPUI, error got fixed in soapui and webservice is working perfectly there.

So now it seems I need to change "service time out parameter" somewhere in MIM or web service configuration tool and I tried my best but I didn't find a place where I can do so.

I found a link, where it says that uncompress *.wsconfig file and do the changes in cfg.config file. Please see screen shot below:

But issue is that when I uncompress my file, I don't get any cfg.config file. I get only files shown in screen shot below:

So any help in this regard would be highly appreciated. As my webserivce is working fine on same server machine on SOAPUI but on mim i get this below error and I am sure that I just need to fix timeout parameter somewhere and it will start working.

--------- Inner Exception Data ---------
Message: The HTTP request to 'http://xxxxxxxx' has exceeded the allotted timeout of 00:00:59.7990000. The time allotted to this operation may have been a portion of a longer timeout.
Exception root Exception type: System.TimeoutException

Thanks & Regards

↧

SharePont 2016 licensing for MIM use

October 17, 2016, 4:09 am

≫ Next: MIM 2016

≪ Previous: When running full import, I get stopped-extensible-extension-error in status.

Hi,

Previously I've always used foundation versions of SharePoint for FIM/MIM which didn't require any licensing. MIM SP1 now supports SharePoint 2016, but there isn't a fondation version anymore.

Does anyone know if any SharePoint licenses are requried if it is just being for the MIM portal?

Mark

↧

MIM 2016

December 31, 2018, 1:36 am

≫ Next: MIM Portal RCDC Configurations with OfficeLocation, Country, City

≪ Previous: SharePont 2016 licensing for MIM use

Hi,

i'm trying to deploy MIM 2016 in infrastructure.

almost done with deployment part, like mim sync engine, SQL, share point, at last i got error while installing service and portal setup files.

even troubleshooted that issue but after installing service and portal the site is not accessible, which is created in sharepoint

what is the possible way to resolve issue?

NOTE: not the default site, the site which we create for mim portal access, that site is not accessible.

↧

MIM Portal RCDC Configurations with OfficeLocation, Country, City

January 1, 2019, 4:08 am

≫ Next: Who will be announced as the next FIM Guru? Read more about January 2019 competition!!

≪ Previous: MIM 2016

Hi Friends,

I was trying to design MIM Portal RCDC Configuration while creating the Joiner form, where I need to Auto populate the values ofOfficeLocation, Country and City. When I select the Countryall the Cities under that country should only populate the City Control in RCDCand same when i select only Office Location should be mapped with the OfficeLocation Control.

Ex: If i select India as country, then all the cities which belongs to India should come in the dropdown or picker or listview control.

Share your ideas how we can present this by implementing / or piece of design for a quick help.

Thanks to all.

↧

Who will be announced as the next FIM Guru? Read more about January 2019 competition!!

January 1, 2019, 7:41 pm

≫ Next: Additional 2016 MIM Portal & MIM Service

≪ Previous: MIM Portal RCDC Configurations with OfficeLocation, Country, City

What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in January 2019 and must be in English. However, the original blog or forum content can be from beforeJanuary 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
(Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from Vimal Kalathil.

Thanks,
Kamlesh Kumar

If my reply is helpful please mark as Answeror vote as Helpful.

My blog | Twitter | LinkedIn

↧

Additional 2016 MIM Portal & MIM Service

January 2, 2019, 11:50 am

≫ Next: Dynamically change the user creation attributes

≪ Previous: Who will be announced as the next FIM Guru? Read more about January 2019 competition!!

Hi Dears,

I did a setup of MIM 2016 Portal & Service on Windows Server 2016 with SharePoint 2016 for SSPR.

I need to know two things:

Is it supported to deploy additional MIM 2016 Portal server for SSPR?
Where is Microsoft Guide for deploying additional Portal Server?

I did not find the guide, so Please help on this.

↧

Dynamically change the user creation attributes

January 2, 2019, 10:57 pm

≫ Next: FIM MA - Delta import running endlessly

≪ Previous: Additional 2016 MIM Portal & MIM Service

Hi,

I want to change the city options based on country. Suppose country is USA then the city attribute should take specific options only. It can be done while creating user or editing user. Suppose while creating user I have given country USA then when editing the user taking the country attribute can I define specific city options?

Also if a drop down is available for city, if not then validation will work fine.

I have configured MIMWAL too, if its possible on that.

Thanks

↧

FIM MA - Delta import running endlessly

January 3, 2019, 4:53 am

≫ Next: Using Soren's PS MA for REST API Post in XML format. How to adapt Export script for REST?

