Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6657 articles
Browse latest View live

Change User CN, just with Synchronization Service

June 25, 2019, 2:39 am
$
0
0

Hi all,


I have the challenge to keep two active directories in sync. From the source, 30 attributes are synchronized to the destination. The CN should also be changed, that is not possible in the standard. In my view, there are the options:


a) Change initial flow attribute
b) Change AD scheme, not desired
c) Powershell rename-ADObject as attachment of the RunProfile,not really sexy

I would like to use Option a). However, I only use the synchronization service under the Windows Server license. Additional MIM Cals are not available. Is there a possibility to make this adjustment there or do I need the MIM service and portal? I can not find the option.


Best regards
Robert

Search

FIM Extension Rule - Person Lookup

June 25, 2019, 7:13 am
$
0
0

Hi,

I need to export to a SQL MA a property of a reference object of type person

MVObject -> MVObjectReference.PropertyXYZ -> get its Value

How can this be done?

I'm thinking on using an ExtensionRule to Loopup for the referencedObject.Property. How can I do that on an Extension Rule atrribute flow (where I receive the referenceObject mvObjectID) lookup for a property of the object that has that mvobjectID? 

Thanks,

JD

UocIdentityPicker - persist a specific attribute

June 25, 2019, 7:19 am
$
0
0

Hi,

I have a UocIdentityPicker where I can manipulate the "manager" property of a user.

I would like to, when a manager is selected, to persist one other property of the manager on a separate schema field (ex: RH_ID)

How can this be done?

Thanks

Renew or reinstall MIM Service certificate

June 6, 2019, 3:50 am
$
0
0

What are the requirements for the MIM Service certificate, or steps to renew it?

MIM 2016 Troubleshooting Resource Control Display Configuration

June 5, 2019, 6:42 am
$
0
0

Whenever I attempt to view or export the configuration data from any of the RCD configurations, I receive the "Unable to process your request."ErrorPage.aspx

Everything else seems to work fine except Users Photo is not displayed on the General TAB of users properties page.
I've tried searching on line but all the troubleshooting TIPS are out of date.  This is all I see in the event log:

The portal was unable to complete a request and showed a user the default error page.

An unhandled exception was caught.

I was able to get a version of SvcTraceView installed and it shows this error:

Process action 'http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate'. 29 46ms 10:39:11 AM 10:39:11 AM

This is the relevant line from the stack trace:

<ExceptionString>System.InvalidOperationException:
The address of the security token issuer is not specified. An explicit issuer address must be specified in the binding for target 'http://mim:5725/ResourceManagementService/Enumeration' or the local issuer address must be configured in the credentials.</ExceptionString>

Robert W. Kirchhof


powershell script to search all users in PAM

June 4, 2019, 4:12 am
$
0
0

Hello,

I was looking out for a powershell script that would output all PAM users in the environment with their SourceAccountName & PrivAccountName attribute, was also looking to add the PAM linked user attribute too for all these users. All these users in the PAM bastion domain are linked to our primary domain & we want a report with all these linked details. 

Unrecognized Guid Error

May 16, 2019, 6:31 am
$
0
0

Hi,

I am trying to join the MA via FIM Synch Engine Console. However, After I join the MA and Click on Lineage TAB and then Metaverse Object properties button i am getting this Error "Unrecognized GUID Format".

Can anyone provide any suggestion on how fix this?

I think it could be because of AD GUID and METAVERSE GUID are not matching. This is a group which I am trying to fix so it has members.

Below is the Screenshot of the error.



Export to Postgre

May 10, 2019, 2:59 am
$
0
0

Hello,

I'm trying to export to a table in Postgre using the Generic SQL Connector but failing.  The objects are created in the connector space but fails on the export run profile.  Verbose logging on the connector shows it falling over after it initiates the Export base Constructor.  It then generates the Exception error while exporting cs entries to the Database server with the ever helpful "Object reference not set to an instance of an object"

Has anyone successfully exported to Postgre??

TIA

Rob

Search

Password reset problem - Access denied (The web portal received a fault error from the FIM service)

May 9, 2019, 5:59 am
$
0
0

Hi,

I am facing an issue with the password reset portal. User is successfully able to register on password register portal. Then on password reset portal, it successfully verifies the answers of the security questions, and then prompts for a new password. But when user enters the new password and clicks on next, it gives an error: "An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)" Can anyone guide me on this as I have searched different forums on internet, followed different guides but all in vain. 

