1. Importing Records from HR (Authoritative SOR)
2. MPR/WFs process new records from HR before creation in MIM Portal/AD and other connected Data sources.The processing includes generating and deriving, accountName, dn, Display Name based on naming convention, initial AD password. mailbox location for Exchange Server etc.

What I want to achieve

1. I want to import the Initial Load of existing Users/Groups in AD to be created in the MIM Portal but want to exempt the existing records coming from AD, from being processed by the MPR/WFs in #2 above that processes every record that gets created in the MIM Portal.

In summary attributes from existing records in AD should remain unchanged, after initial load into the MIM Portal. Subsequent changes can be initiated from the HR SOR, via Join and sync actions.

How can I achieve this ?

Thoughts/Feedback appreciated

Akinzo

↧

MIM 2016 - Authorization Worklfows triggered by multiple MPR's

January 7, 2019, 7:34 am

≫ Next: FIM to MIM upgrade

≪ Previous: Initial Load for AD Users to MIM Portal

Hi all,

I'm not sure if this is a bug or a feature. I am faced with the problem that an Authorization Workflow is triggered by multiple MPR's, as the user has multiple roles e.g. support and HR. Both MPRs trigger the same Authorization Workflow when an attribute is changed.
I now see in the search requests that two approvals are created, so the approvers also see two pending approvals in the portal.
If the approver processes only one of the two requests, the other is automatically set to the status that the approver has selected.
I wonder whether this is correct, whether two approvals are created, or whether this is an error. If it is correct, has anyone ever built a solution that starts only one Approval?

KR Mario

↧

FIM to MIM upgrade

January 7, 2019, 6:28 pm

≫ Next: MIM 2016 - SP1 upgrade error

≪ Previous: MIM 2016 - Authorization Worklfows triggered by multiple MPR's

Hi,

We have FIM 2010 R2 running on a Windows 2012 server.

The FIM solution consists of several MV and MA Rules Extensions, PowerShell scripts, and some "Code Run" activities from https://github.com/sorengranfeldt/fimactivitylibrary.

Since Windows 2012 is supported by MIM 2016 SP1, can we simply do an in-place upgrade from FIM to MIM?

Will the MV and MA extension need a recompile?

I assume PowerShell will continue to work.

Will have to check with Soren Granfeldt on his FIM Portal activity.

Thank you,

↧

MIM 2016 - SP1 upgrade error

January 8, 2019, 3:11 am

≫ Next: Hide Textbox control based on Radiobuttonlist values in MIMPortal RCDC Configuration

≪ Previous: FIM to MIM upgrade

Hi Guys,

My current MIM version is 4.3.1935.0 and I am trying to upgrade to 4.5.286.0. Windows version is "Windows Server 2012 R2"

I downloaded the updates and when I tried to run through cmd prompt as Administrator I am getting below error. Please let me know how do I resolve this.

Regards, Chandan

↧

Hide Textbox control based on Radiobuttonlist values in MIMPortal RCDC Configuration

January 8, 2019, 7:11 pm

≫ Next: Hide Textbox control based on Radiobuttonlist values in MIMPortal RCDC Configuration

≪ Previous: MIM 2016 - SP1 upgrade error

I have a radiobuttonList, when I select any of the option like if i sleect Consultant, then the ProposedEndDate Textbox should be Enabled same way for other values. here the values are considered as strings.

↧

Hide Textbox control based on Radiobuttonlist values in MIMPortal RCDC Configuration

January 8, 2019, 7:09 pm

≫ Next: Programmatic User Registration Error

≪ Previous: Hide Textbox control based on Radiobuttonlist values in MIMPortal RCDC Configuration

any help would be very much helpful for me to goahead.

↧

Programmatic User Registration Error

January 9, 2019, 3:36 am

≫ Next: Email notification bug when requesting on behalf of a user

≪ Previous: Hide Textbox control based on Radiobuttonlist values in MIMPortal RCDC Configuration

DEars,

I am using this: https://docs.microsoft.com/en-us/previous-versions/mim/jj134294(v=ws.10)

I am getting below error:

What could be the solution?

↧

Email notification bug when requesting on behalf of a user

January 9, 2019, 10:46 am

≫ Next: How to fix "stopped extension dll updated version" error?

≪ Previous: Programmatic User Registration Error

When our help desk staff submits a request on a behalf of another user the default email sent to the approver is misleading in that it looks like it's the help desk person that is requesting the access instead of the true beneficiary. I believe this is because of the parameter: //Requestor/DisplayName in the "Default pending approval email template" which resolves to the person submitting the request instead of the beneficiary. How can I modify the email template so that it reflects the actual beneficiary's name instead of the person requesting the access?