≪ Previous: Dynamically change the user creation attributes

Hello!

I have stumbled across something new and exciting. A while back I had an issue with Delta Import on FIM MA running forever. When I stopped it manually it had imported almost 2 million objects, but there's only 120.000 in CS.

It continued to do so until I ran a full import, which solved the problem. I didn't put much though into this since I was about to upgrade to MIM shortly.

But yesterday, at the same customer, I ran in to the same issue. This time we've upgraded to MIM 2016 (4.4.1302) and everything has moved to new servers.

Has anyone else come across this issue? How do we avoid it in the future?

/Kristoffer

↧

Using Soren's PS MA for REST API Post in XML format. How to adapt Export script for REST?

January 3, 2019, 1:03 pm

≫ Next: MIM 2016 SSPR Question Gate - Allow Help Desk to See User's Answers

≪ Previous: FIM MA - Delta import running endlessly

I have a working Powershell script that successfully posts to the API. I am having trouble finding resources to help me adapt this into the script that the PSMA requires for Export. I am only Exporting. The objects are being created and updated in the MV through other MAs. Here is the working script (via ISE). I have a working Schema script for the 3 attributes already in the MA. Can anyone assist me with adapting this to the Export.ps1 format that the PSMA requires to export the attributes? What am I missing? Thanks.

PARAM
(
  $Username,
  $Password,
  $Credentials,
  $ExportType,
  $Schema
)

BEGIN
{
}
PROCESS
{
$ContentType = "application/xml"
$URI = "https://securewebservicestest.domain.org/ProcessAutomationService/rest/api/request"

$RequestBody = @"<?xml version="1.0" encoding="UTF-8" standalone="yes"?><request type="MiMUserCreate"><credentials><username>svc_mim-lawson_rest</username><password>*************</password></credentials><parameters><parameter><name>USER</name><value>mike</value></parameter><parameter><name>EMP_NUM</name><value>91001</value></parameter><parameter><name>EMAIL</name><value>
            	test2@domain.org</value></parameter></parameters></request> "@

$Result = Invoke-RestMethod -Uri $URI -Method Post -Body $RequestBody -ContentType $ContentType

foreach ($can in $_.ChangedAttributeNames)
      {
        $can | out-file -filepath D:\Software\Temp\Debug.txt -append
        
          }

}
END
{
}

Mike Leach | http://blogs.catapultsystems.com/mleach/default.aspx

↧

MIM 2016 SSPR Question Gate - Allow Help Desk to See User's Answers

January 3, 2019, 2:42 pm

≫ Next: MIM 2016 setup failing during installation

≪ Previous: Using Soren's PS MA for REST API Post in XML format. How to adapt Export script for REST?

Hi everyone,

We have a MIM 2016 implementation and are possibly moving to MIM SSPR from a 3rd Party Tool. One of the things our Security team is wondering is if our Help Desk is able to see/administer user's Security Questions so they can authenticate them if they call into the Help Desk with an account issue. I heard off-handed that MIM 2016 did not support this and you could not see what users put for their Security Questions. I tried doing numerous searches on the topic but did not find any clear answers on this.

If users enroll/answer Security Questions, is there anyway for Administrators or Users with Elevated Rights in the Portal to see what they have put as their answer to accomplish this?

Thank you in advance for any helpful information/insight you may have on this!

↧

MIM 2016 setup failing during installation

January 3, 2019, 4:54 pm

≫ Next: MIMWAL account name like lastname+firstname firstletter, firstname second letter etc till the firstname gets end than we have to pick the middlename firstletter, middlename lastletter like so on

≪ Previous: MIM 2016 SSPR Question Gate - Allow Help Desk to See User's Answers

Using SQL 2014 SP3 for the installation and getting the error shown above. SQL is installed on another server. Errors showing no hints.Can anyone please advise, how to fix this issue?

Action ended 19:45:39: CheckDotNetVersion. Return value 1.

