tell me the update of connectors in the logs can be traced?
Connectors update logs MIM
Apparently the default Portal Admin Account is no longer "important"????
One of my clients mistakenly deleted their default portal admin account. They were not able to restore from backup, so I advised them to contact Microsoft support to get assistance with restoring the account.
To my surprise, support did not touch the service database. Instead, they had my client manually create a portal user, put it in the admin set, assign the account SharePoint permissions, etc. Support advised my client that the default admin account with well known GUID 7fb2b853-24f0-4498-9534-4e10589723c4 is not needed. You just need to have one admin account.
Is that true? The default portal admin account with the well known GUID 7fb2b853-24f0-4498-9534-4e10589723c4 is technically not required, and can be deleted (as long as you have some admin account)?
How to move AD user from one OU to another
Hi,
Users should reside in different Organizational Units (OUs) in AD, based on their department(as in lab 4c, exercise 1 in the FIM A515 Basic course). The flow from MV to AD CS is as following for the “dn” attribute:
· distinguishedName ->dn (initial flow only)
· distinguishedName ->dn
distinguishedName is a custom attribute on the form “CN= JACK JOHNSON,OU=Users1,DC=TEST,DC=COM”, generated in a custom workflow. Always pointing to an existing OU.
When distinguishedName change from e.g. “CN= JACK JOHNSON,OU=Users1,DC=TEST,DC=COM” to “CN= JACK JOHNSON,OU=Users2,DC=TEST,DC=COM” the user should be moved from OU Users1 to OU Users2. The new dn value flow to the AD CS as it should. However, after an export run on the ADMA(without any errors), an delta import run on the ADMA gives an “exported-change-not-reimportet”, pointing to the dn attribute, and the user has not changed OU in AD.
I understand the “exported-change-not-reimportet” warning comes from an discrepancy between the AD CS memory and the connected AD controller, regarding the ad attribute. What should be done to move a user between two OUs? Additional parameter flow? Something else?
Using FIM RC1 Update 2 (4.0.2574.0)
Best regards
Erlend
Get a list of MAs exporting a specific MV field
Hi,
I need to make a list of all the MAs exporting any of two specific Metaverse fields.
I have 21 MAs and would like to avoid a manual search each time I need to make this type of verification
How can I achieve this with some automation?
No need for a full functional solution. If you point me into the wrigth direction it will good enough.
Thanks,
JD
Windows Server 2016 Domain/Forest Functional Level and FIM 2010 R2
Good morning,
This is a supported platform enquiry as we are aware that technically only 2008R2, 2012 and 2012R2 environments are supported by FIM 2010. There are plans to migrate to MIM 2016 however timeframes on this are uncertain and we are curious as to possible impact on this service in the following scenario:
Environment – FIM 2010 R2 running on Windows Server 2012, running in a domain called CONNECT, running with a combination of Windows 2008 R2 and Windows 2016 domain controllers.
FIM utilises an Active Directory Domain Services MA to only read information from a number of other “agency” active directories into the FIM metaverse. These ADs are currently at a variety of functional levels.
This information is then written from the metaverse into the CONNECT AD using another Active Directory Domain Services MA.
1. If one of the agencies replaces all of their DCs with Windows Server 2016 (or higher), will FIM continue to be able to read their data into the metaverse?
2. If only Windows 2016 domain controllers remain in the CONNECT domain (with or without a functional level increase), will FIM continue to function normally?
Hopefully I've provided enough information for a considered answer.
Thanks for your time,
Cheers, PF.
MIM 2016 SP1 update to 4.5.286 and .Net Framework 4.7+
I would like to know if any of you have already successfully updated MIM 2016 SP1 with latest update 4.5.286.0, when .Net Framework on server (Win2012R2) is already updated to version 4.7+ (in our case 4.7.2) ?
I found myself unable to do the MSP update for MIM Sync (I didn't tried the other components at the moment) which failed with error 1723 on action CheckDotNetVersion.
I know that the requirement for MIM 2016 SP1 is Framework 4.6.
But unfortunately the servers has been updated to latest .Net Framework version without our knowledge, and Security officers prevent us to do a rollback.