Also, are the email templates and object model documented anywhere? There might be additional details I'd like to include to include in the approval, rejection and completion e-mails.

Any guidance is appreciated!

Christian

↧

How to fix "stopped extension dll updated version" error?

June 14, 2016, 5:04 am

≫ Next: Side-by-side FIM to MIM upgrade

≪ Previous: Email notification bug when requesting on behalf of a user

I'm getting this error in Synchronization Service Manager every time after I run full import with one of my management agents (uses extension). Can you tell me a way to fix this? I read somewhere that the cause of error might be that dll was changed in FIM extension folder when running management agent, so is the problem with management agents dll that I'm getting error on?

↧

Side-by-side FIM to MIM upgrade

January 10, 2019, 1:03 pm

≫ Next: Dynamically change the user creation attributes

≪ Previous: How to fix "stopped extension dll updated version" error?

Hi,

Are the steps detailed in this guide applicable to moving configuration from FIM to MIM?

https://docs.microsoft.com/en-us/previous-versions/mim/ee534906(v%3dws.10)

Back up the pilot and production environments by using the Backup and Restore procedures.
Export the FIM Service schema configuration.
Export the FIM Synchronization Service configuration.
Export the FIM Service policy and FIM Synchronization Service configuration resources.
Install the MIM Synchronization Service and the MIM Service in the production environment.
Enable the maintenance mode in the production environment.
Import the FIM Service schema configuration into the new MIM environment.
Import the FIM Synchronization service configuration into the new MIM environment.
Install the custom DLLs/Custom Activities/etc necessary for custom workflows.
Import the FIM Service policy and FIM Synchronization Service configuration into the new MIM environment.
Disable maintenance mode in the production environment.

I guess installing the new MIM solution using existing databases will not work, as we have some additional elements in our solution like: PowerShell activities and another custom activity library (from Soren Granfeldt). A bit of a catch-22 scenario.

Thank you.

↧

Dynamically change the user creation attributes

January 2, 2019, 10:57 pm

≫ Next: is it possible to request privileges using MIM PAM Portal?

≪ Previous: Side-by-side FIM to MIM upgrade

Hi,

I want to change the city options based on country. Suppose country is USA then the city attribute should take specific options only. It can be done while creating user or editing user. Suppose while creating user I have given country USA then when editing the user taking the country attribute can I define specific city options?

Also if a drop down is available for city, if not then validation will work fine.

I have configured MIMWAL too, if its possible on that.

Thanks

↧

is it possible to request privileges using MIM PAM Portal?

January 11, 2019, 8:03 am

≫ Next: Common name for PAM Sample Portal - PAM.contoso.com

≪ Previous: Dynamically change the user creation attributes

I cannot see PAM request for normal users? How can I enable that for Normal users without usingPAM SAMPLE portal?

↧

Common name for PAM Sample Portal - PAM.contoso.com

January 11, 2019, 10:29 am

≫ Next: MIM 2016 SSPR Question Gate - Allow Help Desk to See User's Answers

≪ Previous: is it possible to request privileges using MIM PAM Portal?

Can we use a common name for PAM SAMPLE Portal?

I tried to use PAM.contoso.com rather using server FQDN:8090 and received the error below:

Oops! Something went wrong. The ajax calls failed, please contact your administrator. Error code:0

Has anyone configured the PAM sample portal using the common name? Could you please share the steps I need to perform to use the common name?

Thanks!

↧

MIM 2016 SSPR Question Gate - Allow Help Desk to See User's Answers

January 3, 2019, 2:42 pm

≫ Next: MIM Portal RCDC Configurations with OfficeLocation, Country, City

≪ Previous: Common name for PAM Sample Portal - PAM.contoso.com

Hi everyone,

We have a MIM 2016 implementation and are possibly moving to MIM SSPR from a 3rd Party Tool. One of the things our Security team is wondering is if our Help Desk is able to see/administer user's Security Questions so they can authenticate them if they call into the Help Desk with an account issue. I heard off-handed that MIM 2016 did not support this and you could not see what users put for their Security Questions. I tried doing numerous searches on the topic but did not find any clear answers on this.

If users enroll/answer Security Questions, is there anyway for Administrators or Users with Elevated Rights in the Portal to see what they have put as their answer to accomplish this?

