Hi, I am interested in implementing MIM/PAM 2016 in HA configuration. Is there any documentation covering this?
Thanks in advance.
↧
MIM/PAM 2016 HA
↧
MIM Portal get Value from Ressource
Hello there,
hope everyone is safe in these strange times. meanwhile i hope someone can help with small issue i'm having
i have a MIM + portal configured to create users in AD.
i created a new resource type call NDLOU that has 2 attributes NDLOU which is the ou value and a DisplayName.
i edited the user create RCDC to add a UocIdentityPicker where the admins can go in and pick an OU where to create the user.
i then created a sync rule for all that has workflow parameter that i called ndlou (for orginality ) that i fill in from a Workflow
in the workflow with 2 activities:
1- a function that puts [//Target/NDLOU/NDLOU] in [//WorkflowData/NDLOU]
2- the sync rule activity with the parameter [//WorkflowData/NDLOU]
i may have made a mistake somewhere, can anyone help ?
Thanks
Hicham
Hitch Bardawil
↧
↧
Date time filter error in fim portal
Hi,
I am using PowerShell for exporting the custom resource from the fim portal. I have created a set and copy the X-Path filter condition and paste into the powershell.
My set is working fine and showing me the criteria based members but when I am using this condition in powershell, getting the error "Filter condition does not match".
/msidmReportingJob[CreatedTime > op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(),
xs:dayTimeDuration('P1D'))]</Filter>
I am trying to export the resource who have created today.
Thanks.
↧
List of Request Statuses
Is there a list available somewhere of all possible status values for a request. I know there's 'completed' and 'PostProcessingError' for example but what are all the possible values for this field?
↧
search scope gets data only for admin users ¡¡
Hi
I have a problem I am not able to solve and hope somebody can help. I have created an custom Resource in the FIM portal called Costcenter. It is an User Resource Type.
The resource has associated attributes, code, cost centername and has already been properly populated with the cost center data.
I have created a search scope to publish it to a group of users
I have already added the Resource, the code and costcentername to Filter permission - Administrator Filter permission + non-administrator filter permission.
I have already created MPR Type Request, requestor==> my users group, Grant permission for read, Target Resource ==>My search scope
I have already add my costcentername, code, to MPR User management: Users can read selected attributes of other users and
User management: Users can read attributes of their own
the problem is that my user group can see the search scope, but it can't get data. If I add the user to administrators portal set,
it can get data of search scope without any problem.
Can someone help me?
I have a problem I am not able to solve and hope somebody can help. I have created an custom Resource in the FIM portal called Costcenter. It is an User Resource Type.
The resource has associated attributes, code, cost centername and has already been properly populated with the cost center data.
I have created a search scope to publish it to a group of users
I have already added the Resource, the code and costcentername to Filter permission - Administrator Filter permission + non-administrator filter permission.
I have already created MPR Type Request, requestor==> my users group, Grant permission for read, Target Resource ==>My search scope
I have already add my costcentername, code, to MPR User management: Users can read selected attributes of other users and
User management: Users can read attributes of their own
the problem is that my user group can see the search scope, but it can't get data. If I add the user to administrators portal set,
it can get data of search scope without any problem.
Can someone help me?
↧
↧
MIM 2016 Upgrade issue
Hello Everyone,
i just finished upgrading my mim sync engine and portal farm with the KB3201389 patch
everything worked fine in my single server test environment, but my production is a 2 server farm and in this case the upgrade was successful but i'm not able to open the user create page or the user edit or and popup page...
i have a mim 2016 with shrepoint foundation 2013
anyone can help figure this out ?
Thanks
Hicham
Hitch Bardawil
↧
Managing group creation and memberships programatically
I've been looking at synchronisation rules in the portal but they seem to rely on sets, i.e. if a user has attribute X, put them in group X. There are potentially thousands of groups so this approach won't work. Is it possible to do this in an extension
DLL instead? memberOf is read-only in MIM so can't use that. I tried looking up the group object in the metaverse from the metaverse rules dll to add the user based on formulae but finding it is difficult (cn=? etc don't find the group). Also not sure how
to create a new group object from an extension dll.
thanks,
Alistair
↧
Problem: ECMA 2.2 custom agent multiple object types
I am having a wired problem with importing data using a custom agent that integrates with Dynamics 365 (on prem)
My issue is with the import process. The code imports users and business roles. The code is below. When I run the Import profile, the Sync manager shows users got imported and not roles. When I debug the code, importReturnInfo shows both users and roles but Sync manager and agent's CS only show users.
