I am able to create a Set just fine for this.  So, I wanted to give my client the same option in the Search Scopes.  I took the XPath query directly from the Set details.  But, it errors out when I hit search.  Can someone see what I may be doing wrong with this query for this Search Scope?

/Person[(EmployeeStartDate < op:add-dayTimeDuration-to-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P7D'))) and (EmployeeStartDate > op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P1D')))]

Mike Leach | http://blogs.catapultsystems.com/mleach/default.aspx

Hello

We have a problem with FIMService database

Error in Event viewer:

SQL Server detected a logical consistency-based I/O error: incorrect pageid (expected 1:1477410; actual 101:2097266). It occurred during a read of page (1:1477410) in database ID 20 at offset 0x000002d1644000 in file 'E:\SQL\FIM\FIMService.mdf'.  Additional messages in the SQL Server error log or system event log may provide more detail. This is a severe error condition that threatens database integrity and must be corrected immediately. Complete a full database consistency check (DBCC CHECKDB). This error can be caused by many factors; for more information, see SQL Server Books Online.

No actual backup exist

Database working now, but problem with synchronization of some users between two domains. Is it possible recreate new database from scratch and start full sync?

Please Help!

Hi

I've got two SQL MAs that I'm trying to sync some attributes between.  These are DateofBirth and ExpectedEndDate.

In the source SQL table I get these values in the format 1968-07-23 00:00:00.000

I can flow these values in to the metaverse via a direct flow on the source MA and export them to the destination SQL table.  If I look directly at the destination table with SQL Management Studio I can see that these have been populated correctly.  However when I do my confirming import I get the 'exported-change-not-reimported' error and when I look at what it is trying to do I see:

Imported Value 1968-07-23 00:00:00

Export Value 1968-07-23 00:00:00.000

It's been a very long week and maybe I'm missing something obvious but why is it trying to import a different value from what I can see in the destination SQL table?   Any ideas what I can do about this?

Thanks for any help.

What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in March 2019 and must be in English. However, the original blog or forum content can be from beforeMarch 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

JAYENDRAN ARUMUGAM

Hi,

I suspect the answer to this is no, but is it possible to view user's SSPR answers? Is it possible for an admin to change a user's SSPR answers?

Thanks

Hi,

In my previeus post I asked about Security Group Mambership. The last answer is that It's still fully supported.

In a LinkedIn post Frenk Drewes commented on my question writhig: "Guy - this is not possible with the current MIM Outlook plug-in design. The key limitation is the selection of groups comes out of what Outlook sees as groups - distribution groups. If the security groups were mail-enabled, that might be a possibility- but that’s not something trivial (or even desirable to some).

My new question is obvieusly: What's wrong with making security groups mail enabled?

I already see that messages to the group can be prevented. For me it's just a few attributes more. 

GH

I'm developing a custom ECMA2 Management Agent, I developed my DLL and went through all the configuration, but when I try to run a profile, I just get this message:

Unable to run the management agent.
Exception from HRESULT: 0x8023080E

If I check the event viewer, I see an event 6309 with this message in the Application Log (FIMSynchronizationService):

Does anyone know what this is supposed to mean, or if I have a way to debug this?

Thanks,
Paolo

Paolo Tedesco - http://cern.ch/idm

Hi, I installed the portal and it works fine on windows server 2012 R2 and first also on a windows 10 computer.

After a time the site is not loading any more. I get the message:
Oops! something went wrong. The ajax call failed, please contact your administrator.
Status code: 500.
Error: Internal Server Error.

What can be the problem?

GH

Hey experts,

I'd like to make the 'Description' attribute searchable in the portal.  How do I go about doing this?  The idea is I want to add keywords to the 'description' field that the end users would use to find the relevant Security Groups they are looking for.  For example, if they search for Slack all groups with keyword Slack (in description) would be returned.

Any guidance would be appreciated.  

Christian

Dear's,

I am to sync the user and password from one DC forest to different DC forest. I chose the product MIM 2016. Can it be accomplished without MIM Service and Portal like i only install MIM Synchronization Service and it let me sync the user and password to different DC forest. if MIM service and portal is required then i have to install share point as well which is prerequisite for this. 

Hi all,

Im trying to install FIM 2010 R2. The sync service and portal are not a problem, but when I want to install the service, it fails. I fill in all the required information and press the "install" button. It starts installing, but when the "copying new files" appears, the statusbar stops around 90%, and start to Roll back and the installation failes.

I tried installing with verbose logging which gives me the following(don't know if this has anything to do with it tbh):

---------------------------------------------------------------------------------------------

MSI (s) (34:54) [13:02:30:442]: Hello, I'm your 32bit Elevated custom action server.
CAQuietExec: 
CAQuietExec:  URL reservation delete failed, Error: 2
CAQuietExec:  The system cannot find the file specified.
CAQuietExec: 
CAQuietExec: 
CAQuietExec:  Error 0x80070001: Command line returned an error.
CAQuietExec:  Error 0x80070001: CAQuietExec Failed
CustomAction DeleteResourceEndpointAcl returned actual error code 1603 but will be translated to success due to continue marking

[....]

Calling custom action Microsoft.IdentityManagement.ServerCustomActions!Microsoft.IdentityManagement.ServerCustomActions.CustomActions.AddServiceToPerformanceMonitors
Adding FIMService account to 'Performance Monitor Users' group
Property name = 'ServiceAccount', value = 'XXXX\XXXX.
DomainName='XXXX'
AccountName='XXXX'
Domain AD found
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException (0x800706AB): The network address is invalid.

---------------------------------------------------------------------------------------------

Any help is appreciated.

