Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6657 articles
Browse latest View live

how to call Stored procedure with parameter into RCDC to Populate the DropdownList

$
0
0

Hi All,

I have designed the Database which queries Region based States, states based Office Locations and OfficeLocation based Department. I wanted to use this in MIM RCDC Configuration by using any of the below to populate the Dropdown.

Direct calling the Stored Procedure into RCDC using Powershell. how to bind powershell dataset to  RCDC Dropdown list Control

Call the Stored Procedure into Jquery and use the JQuery in the ASPX files of MIM Portal

Please do suggest and provide how can we acheive this in MIM RCDC Configuration.

Thanks 


Caution: "Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity". This activity has no correspondent user interface in the web portal. Deleting or modifying this activity may have an unpredictable result.

$
0
0

Hello team,

This is a Quiet Important request from my side as this issue happened before rolling out project.

I would like to request your support on the below error to resolve where i was unable to see the Workflow Activities Under the Workflow Activities.

But, I can see only the WAL Activities.

Caution: "Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity". This activity has no correspondent user interface in the web portal. Deleting or modifying this activity may have an unpredictable result.

This happens for all the OOB Workflow Activities other than MIMWAL.

After Implementing all i am facing this issue. Requesting your extended support on this.

Thanks to All.

Importing multiple objects from HR, into a single Person.MV object?

$
0
0

Hi,

We have an HR system with numerous Object Classes, with many attributes. Object Classes include:

  • Person (details about the person, like firstname, lastname, etc)
  • Position (details of all the positions in the company, including manager for this position)
  • Occupancy (details on who has been assigned a position, including start and end dates for the position)
  • Location (location details, including country, state, etc)

The HR system is accessible via a web service, and because these are 4 different object classes, MIM may require 4 separate MAs to pull the data into 4 relevant Object Classes in the MIM MV (Person (existing object), Position (new object), Occupancy (new object) and Location(new object)).

We need the Person MV object class attributes to be populated based on the other 3 object classes and the values in their attributes (e.g location, occupied position) so we can create some workflows, assign people to Groups, and for some other RBAC requirements.

How do we take values/attributes from other Objects (position, occupancy, location) and inject them into the Person Object class in the MV?

Thank you in advance,

SK

MIM 2016 SP1 update to 4.5.286 and .Net Framework 4.7+

$
0
0
Hello there,

I would like to know if any of you have already successfully updated MIM 2016 SP1 with latest update 4.5.286.0, when .Net Framework on server (Win2012R2) is already updated to version 4.7+ (in our case 4.7.2) ?
I found myself unable to do the MSP update for MIM Sync (I didn't tried the other components at the moment) which failed with error 1723 on action CheckDotNetVersion.

I know that the requirement for MIM 2016 SP1 is Framework 4.6.
But unfortunately the servers has been updated to latest .Net Framework version without our knowledge, and Security officers prevent us to do a rollback.

Have a nice day,
Ghislain


How do I configure session timeout for the FIM Portal?

$
0
0

Hey experts,

As title suggests, how do I go about configuring a session timeout for the FIM portal?  In my current environment our sessions are open for days - the only way to terminate an activate session is to close the browser.  I'd like to configure a session timeout that would force users to required to re-authenticate (with their credentials) after x minutes of inactivity.

Bonus question - out of the box the portal does not offer a "logout" option (which strikes me as REALLY odd BTW).  How do I go about adding one for all users?

Christian

mmsmafim: MIIS.ManagementAgent.ManagedMACredentialFailureException: The credentials provided for accessing Forefront Identity Manager are invalid

$
0
0

Hello,

On the FIM Service MA creation I am getting the error "Failed to connect to the specified database or Forefront Identity Management Service. Please check the specified database location, service host address, and account information."

Error in the event viewer:

mmsmafim: MIIS.ManagementAgent.ManagedMACredentialFailureException: The credentials provided for accessing Forefront Identity Manager are invalid
   at MIIS.ManagementAgent.Context.WindowsIdentityImpersonationFactory..ctor(String user, String password, String domain)
   at MIIS.ManagementAgent.RavenMA.InitializeConnection(XmlNode connectionInformationNode, XmlNode encryptedAttributeNode, Boolean runInitialization)
   at MIIS.ManagementAgent.RavenMA.UIInitialize(String pszInitString, Int32& pfValid, String& ppszResult)

SQL Server logs do not show any errors.