Here is another confusing part. I tried to process the roles before the users in the GetImportEntries. It worked and the Sync manager is importing both rules and users. However, when I delete any role from Dynamics, the sync engine doesn't recognize the deleted role. Any idea what I am missing? Thanks
public GetImportEntriesResults GetImportEntries(GetImportEntriesRunStep importRunStep)
{
DynamicsUserProfileQueryResult dynamicsUserProfileQueryResult = new DynamicsUserProfileQueryResult();
List<CSEntryChange> csentries = new List<CSEntryChange>();
GetImportEntriesResults importReturnInfo;
if (personMoreToImport)
{
dynamicsUserProfileQueryResult = Connector.GetDynamicsUsers(ImportPageSize, userPageNumber);
userPageNumber++;
personMoreToImport = dynamicsUserProfileQueryResult.QueryPagingCookie != null;
ProcessImportedDynamicsUsers(dynamicsUserProfileQueryResult, csentries);
}
//if we try to add users first, roles are not being added for some reason
if (rolesMoreToImport)
{
var businessRoles = ImportBusinessRoles();
foreach (var businessRole in businessRoles)
{
CSEntryChange entry = CSEntryChange.Create();
entry.ObjectModificationType = ObjectModificationType.Add;
entry.ObjectType = BusinessRole;
if (businessRole.RoleId.HasValue)
entry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("RoleId", businessRole.RoleId.ToString()));
if (!String.IsNullOrWhiteSpace(businessRole.RoleText))
entry.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("RoleName", businessRole.RoleText));
entry.DN = String.Format("CN={0},O=Role", businessRole.RoleText);
csentries.Add(entry);
}
rolesMoreToImport = false;
}
importReturnInfo = new GetImportEntriesResults()
{
MoreToImport = rolesMoreToImport,
CSEntries = csentries
};
return importReturnInfo;
}
Ahmed is an independent consultant in Ottawa, Canada specialized in .NET, Biztalk, WCF, WPF, TFS and other Microsoft technologies.
Blog: http://lajak.wordpress.com
Twitter: ahmedalasaad
↧
MIM partitions and customization
Hello,
I am using MIM 2016 SP1. My dev environment is a single partition while the production environment has two partitions. After migration from Dev to Prod some of the custom attributes bound to the User object show on one partition and not the other. I found the missing attributes by querying users by ID using powershell. The result of the query on one server showed the attributes while the other server didn't.
The architecture
MIM portal behind NLB and MIM Service is behind NLB with a sticky source configuration. Both partition connected to one DB.
Do I need to do anything special when migrating to multi-partition environment?
Ahmed is an independent consultant in Ottawa, Canada specialized in .NET, Biztalk, WCF, WPF, TFS and other Microsoft technologies.
Blog: http://lajak.wordpress.com
Twitter: ahmedalasaad
↧
↧
Converting Boolean to String in FIM Portal (Outbound Rule)
All,
I need your guidance to figure out, is there any way to converting a Boolean to String in the FIM Portal during Outbound rules?
The data would appear as String in the AD and the FIM portal as Boolean. I tried the below but didn’t work: IIF(Eq(FIMboolean,"true"),"NOSYNC",Null()) => ADNOSYNC
Regards,
Srinwantu
↧
Inconsistent name display
In last two of my sent emails from Hotmail, my display name in the emails is different than my microsoft account display name. I want to know why. and if hotmail is being hacked?
↧
MIM 2016 SP1 on Server 2019
I am trying to find out if Server 2019 could be considered a supported server for MIM 2016 SP1 with SharePoint 2016. Microsoft does not list Server 2019 as supported server for SP1. Is that because of the Synchronization service? SharePoint 2016 is supported on Server 2019, so I am guessing MIM Portal & Service might be ok.
My rational here is that I don't want to move to SP2 just yet, but I would like to get my server infrastructure in place, so all I have to do later on is to apply the patch.
↧
MIM Stopped Syncing New Users
Hello All,
About a year ago I setup a MIM solution for our sister site in London to sync user account from one domain there to another. It's been working fine for over a year. I am just now receiving reports that any new users added to the source OU are not syncing to the target domain. However, and this is the strange part (to me anyways), changes made to existing account in the source OU are syncing to the target domain.
I see no errors, have rebooted the MIM server and checked all the credentials. I see no obvious issues. Anybody run into this before? Any advice would be greatly appreciated.
Thanks in advance,
Jim
↧
↧
Checking group type on added membership
Hi.