We are having a 2-tier architecture: FIM Portal (FIM Service) and Password Portals are running on one machine, and FIM Sync (Synchronization Server) is running on another machine. 

When I check event logs of both machines, I get one error event on FIM Sync machine and4 error events on FIM Service machine.

Below is the error on FIM Sycn Machine:

The server encountered an unexpected error while performing an operation for the client.
"BAIL: MMS(5084): ..\server.cpp(8094): 0x80070005 (Access is denied.)
Forefront Identity Manager 4.4.1302.0"


Below are the four errors on FIM Service machine:

Error 0:

System.Management: System.Management.ManagementException: Access denied 
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText)



Error 1:

The web portal received a fault error from the FIM service.
Details:
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: DataRequiredFaultReason
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
Web Portal: FIM Password Reset Portal
Session Id: j0mz1245ydyzf055iokgjw55
IP Address: 10.98.0.15



Error 2: 
Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
   at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
   at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
   at System.Web.UI.TemplateControl.OnError(EventArgs e)
   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.default_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


Error 3:
The error page was displayed to the user.
Details:
Title: Error
Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
Source: 
Attributes: 
Details: System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId: 
RequestId: 
ErrorCode: 3000
CaughtTime: 05/09/2019 12:35:44

Web Portal: FIM Password Reset Portal
Session Id: j0mz1245ydyzf055iokgjw55
IP Address: 10.98.0.15


 

 

F.

Migration data between servers corrupted MS Access db

May 6, 2019, 8:33 am
$
0
0

Our old network server data was migrated to a new server, new location over the weekend. I have a customized reporting database which has been used for a dozen years and now has stopped access to doing coding after migration.

Error messages read the following;

Database has been placed in a state by user admin that prevents it from being opened or locked

next message;

Microsoft Access is unable to read the VBA modules of this database and cannot recover the modules because the file is read only.  To recover the VBA modules, close the database and make a backup copy of the database.  Then open the database with read/write permission.

Third message;

The VBA modules in this database  appear to have been saved with errors.  Access can recover the modules but you should back up the database first. 

Computer services migraged all of these drives using "delta sync" and I am not familiar with what precautions/allowances should be made for MS Access Databases.

Thanks in advance.

Is "Declared (Import Filter)" still only for the AD MA?

April 23, 2019, 8:39 am
$
0
0

I cannot find a definitive answer in the docs.  In my SQL MA, I have this option available in the Connector Filters.  Old information says that this feature is only for the AD MA.  Is this still true?

Thanks!

  

Mike Leach | http://blogs.catapultsystems.com/mleach/default.aspx

Error while creating mailbox during ADMA export

April 11, 2019, 4:04 am
$
0
0 
Hello Team,

I am trying to make exchange create a mailbox for a newly provisioned user in AD. I have added homeMDB,msExchangeHomeServerName,mDBUseDefaults, mail and mailnickname, proxyaddress as the attributes.

And on the Sync Engine, I have added my Exchange Server's powershell URL - http://<servername>/powershell

I have also added my ADMA into the Exchange Admin group on the Exchange Server.

I then create a user on MIM Portal and then run the Full import, Full Sync , Export and then ADMA Full Import and Full Sync and Export , but I get the below error during Export -

The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Management.Automation.Remoting.PSRemotingTransportException

Message: Processing data from remote server fdv-wi-post1.felles.firma.no failed with the following error message: [ClientAccessServer=<server hostname >,BackEndServer=<server name>,RequestId=df60b7ba-f9b2-4b4f-86ab-3fb2776afd3f,TimeStamp=11.04.2019 10:19:39] [FailureCategory=WSMan-Others] The EndpointConfiguration with the http://schemas.microsoft.com/powershell/Microsoft.Exchange identifier is not in a valid initial session state on the remote computer. Contact your Windows PowerShell administrator, or the owner or creator of the endpoint configuration. For more information, see the about_Remote_Troubleshooting Help topic.

Stack Trace:    at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
   at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
   at System.Management.Automation.RemoteRunspace.Open()
   at Exch2010Extension.Exch2010ExtensionClass.OpenConnection(String uri, PSCredential credential)
   at Exch2010Extension.Exch2010ExtensionClass.BeginExportToCd(String connectTo, String domain, String server, String user, String password)

the message resource is present but the message is not found in the string/message table

Note: We have Exchange server 2013 in our environment.