Info 2898. For WixUI_Font_Normal__UL <g class="gr_ gr_67 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace" data-gr-id="67" id="67">textstyle</g>, the system created a 'Tahoma' font, in 0 character set, of 13 pixels height.
Action 19:45:39: SqlCredDlg. Dialog created
MSI (c) (88:84) [19:45:39:491]: PROPERTY CHANGE: Deleting MsiSelectionTreeSelectedFeature property. Its current value is 'ResetPortal'.
MSI (c) (88:84) [19:45:39:491]: PROPERTY CHANGE: Deleting MsiSelectionTreeSelectedAction property. Its current value is '2'.
MSI (c) (88:84) [19:45:39:491]: PROPERTY CHANGE: Deleting MsiSelectionTreeSelectedCost property. Its current value is '0'.
MSI (c) (88:84) [19:45:45:180]: PROPERTY CHANGE: Modifying SQLSERVER_SERVER property. Its current value is 'DGAMIM01'. Its new value: 'dbMIM'.
MSI (c) (88:84) [19:45:45:242]: Doing action: CheckDatabaseNameFormat
Action 19:45:45: CheckDatabaseNameFormat.
Action start 19:45:45: CheckDatabaseNameFormat.
MSI (c) (88:90) [19:45:45:242]: Invoking remote custom action. DLL: C:\Users\SA_PSH~1\AppData\Local\Temp\MSI8E65.tmp, Entrypoint: CheckDatabaseNameFormat
MSI (c) (88!44) [19:45:45:258]: PROPERTY CHANGE: Adding IS_VALID_DATABASE_NAME property. Its value is '1'.
Action ended 19:45:45: CheckDatabaseNameFormat. Return value 1.
MSI (c) (88:84) [19:45:45:258]: Doing action: CheckSQLConnectionAndVersion
Action 19:45:45: CheckSQLConnectionAndVersion.
Action start 19:45:45: CheckSQLConnectionAndVersion.
MSI (c) (88:64) [19:45:45:258]: Invoking remote custom action. DLL: C:\Users\SA_PSH~1\AppData\Local\Temp\MSI8E75.tmp, Entrypoint: CheckSQLConnectionAndVersion
MSI (c) (

↧

MIMWAL account name like lastname+firstname firstletter, firstname second letter etc till the firstname gets end than we have to pick the middlename firstletter, middlename lastletter like so on

January 4, 2019, 1:49 am

≫ Next: FIM Portal Site + Password Reset Site+ Password Registration Site

≪ Previous: MIM 2016 setup failing during installation

Hi All

I want to generate account name using MIMWAL in MIM Portal as below

Account name like last name+first name first letter, first name second letter etc till the first name gets end than we have to pick the middle name first letter, middle name last letter like so on

Thanks

↧

FIM Portal Site + Password Reset Site+ Password Registration Site

January 4, 2019, 2:23 am

≫ Next: Custom Configuration for User Viewing RCDC Issues

≪ Previous: MIMWAL account name like lastname+firstname firstletter, firstname second letter etc till the firstname gets end than we have to pick the middlename firstletter, middlename lastletter like so on

Hi All,

I am not sure why MS keep on providing wrong articles!

I am looking for a suggestion from people done the MIM project for SSPR earlier.

I was going through this: https://docs.microsoft.com/en-us/microsoft-identity-manager/install-mim-service-portal

I found, that they are asking to configure Portal Site + Password Reset Site+ Password Registration Site for Port 80.
In the best Practices web page they are asking to configure Portal Site to use 443.

Now, Portal Site + Password Reset Site+ Password Registration Site for Port 80 will make only Portal is working and others are stopped cause (we cannot run more than 1 web site using 80 port). when I came to configure SSRP site with 443 and SSL, I found that Portal Site is aleady based on BP should be working on 443 and SSL!

Let us forget all the shit mentioned in the articles, and please from your experiance, let me know what could be the best ports for:

Portal Web Site, best port?
Password Reset Site, best port?
Password Registration Site, best port?

Appreciated your respond.

↧

Custom Configuration for User Viewing RCDC Issues

January 4, 2019, 3:08 am

≫ Next: ID victim professional expert i'm seeking

≪ Previous: FIM Portal Site + Password Reset Site+ Password Registration Site

Hi All,

I've been working towards adding a field to the Contact Info tab for the 'msidmPhoneGatePhoneNumber' attribute, so that our helpdesk team can quickly see if a user has a number registered for SSPR.

So far, i've done the following:

Taken a backup of the default RCDCs.
Edited the 'Configuration for User Viewing' RCDC by adding the following code under the grouping for the Contact info Tab. I copied the 'mobilePhone' attribute and modified it using the system name for the Phone Gate phone number attribute.