Thank you in advance for any helpful information/insight you may have on this!

↧

MIM Portal RCDC Configurations with OfficeLocation, Country, City

January 1, 2019, 4:08 am

≫ Next: Internal error 3000 after adding a new attribute to the portal. DB restore.

≪ Previous: MIM 2016 SSPR Question Gate - Allow Help Desk to See User's Answers

Hi Friends,

I was trying to design MIM Portal RCDC Configuration while creating the Joiner form, where I need to Auto populate the values ofOfficeLocation, Country and City. When I select the Countryall the Cities under that country should only populate the City Control in RCDCand same when i select only Office Location should be mapped with the OfficeLocation Control.

Ex: If i select India as country, then all the cities which belongs to India should come in the dropdown or picker or listview control.

Share your ideas how we can present this by implementing / or piece of design for a quick help.

Thanks to all.

↧

Internal error 3000 after adding a new attribute to the portal. DB restore.

January 14, 2016, 9:11 am

≫ Next: SharePont 2016 licensing for MIM use

≪ Previous: MIM Portal RCDC Configurations with OfficeLocation, Country, City

Hi all.

I've come across an issue.
I try to create a new attribute on the portal.
Standard things: name, displayname and details. I've tried both indexed and unindexed string.

Once I click "finish" the wheel spins then I'm directed to an internal error then the whole portal crashes and will only load to the "internal error 3000" page. During this time The FIM sync will get an error during import, "failed-schema-access"
The only way I've been able to fix this is to restore the DB.

The eventlogs dont show a great deal, they shows errors along the longs of "something out of index or bounds" and nullpoint exception error.

I have created new attributes in the portal before without issue. To note I have tried this 3 or 4 times as originally thought I'd copied in some bad chars from winword but no, it's something else.

If you can direct me how to gather more details that would help.

Error snippets:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.IndexOutOfRangeException: Index was outside the bounds of the array.
   at Microsoft.ResourceManagement.Schema.ServerSchemaManager.Reload()
   at Microsoft.ResourceManagement.ActionProcessor.SchemaActionProcessor.UpdateSchemaCache()
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
   --- End of inner exception stack trace ---

Requestor: urn:uuid: UUID REPLACED
Correlation Identifier: UUID REPLACED
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.ArgumentNullException: Value cannot be null.
Parameter name: key
   at System.ThrowHelper.ThrowArgumentNullException(ExceptionArgument argument)
   at System.Collections.Generic.Dictionary`2.FindEntry(TKey key)
   at System.Collections.Generic.Dictionary`2.TryGetValue(TKey key, TValue& value)
   at Microsoft.ResourceManagement.Schema.ServerSchemaManager.GetAttributeSchema(String attributeName)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ReadFragment(SqlDataReader reader, Int64& resultCount, Boolean& endOfSequence)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ReadQueryResults(SqlDataReader reader, Int64& resultCount, Boolean& endOfSequence)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecutePullActionImpl(PullRequestParameter pullParameter)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteEnumerateAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
   --- End of inner exception stack trace ---

↧

SharePont 2016 licensing for MIM use

October 17, 2016, 4:09 am

≫ Next: Generic SQL MA multi-valued anchor and DN?

≪ Previous: Internal error 3000 after adding a new attribute to the portal. DB restore.

Hi,

Previously I've always used foundation versions of SharePoint for FIM/MIM which didn't require any licensing. MIM SP1 now supports SharePoint 2016, but there isn't a fondation version anymore.

Does anyone know if any SharePoint licenses are requried if it is just being for the MIM portal?

Mark

↧

Generic SQL MA multi-valued anchor and DN?

April 16, 2018, 4:11 pm

≫ Next: Patches and updates

≪ Previous: SharePont 2016 licensing for MIM use

I'm setting up the Microsoft Generic SQL MA for the first time using a table that has a multi-valued anchor. But I can't figure out how to configure the DN. If I set the "DN is Anchor" checkbox on the Connectivity tab, it doesn't let me select multiple attributes for the DN/anchor on the Schema 3 tab. So that's obviously not good. But if I don't check that box, it still doesn't let me select multiple attributes for the DN. So it appears the DN cannot be multi-valued. I don't have a unique, non-nullable, attribute in this table so is my only option to add one? Or are there other ways to configure the DN and/or anchor that I'm unaware of? I've always used the SQL Server MA in the past for this DB but the DB has been moved to MySQL so I'm using the Generic SQL MA. Thoughts?

↧