Have a nice day,
Ghislain
Error applying MIM hotfix from 4.4.17949.0 to 4.5.286.0
Hello, I have been able to successfully upgrade my MIM system to 4.4.17949.0 without issue. The system is running fine under 4.4.17949.0. I recently attempted to apply hotfix 4.5.286.0 and I am receiving the following fatal error during the upgrade of MIM Portal and Service. If anyone has seen this before and knows a solution I would appreciate any insights.
Calling custom action Microsoft.IdentityManagement.PasswordResetCAs!Microsoft.IdentityManagement.ManagedCustomActions.PasswordResetCustomActions.GetIISVersion
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'System.String System.String.Format(System.IFormatProvider, System.String, System.Object, System.Object)'.
at Microsoft.IdentityManagement.ManagedCustomActions.PasswordResetCustomActions.GetIISVersion(Session session)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction GetIISVersionFromRegistry returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 15:11:27: GetIISVersionFromRegistry. Return value 3.
FIM/MIM - How to enable "My SGs" and "My Security Group Memberships" functionality to non-admin users?
Hey all,
When a non-admin user clicks on "My SGs" or "My Security Group Memberships" in our MIM Portal they are not able to see groups they own or groups they belong to, respectively. However, if an admin does the same the data is populated. Is this by design or a bug?
More importantly, what are the steps required in order to enable this functionality for non-admin/standard users? I don't see it as much of a security risk to allow users to see the groups they own nor the groups they belong to considering they can get the same information from AD if they wanted to.
Appreciate the help on this one.
-Christian
FIM MA password change -> out-of-sync sync rules?
I changed the password on my FIM MA connector for the first time since it was installed several years ago and suddenly had issues with provisioning not happening. I tracked it down to the sync rules in the metaverse not having the flags for creating/disconnecting
resources in FIM/external system as appropriate, even though when I looked at the rules in the portal those boxes were checked. The timing of the attribute change on the rules goes back to the delta sync I ran after the password change (to verify the MA still
connected successfully). I hadn't noticed the updates it did to the sync rules then. This happened in both my dev and production environments, so it's not a one-time fluke.
Environment: Server 2012 R2 w/MIM 2016 4.5.286
It appears that going into the portal, unchecking the boxes for creating/disconnecting, saving the rules, then opening them and re-checking them and saving again fixes the issue. Has anybody else experienced something similar?
MIM 2016 Upgrade and FIMMA Delta Sync error
Hello All,
After the upgrade from FIM2010 R2 to MIM 2016, Delta Sync on FIMMA gives the error below.
The upgrade was done on a new set of servers with the use of existing FIMService and FIMSynchronizationServie databases.
I refreshed the schema and restarted the services. It did not resolve the issue.
Thank you for any help.
Error message:
The description for Event ID 6500 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
An error occurred in executing a delta import.
Type: Microsoft.ResourceManagement.IdentityManagementException
Details: Delta Import cannot be run as the change log has been detected to be in a corrupted state.
Stack Trace: at MIIS.ManagementAgent.Import.DeltaImportSession.ReadNextBatch()
at MIIS.ManagementAgent.Import.DeltaImportSession.GetNextBatch()
the message resource is present but the message is not found in the string/message table
FIM 2010 R2 and Exchange 13
Hello,
My company currently has FIM 2010 R2 and we provision emails to Exchange 2007 on prem. We are in the works to retire the on-prem Exchange server and update to Exchange 2013.
What would it take to do that?
Under configuring extensions in our AD MA, it shows provision for: with dropdown box showing Exchange 2007 and Exchange 2010 or no provisioning. Currently we have Exchange 2007 selected.
Exchange 2010 RPS URl : (field is blank)
Is this as simple as selecting the latest one in the dropbox (Exchange 2010)??
Thank you in advance.
PAM SAMPLE PORTAL - Justification (Required)
Hello Experts,
Is there any way to force Justification Required instead of Optional in PAM Sample Portal or MIM Portal?
MIM Hotfixes Downloads are no longer available
The latest/greatest version of MIM 2016 is Version 4.5.286.0.