<my:Control my:Name="msidmPhoneGatePhoneNumber" my:TypeName="UocLabel" my:Caption="{Binding Source=schema, Path=msidmPhoneGatePhoneNumber.DisplayName}" my:Description="{Binding Source=schema, Path=msidmPhoneGatePhoneNumber.Description}"><my:Properties><my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=msidmPhoneGatePhoneNumber.Required}"/><my:Property my:Name="Text" my:Value="{Binding Source=object, Path=msidmPhoneGatePhoneNumber, Mode=TwoWay}"/></my:Properties></my:Control>

3. Uploaded the new RCDC into the portal.

When using the portal to view a user (ticking the box and clicking details), the page just pops up with the 'unable to process your request' error.

If i click on the users name in the list, the edit window opens fine.

I've had a look at capturing the logs, but they don't seem to indicate an obvious cause.

Has anyone else come across this before

Thanks

Anthony

↧

ID victim professional expert i'm seeking

January 4, 2019, 11:04 pm

≫ Next: Oops! Something went wrong. The ajax calls failed, please contact your administrator. Status code: 401. Error: Unauthorized.

≪ Previous: Custom Configuration for User Viewing RCDC Issues

I have a problem that is not associated with this area but i am seeking a professional person of ITT that knows how to ethically hack back my ID online. This is a position of extreme qulifications and it is a must that you can be in one place for hours. A group is the ideal of approximately 11 people to cycle through the dedicated thoughtful ideas you may apply for ecommerce patents to be finalized overhead. No diversity, authentic personalities wanted. Great accounting verbal management and processing time. Cinema experience of extreme standards. Special email address is necessary and must already exist. Devotion is a must and has to be capable of verbal hacking skills in order to keep my product-liability formal. The intelligent containment system is a complex biological machinery where improvement is the thought processes we are seeding. No individuals without a firm esteem. Hard core fighting back the opposing illegal hackers is an effort which is handsomely rewarded for both the group and the entity of the product. No breaking Ethical Law of human interaction. Use of this product is to be kept under watchful eye of others noticeable to your group. The Perception of this job is to aa a group intellectually unblock every alteration that it has already and turn it into better intellect of private nature. Hosting is necessary. Off-time is every other year and configuration of its counterworks is what must be solved. Forensics Education is mandatory or 6 years lab assistance. Forensics understanding will be tested before hire.

↧

Oops! Something went wrong. The ajax calls failed, please contact your administrator. Status code: 401. Error: Unauthorized.

January 5, 2019, 1:20 am

≫ Next: PAM Sample Portal 8090 - Enter credentials 3 times

≪ Previous: ID victim professional expert i'm seeking

Sample Portal (8090) and download of thepamroles.json file not working from remote machines. They are working from PAM server browser (locally). Can anyone advise, how to fix this issue?

↧

PAM Sample Portal 8090 - Enter credentials 3 times

January 6, 2019, 12:27 am

≫ Next: Web Service Connector Tool - complex \ nested objects

≪ Previous: Oops! Something went wrong. The ajax calls failed, please contact your administrator. Status code: 401. Error: Unauthorized.

In PAM Sample Portal, User has to provide password 3 times. Is there any way that we can limit it to 1 time?

↧

Web Service Connector Tool - complex \ nested objects

January 6, 2019, 1:21 am

≫ Next: MIM Sync exclude users from SSPR

≪ Previous: PAM Sample Portal 8090 - Enter credentials 3 times

Hello,

I am following this guide to create a new REST connector for my MIM 2016: https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-ma-ws-restgeneric#next-steps

this is my sample response:

{"EmployeeList": [
		{"Id": <TZ-id-number>,"EmployeeId": <worker-id>,"Name": {"first": <first-name>, "sir": <sir-name>},"Contract":{"code": <code number>,"desc": <description>},"Classification": {"code": <code number>,"desc": <description>},"Status": {"code": <code number>,"desc": <description>},"Company": {"code": <code number>,"desc": <description>},"Job": {"code": <code number>,"desc": <description>},"Position": {"code": <code number>,"desc": <description>},"Department": {"code": <code number>,"desc": <description>},"SecondaryDepartments": [
									{"code": <code number>,"desc": <description>},
									{"code": <code number>,"desc": <description>},
									{"code": <code number>,"desc": <description>}
								],"Office": <office phone>,"Mobile": <mobile phone number>,"Home": <home phone number>,"HireDate": <date>,"RetireDate": <date>,"UpdateDate": <timestamp>
		}
	]
}

the guide doesn't specify how to select advanced objects - and I am unsuccessful in figuring it out by myself.
for example how would I configure first name in the web service configuration tool?

↧