Any expert advise will be helpful.

Thank You.

Identity Management Not Working on Surface Book Apps

April 10, 2019, 11:15 am
$
0
0

Hi,

I can access the web url versions of these services, so the problem is not my security access.  But, the apps for MSX Apportal and the Expense Management tool do not work on my surface book.  They will not authenticate me.

Regards,

Amy

Search Scope for EmployeeStartDate within the next 7 days

February 28, 2019, 9:56 am
$
0
0

I am able to create a Set just fine for this.  So, I wanted to give my client the same option in the Search Scopes.  I took the XPath query directly from the Set details.  But, it errors out when I hit search.  Can someone see what I may be doing wrong with this query for this Search Scope?

/Person[(EmployeeStartDate &lt; op:add-dayTimeDuration-to-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P7D'))) and (EmployeeStartDate &gt; op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P1D')))]

Mike Leach | http://blogs.catapultsystems.com/mleach/default.aspx

Create Custom Page in MIM Portal

April 19, 2019, 3:13 am
$
0
0

Hi all,

I have a requirement to Create a Custom Page in MIM Portal with On Behalf Of ____.

for example, if i want to raise a request / create a new User / any other activity On behalf of some body lets consider On Behalf Of "My Manager" , How we will do this please.

Thanks - Srinivas 

Search

FIM 2010R2 - Clear Boolean attribute in Portal to delete it

June 27, 2019, 5:48 am
$
0
0

Hi,

I need to delete a boolean atribute from FIM Portal.

It seems that firts I need to clear its values.

I tried a powerschell  script to use the Import-Config but it fails (it succeeds with $true or $false but not with $null)

the ps error message is: 

  The web service client has encountered the following class of error: ValueViolatesDataTypeFormat
  The specified attribute value is in a format that cannot be stored in the attribute.

The ps code is like this:

    $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
    $importObject.ObjectType = "Person"
    $importObject.SourceObjectIdentifier =  $userObject.ResourceManagementObject.ObjectIdentifier
    $importObject.TargetObjectIdentifier =  $userObject.ResourceManagementObject.ObjectIdentifier        
    $importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
    $importChange.Operation = 1
    $importChange.AttributeName = "myattributeName"
    $importChange.AttributeValue = $null
    $importChange.FullyResolved = 1
    $importChange.Locale = "Invariant"
    $importObject.Changes = $importChange
    $importObject | Import-FIMConfig

I succeed with MIMWAL update resource but since there are 200.000 resources to be affected the IIS seems to be hanged with memory at 99%.

What is the recomended way to clear the attribute on a such a big number of resources and why does it not succeeds in PS?

Many thanks?

Implementing Secure Sockets Layer for MIM Portal

June 27, 2019, 6:02 am
$
0
0

Hello.

At some point, if one added SSL after installation, one needed to run change installation. Cannot find that part from the current documentation. Has this changed?

Scaling out MIMService

July 31, 2018, 5:14 am
$
0
0

Hi, 

Does anyone have a good article/blog they're willing to share when it comes to best/preferred practices, "do:s" and "don't:s", "gotcha:s" and the like, when it comes to scaling out MIM? 

Andreas Hultgren&lt;br/&gt; MCTS, MCITP&lt;br/&gt; &lt;a href=&quot;http://ahultgren.blogspot.com/&quot;&gt;http://ahultgren.blogspot.com/&lt;/a&gt;

Attribute Flow Precedence

June 30, 2019, 8:57 pm
$
0
0

Hi,

I have created a custom attribute during OutBound Synchronization named as Temp , now I am trying to do Inbound sync through direct mapping. But it get ignoring during synchronization. 

Have a mappings as below

CSTemporaryAttribute <--- MV  (Advance Flow)

CsTemporaryAttribute  --> MV   (Direct Mapping)

The direct mapping was not happening. Am I missing anything. Could any one help me on this. Thanks


Security Group - Please select a displayed owner among the owners above.

July 1, 2019, 11:56 pm
$
0
0

Hi all,

We have been using mim for 2 years. MİM managed all active directory groups. 

I need help now. MİM Portal server on the Security Groups select new existing select. Error message "Please select a displayed owner among the owners above." 

I need to help. 

Thanks.

Best regards.

Viewing all 6657 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>