The last working hotfix download is for Version 4.4.1749.0.
There are 2 more releases between 4.4.1749 and 4.5.286:
- Version 4.5.202.0
https://www.microsoft.com/download/details.aspx?id=57278 - Version 4.5.26.0
https://www.microsoft.com/en-us/download/details.aspx?id=57078
But the hotfix downloads come up as being no longer available.
Have they been superseded by 4.5.286? Do I need to worry about installing them before the latest version?
Hotmail to Outlook live migration question about MX record
Hi,
One of the steps mentioned during the migration from hotmail to outlook live is this:
Edit the MX record for the domain
- Sign in to the domain management tool at the DNS hosting service for your domain.
- Remove the Hotmail MX record.
- Add an MX Record for <token>.mail.Outlook.com and set it to the highest priority.
Note If you have a third-party MX record, in the Service Management Portal Migration page, click Refresh. Once the removal of the Hotmail MX record is detected, click Skip MX Check.
What must the <token> be in the <token>.mail.Outlook.com namespace?
thanks,
Sk
*pANdiT jI__\\91-9928979713 Love problem solutions in argeting
MIM 2016 Integration with application supporting connectivity through RestApi
Hi Experts,
In one of my Customer's place we have a requirement to integrate with an application that has RestApi for importing and exporting data but not sure how do we integrate the same as MIM doesn't provide any out of box MA. Any help, pointers, references is highly appreciated. I have never developed any custom MA. Please help.
Regards,
Chandan
Regards, Chandan
MIM 2016 (PAM): Forest name & DNS configuration
We've a corporative forest / domain "Inter.contoso.com"
We want to deploy extra forest to deploy PAM. My questions are:
1) Any requirement about this new forest /domain ? Does "priv.contoso.com" good name ?
2) What DNS configuration should I do on both forest ?
Novell to AD Sync issues
Hi All
I have an issue with creating users from Novell edirectory to Active Directory.
I have created both the Novell and Active Directory MA and created the sync rules and created the FIM Service MA
I can see the novell users in the metaverse SN, UID, Givenname CN, but cannot export/create the user in Active Directory, any help will be greatly appreciated.
Thanks
Trying to export list of everyone who is listed as a manager in FIM portal
So I have had a request to build a dynamic Security group for "all People leaders" which is basically anyone who is listed as a manager in AD.
I know that this basically has to be done by adding an IsManager attribute to the schema then using FIM powershells to populate that attribute.
I was able to create a search scope and get a list of all managers, but I am unable to export this same search scope via FIMAutomation Powershell
Anyone tell me what I am doing wrong?
/Person[ObjectID = /*[ObjectID = 'bce1cdd1-5222-4462-b910-ab30f5b6576a']/ComputedMember]/Manager']
Is the search scope criteria, it wont work for groups or sets because of the double calculation I know. Does FimAutomation powershell fall into that issue as well?
Here is the PowerShell
set-variable -name URI -value "http://localhost:5725/resourcemanagementservice" -option constant
add-pssnapin FIMAutomation
$exportObject = export-fimconfig -uri $URI -onlyBaseResources -customconfig ("/Person[ObjectID = /Set[ObjectID = 'bce1cdd1-5222-4462-b910-ab30f5b6576a']/ComputedMember]/Manager']")
Powershell error
export-fimconfig : Failure on making enumeration web service call.Filter = /Person[ObjectID = /Set[ObjectID = 'bce1cdd1-5222-4462-b910-ab30f5b6576a']/ComputedMember]/Manager']
Error= Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: cannot filter as requested
at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters, ClientOptionsHelper clientOptionsHelper)
at Microsoft.ResourceManagement.WebServices.ResourceManager.MoveNext()
at Microsoft.ResourceManagement.Automation.ExportConfig.EndProcessing()
At line:1 char:17
+ $exportObject = export-fimconfig -uri $URI -onlyBaseResources -customconfig ("/P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Export-FIMConfig], InvalidOperationException
+ FullyQualifiedErrorId : ExportConfig,Microsoft.ResourceManagement.Automation.ExportConfig
Russell Lema