On the Person object I have build an extra attribute called 'AddToGroup', which is a multivalue reference attribute (preferable to the Group Resource type).
When a user has chosen one or more groups in this attribute and saved the user, an action workflow finds the group(s) and puts the user into it. After this it resets the attribute, so it is empty.
In the RCDC I use keywords for the attribute for a custom SearchScope, so only groups with static membership shows up.
All this works well, when the users of the portal are using the Resource Picker.
But when the users are using the resolve button, this sometimes goes wrong, if the system cannot find any objects inside the SearchScope. Then it shows any object inside the search criteria, that the user has read permissions to.
Is it possible to enforce the SearchScope, so the system will not find anything?
Or is the way to build an authorization Workflow, that checks the objects afterwards? And if this is the way, has anyone build anything like this with MIMWAL?
Cheers,
Søren
↧
Implementation of MIM Fresh on Existing AD Domain and Existing Sharepoint 2016 Infrastructure
Can we Install MIM on Windows 2016 Server with existing AD Domain and Sharepoint 2016 Environment .Could not see any docs supporting the Implementaion of Already existing AD Domain and Existing SP Environment .If so kindly guide to the document.
Belive we need to install the agents so that it can communicate with AD & SP??
We are planning to implement MIM as a sloution for Password Self Service pages and for User Import In Sharepoint 2016
Thansk & Regards
Gops
↧
ADFS 3.0 - "Safari Cannot open the page because your iphone is not connected to the internet"
Dear Team,
ADFS 3.0
I am struck with one issue that is safari browser is not supporting webex and workplace application which is integrated with ADFS.
Users are accessing the Webex and Workplace applications in safari browser via Extranet and he is receiving error message as below
"Safari Cannot open the page because your iphone is not connected to the internet"
As i checked this is common issue which happens in iphone and gone through many articles which shows troubleshooting steps for WiFi and other network settings and same has been informed to customer and he says that he has performed all the troubleshooting steps and this issue faced by multiple users.
If the users were accessing via intranet i would have suggested them to enable WIA(Windows integrated authentication) agent for Safari but as it's from extranet i am in confusion how to enable for extranet users , please let me know if it's possible.
↧
Lithnet - How to add a group to a set members using Lithnet RMA?
Hi,
I 'm using Lithnet to verify if certain groups are in the expected set
Search-Resources -XPath "/Set[DisplayName = '$($myGroup.DisplayName)']" -AttributesToGet @("DisplayName","ExplicitMember")
Now I need to Add The Group to the the Set.ExplicitMembers but it is null and I always have error creating it
Thanks,
JD
↧
↧
How best to connect to Slack? Can Microsoft's Web Services Connector be used?
I'm wondering how best to connect to Slack. Anyone done this with FIM/MIM and what connector/MA can be used? I see that Slack uses REST API and OAuth security while the Microsoft Web Services Connector doesn't list OAuth in its security modes. Or are they
talking two differently layers of security?
↧
MultiValue tables for groups, do the groups need to exist already?
I have around 5000 groups to populate via MultiValue tables, not all known at any one time. On the first run, none of the users or groups will exist in AD. On subsequent runs, some of them won't exist (as new ones come into existence in the SQL MA data source).
Before using MultiValue tables to populate AD groups with members, do the groups and users have to exist in AD beforehand?
e.g. does the flow need 3 MAs, something like:
SQL MA (users) -> Import -> Sync -> Export (to AD)
SQL MA (groups) -> Import -> Sync -> Export (to AD)
SQL MA (MultiValue users+groups memberships) -> Import -> Sync -> Export (to AD)
or can a single MA be used to provision users+group and a second MA provide the MultiValue group memberships?
thanks,
Alistair
↧
ConnectedMA.Connectors.Count is 0 even if object exists in connector space
In a metaverse extension DLL I have:
ConnectedMA managementAgent = mvEntry.ConnectedMAs["AD MA"];
if (managementAgent.Connectors.Count == 0)
{ ... }
Connectors.Count is 0 for an object that is in the "AD MA" connector space but not in the Metaverse. The MS tutorial doesn't mention a full sync for "AD MA", so when the "SQL MA" with multi-value tables does a full sync, the error occurs because the AD group exists in the "AD MA" connector space but is reported to have no connectors so I get the error:
An object with DN "..." already exists in management agent "AD MA"
Do I need to do a full sync on "AD MA" before doing a full sync on "SQL MA"?
thanks,
Alistair
↧