For testing purposes I made mimma, fimsync, fimservice accounts sql administrators. This did not resolve the error.

What can I be missing or how can I get more details?

Thank you for your help!

Unable to Add Users for MIM Portal Access

$
0
0

Hello everyone,

I am trying to add users for access in our MIM Portal and no matter what I do, they get an access denied.  My AD account can access the portal without issue, but anyone else I add is not getting in.

I have verified the MPRS, General: Users can read non-administrative configuration resources and User management: Users can read attributes of their own, are enabled, NT Authority\Authenticated Users has Read access on the site under Site Administration>Permissions, and the user I am testing with has correct entries for their acccount's AccountName, Domain, and ObjectSID, but they still get an Access Denied error after adding them to the Administrators Set on the portal and performing an IISReset.

I have read numerous older forum posts and used various scripts from these links to verify everything seems correct.  What do I need to do to get AD users access to the Portal?

MIM Version:  4.4.1749.0

User Account Control Field in AD sets to 514 when Outbound Sync to AD happens MIM 2016

$
0
0
Hi Team,

Need some guidance. 
I am running MIM 2016 SP1 in my DEV environment connecting to AD ( functional level 2008r2) using an AD management Agent.

I have a FIM MA , and inbound and outbound sync rules configured in MIM Portal.

I create a user in MIM Portal and when I run a Full Import and Full Sync on FIM MA , I could see my new user provisioned in MV and then when I run Export on AD MA ( I can see that my user and its required attributes out of which UserAccount Control is getting set to 512) - all good here.
I then go to my AD and check on user and I see that the UserAccountControl is set to 514 !!
I am surprised, how is this possible ?

I used Mr. Anthony's post to set UAC attribute 
https://blogs.msdn.microsoft.com/connector_space/2015/05/22/understanding-useraccountcontrol-management-with-fim/

but somehow the attribute is not getting set to 512 and the user is not getting enabled in AD.

Please assist.


export result :stopped-server status

$
0
0

dears,

i'm in a middle of identity manager 2016 deployment. All the components are installed, created the management agents and their profiles, created the inbound sync rule on mim.

now i want to synchronize users from AD to Sync: so i followed microsoft document in the order of running the profiles: https://docs.microsoft.com/en-us/microsoft-identity-manager/install-mim-sync-ad-service

i'm starting by running the MIMMA agent.

full import succeed

full sync succeed

export returns a status: stopped-server.

followed the fixes from the following link but no luck same issue: https://social.technet.microsoft.com/wiki/contents/articles/11331.fim-2010-r2-troubleshooting-stopped-server-error-on-the-fim-service-management-agent.aspx

i even rebooted the server and the services but no luck.

no firewall between the servers.

below are the errors.

I have been stuck with this issue for over than 2 days, is anyone familiar with these kind of issues

Create user through Azure Graph MA

$
0
0

Hi!

I am trying to provision a cloud-only user in my Azure AD through the Graph MA.

I have populated the following attributes;

[dn], accountEnabled, displayName, givenName, password, surname, usageLocation, userPrincipalName and userType.

But I am getting the following error when trying to export the user:

'system.InvalidOperationException: Sequence contains no elements.'

Anyone tried to provision through the Graph?

Cheers,

Søren

MIM 2016 Connector for Office Delve

$
0
0

Hi Team,

Have anyone done Office delve integration with MIM. Shall we use Powershell Management or ECMA 2.0 for developing the management agent.

Regards,

Sridhar


Sridhar

Exclude computer accounts from PCNS processing

$
0
0

Hi,

our Linux colleagues use Beyondtrust PBIS to connect Linux servers to AD in order to use AD user accounts for logon to Linux.
Every week we get 1-2 PCNS events with ID 7000:

Log Name:      Application
Source:        PCNSSVC
Date:          26.02.2019 16:48:18
Event ID:      7000
Computer:      DC22.contoso.com
Description:
An unexpected error occurred. 
LDAP://DC22/CN=CALT01,OU=Workstation,OU=CAX,OU=PBISCELLS,DC=contoso,DC=compwdLastSet

But it is not only PBIS, such events can stem also from ESX hosts:
LDAP://DC22/CN=EPKWKB,OU=ESXiServer-Prod,OU=T4,OU=SC37E,DC=contoso,DC=compwdLastSet

BTW: Yes, I know that the last word "compwdLastSet" in the distinguishedName doesnt make sense. I believe it is just a display issue, a missing white space char.