MCTS, MCPD

Hi All

I have implemented basic Approval Workflow using Microsoft Article. But still am not able to see the Workflow Triggered. not able to identify what exactly went wrong.

Thanks

I'm quite sure it's a bug in MIM 2016 sp1. I don't know about MIM 2016 RTM.

Using the PowerShell commandlet this way the request fails:

• Import-Module mimpam
• $r = Get-PAMRoleForRequest -DisplayName "Enterprise Admins"
• New-PAMRequest -Justification t1 -Role $r -Verbose
  

But, using it this way the request worksjust fine

• Import-Module mimpam
• $r = Get-PAMRoleForRequest -DisplayName "Enterprise Admins"
• New-PAMRequest -Justification t1 -Role $r -Verbose -RequestedTime (get-date).AddMilliseconds(3000)

Using the PAM-Portal to schedule the request for a minute later through the GUI also returns no error.

In my environment the REST API portal and the ACTIVATION PORTAL  are separated.

So, do we really have a bug here?

There's a few posts already on the net regarding just that:
https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/privileged-access-management-rest-api-service-details
https://social.technet.microsoft.com/Forums/en-US/2d20dbd9-16c2-4506-b6f8-a76376e7b3c7/mim2016-installing-pam-server?forum=ilm2
https://forums.iis.net/t/1228060.aspx?HTTP+Error+500+19+Internal+Server+Error+FIM+PAM+portal

GH

Dears, 

i have a microsoft identity manager 2016 deployment to install and configure.

i installed sql server 2016 on a windows server 2016, and installed the sharepoint 2016 and mim 2016 on a separate server windows server 2012R2.

Now the installation was completed successfully, and created the run as profiles and the synchronization rules.

Users from AD are synced into the MIM portal.

i just need help with its configuration, as i couldn't find anything regarding that.

Installation is done, what is next?

the portal looks so heavy.

can anyone share his knowledge on that product with me?

your help is much appreciated

best regards

I'm trying to connect MIM 2016 SP1 to a 3rd party application by using the PowerShell MA. I've successfully gotten it to import the existing list of users and groups in the app and join them to the metaverse as well as export a new user from MIM to the app. However, now I'm trying to build the export for groups and I'm not sure how to proceed. I have the metaverse group member attribute set to flow to the PowerShell group member attribute. When the membership of the group changes in MIM an export is staged. In the synchronization service GUI I can see that its going to send the new member as an "add" change and that's confirmed by looking at the export log.

The problem is that my PowerShell script never sees the change. What I mean is that during the export the CSEntryChange object has the right ID for the group that needs to be changed and the modification type is set to Update but the AttributeChanges and the ChangedAttributeNames collections are both empty. So where do I get the membership change from? I've tried changing the MA parameters from AttributeUpdate to AttributeReplace with no change in behavior.

I figure I must be missing something simple, but I'm not sure what. I've been searching for a couple days now with nothing that really points me in the right direction. Any help anyone can provide is greatly appreciated. Thanks!

Hp Printer Customer Support Number (1-866-932-7634) hp is a USA equipment association and one of the greatest merchants of printers. This association manufactures distinctive sorts of printers like spot system, scanners, inkjet printers, etc. To know https://www.hptollfreenumber.com

Dear All,

we have around 237 duplicates users account entries in MV. how can we delete these entries from Metaverse.  these users are already available in AD and MIM portal. 

MIMMA trying to create this accounts in MIM Portal getting ObjectSID uniqueness issue. 

Need your help.

Thanks,

Shashidhar

I have FIM 2010 RTM setup. All FIM roles with SQL DB installed on single m/c. MA are configured for AD & FIM. Everything was workign fine. First I have imported users from AD to FIM portal, then I have started with groups. Then I have configured outbound sync rule for groups to update only members in AD.

Since last few days I am facing following errors while doing FIM MA export/Import.

FIM MA Import

exported-change-not-reimported

FIM MA Export Error

1) dn-attributes-failure

Fault Reason: The endpoint could not dispatch the request.

Fault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Request could not be dispatched.

Exception: Other
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 31, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 31, Message: Reraised Error 8114, Level 16, State 5, Procedure GenerateRequestOutput, Line 363, Message: Error converting data type nvarchar to bigint.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader()
   at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
   --- End of inner exception stack trace ---
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(CreateRequestDispatchParameter dispatchParameter)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource></DispatchRequestAdministratorDetails></DispatchRequestFailures>

2) failed-modification-via-web-services
Fault Reason: The request message contains errors that prevent processing the request.

Fault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>AccountName</AttributeType><AttributeValue></AttributeValue><FailureMessage>The specified attribute value must be unique for this Resource Type.</FailureMessage><AttributeFailureCode>ValueViolatesUniqueness</AttributeFailureCode></AttributeRepresentationFailure></RepresentationFailures>

3) failed-creation-via-web-services
Fault Reason: The request message contains errors that prevent processing the request.

Fault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<AttributeRepresentationFailure><AttributeType>ObjectSID</AttributeType><AttributeValue></AttributeValue><FailureMessage>

The specified attribute value must be unique for this Resource Type.

</FailureMessage><AttributeFailureCode>ValueViolatesUniqueness</AttributeFailureCode></AttributeRepresentationFailure></RepresentationFailures>

It is updating most user & groups accounts in FIM portal. When I searched in metaverse I found that the objects for which the error is reported having two entries in Metaverse. I am not able to find out why it is giving errors for account name & objectSid.

I have removed ad group outbound sync rule & FIM MA is configured for basic user & group Export attribute flow with two sync rule. but still no luck..

Any help on this is much appreciated. Thanks in advance..