I have no glue how these events are created.

Now the thing is:
I tried to avoid these events by adding the group "Domain Computers" to the PCNS Excluded Group, but this doesnt work: Today we got an event again.
I have verified using ntdsutil: The computer CALT01 is indeed member of the Excluded Group and also of Domain Computers.
But obviously this membership doesnt help.

2 Question, please:

1) Does anyone know when exactly the PCNS Excluded Group is evaluated: 
Is it one time after the PCNS service has started? Then I'd have to restart the service so that the new membership gets effective.
Or is it every time when PCNS is called? Then PCNS would compute in real-time if the actual user/computer is member of the Excluded Group. No service restart necessary.

2) Has anyone an idea what else I could do? (the more important question)

Thanks
Walter

Who will be announced as the next Forefront Identity Manager Guru? Read more about April 2019 competition!!

$
0
0


What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in April 2019 and must be in English. However, the original blog or forum content can be from beforeApril 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!


Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.


How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.


PS: Above top banner came from Ronen Ariely.

Please Mark This As Answer if it solved your issue
Please Vote This As Helpful if it helps to solve your issue
Visakh
----------------------------
My Wiki User Page
My MSDN Page
My Personal Blog
My Facebook Page

FullExport capability of ECMA

$
0
0

Hi Experts,

Has anyone implemented Full Export capability of ECMA?

If Yes, does it exports all the CSEntries or Full Attribute Set of CSEntries?


Thanks and Regards, Siva Kumar Balaguru

How to get the 'unique app ID' of the Azure AD connect?

$
0
0
How to get the 'unique app ID' of the Azure AD connect?

see here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

The custom property name can be found in the directory by querying a user's property using Graph Explorer and searching for the property name. Also, you can now select Get custom extension properties link in the dynamic user group rule builder to enter a unique app ID and receive the full list of custom extension properties to use when creating a dynamic membership rule. This list can also be refreshed to get any new custom extension properties for that app.

With that I can create custom filters like that: user.extension_c272a57b722d4eb29bfe327874ae79cb__OfficeNumber -eq "123"

GH


password reset

$
0
0
password reset, how can I track password reset in logs? for audit control

Domain User LogIn to MIM Portal is getting an error

$
0
0

Hi All,

Any help on the below.

When am trying to login using Normal Domain Users am getting the below Error. this requires a quick help as i was little worried in the last minute for my project closure.

MIM 2016 SP1 error on Export

$
0
0

Hello all,

  Running into an error while trying to Export Groups from the MetaVerse to the MIM Portal.  I can see the AD Groups in MetaVerse Search, but I cannot get them to Export into the MIM Portal.  I have successfully exported user accounts into the MIM Portal.  Why I did not encounter this same problem with Users I do not know.  I am getting the following message:

Fault Reason: Policy prohibits the request from completing.

Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ManagementPolicyRule ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure DoEvaluateRequestInner, Line 1319, Message: Permission denied

This has got to be something easy that I am overlooking.  I just cannot find it.

MIM Service and Portal Installation Error – Ended Prematurely

$
0
0

Hello All,

Running into "Ended prematurely" message when installing MIM Service and Portal. This is an upgrade from FIM 2010 R2 to MIM 2016. Synchronization service is already successfully installed on the same VM. Using existing database and new set of security accounts. Share Point is upgraded to 2016.

Installation log shows the following exception:

Calling custom action Microsoft.IdentityManagement.ServerCustomActions!Microsoft.IdentityManagement.ServerCustomActions.CustomActions.EncryptExchangeOnlineAccountPassword
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Exception: Failed logon user while attempting to impersonate user: mimservice
   at Microsoft.IdentityManagement.ServerCustomActions.Impersonator.Impersonate(String domain, String userName, String password)
   at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.Encrypt(String accountDomain, String accountName, String accountPassword, String unencryptedString)
   at Microsoft.IdentityManagement.ServerCustomActions.CustomActions.EncryptExchangeOnlineAccountPassword(Session session)
   --- End of inner exception stack trace ---

Thank you for any help!

Deleting a user from MIM Portal sharepoint site collection

$
0
0

Hello,

Display Name and email address update in AD is not reflecting in MIM portal banner in homepage. I have surfed and there was a suggestion to delete the user from sharepoint site collection. But when I try to access the site collection, I can see only limited users.

Could anyone please assist me? is there any alternate solution available? Thank you.


Rajesh


Viewing all 6657 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>