Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6657 articles
Browse latest View live

Post MIM 2016 SP1 / SP2 upgrade issue: NetworkClearText connection

May 4, 2020, 6:31 am
$
0
0

Hi All,

I've run through upgrading MIM 2016 from 4.3.2266.0 to SP1 then SP2 and I thought everything was running well, but I've been informed by Security that the Portal MA is now talking to the database using NetworkClearText (Logon Type 8) rather than the Interactive (Logon Type 2) connection it was using prior to the upgrade. I was wondering if maybe MIM was trying to use TLS 1.2 but some other part of the system wasn't able to support it and so it was failing back to clear text instead of whatever lower protocol it was using before. I think I've enabled TLS 1.2 in SharePoint but the issue remains.

Is this expected behavior or is something not working correctly?

The SharePoint Foundation 2013 installation is still on RTM version which may also be contributing to the problem. Are there any special update requirements when it's supporting MIM or do I just follow normal SharePoint update procedures?

Thanks for any advice
Brett

Search

MIM PAM REST API returns empty JSON file.

May 4, 2020, 9:21 am
$
0
0
I installed MIM service and portal with PAM module in my test environment everything is working fine using powershell cmdlets, however, when I deployed the PAM Sample user Portal from Github to test the REST API, the JSON file retrieved is empty. I'm looking for a way to gather some logs to troubleshoot this, as I can't see anything in eventviewer ? 

Did anyone face this issue before or have any hint about it ? 

Please note that using powershell, I can see the roles and request them.  

Screenshot 

PAM Sample Portal Status code: 406. Error: Not Acceptable.

January 8, 2020, 6:26 am
$
0
0

I installed MIM 2016 SP2 Server in privOnly mode, with PAM feature and have the following error when deploying the PAM Sample portal.

Oops! Something went wrong. The ajax calls failed, please contact your administrator.
Status code: 406.
Error: Not Acceptable

When testing with http://mydomain.local:port/api/pamresources/pamroles I got the following error :

406 - Client browser does not accept the MIME type of the requested page.


So if I understand the error, it seems that the server is sending some information that the browser cannot parse, which is strange since I took the the exact files in the src folder in github .

Can someone help to resolve this issue ?


Thanks in advance.

[MIM PAM] Adding groups and users from Portal with PRIVOnly Flag

May 5, 2020, 4:59 am
$
0
0
When adding PAMusers and PAMGroups using powershell cmdlets, it's possible to set thePrivOnly Flag to mark the environment as PrivOnly, is this supported by the Portal as well ? 

For instance what would be the equivalent of this command using the admin portal : 
New-PAMGroup -SourceDomain contoso.corp -SourceGroupName T0-Admins  –PrivOnly

Information on FIMAutomation Class Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject

May 6, 2020, 12:25 am
$
0
0

Hello,

I am working on powershell scripting on MIM on-premises environment.
I have found a lot of different scripts to use FIM Automation but I did not find anywhere any information or class description for the following objects usage.

Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject

Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange

All scripts found about changing ressources attributes in the ResourceManagementService, make usage of this objects to define some attribute change. But I did not find any documentation about them.

FIM MA Export resulting in Error- Add Person failing

May 6, 2020, 5:44 am
$
0
0

Hi 

I had created an AD inbound synchronization rule with necessary mappings. I was able to import the users from AD to portal . I am seeing some failures for some users where the export to portal is failing.When i tried to look into the the error details i found that the FIMMA connector space was being deleted automatically. There were some required attributes which were not coming from AD so i changed the FIMMA mapping to allow nulls for those still the error remains same. Any pointers to this will be appreciated.


How to disable an attribute for particular group in MIM portal

May 8, 2020, 4:05 pm
$
0
0

Hello all,

I have this requirement where I need to disable an attribute so that one of the group can not read or update it.

Thanks.

Converting Boolean to String in FIM Portal (Outbound Rule)

March 31, 2020, 5:09 am
$
0
0

All,

I need your guidance to figure out, is there any way to converting a Boolean to String in the FIM Portal during Outbound rules?

The data would appear as String in the AD and the FIM portal as Boolean. I tried the below but didn’t work: IIF(Eq(FIMboolean,"true"),"NOSYNC",Null()) => ADNOSYNC

Regards,
Srinwantu

Search

Microsoft business acount

May 10, 2020, 1:50 am
$
0
0
How can I set up a Microsoft business account when my email is linked to my personal account? I don't want to have a seperate email address for these accounts.

Errors installing MIM 2016SP2

May 10, 2020, 9:46 am

Error While FIM MA export - Create User

May 11, 2020, 4:11 am
$
0
0

Hi 

I am getting an error While FIM MA export for users which are pending export. The error details does not tell much about what error it is. Checked for mandatory attributes, invalid attributes values . 

Microsoft.ResourceManagement: The web service client has encountered the following class of error: RequestMessageViolatesProtocol
Details: Additional Text Details: The request does not conform to the expected request message format of the protocol.
Correlation Identifier: 54cdc002-0fa2-4303-892f-e31f5cf88030
Failure Message: 
Request Identifier: 

MultiValue tables for groups. Is there a size limitation?

May 12, 2020, 4:44 am
$
0
0

I've set up multivalue tables that specifiy group memberships but I've seen reports that if the secondary table, which holds the memberships, reaches 50% the size of the primary table, which holds the user and group names, the system grinds to a halt, taking potentially days to import. Given that the secondary table is likely to be 5 or 6 times the size of the primary table in production, are multivalue tables not a viable solution to group management in mim?

thanks,

Alistair

How does MIM start the deprovisioning process?

May 13, 2020, 2:49 am
$
0
0

I pretty much understand the deprovisioning process apart from what starts it.

If there is a userid 1234 that is imported to the CS and synced to the metaverse:

DataSource (1111,...,1234,...,...) -> MA -> Import -> CS -> Sync -> Join/Project 1234

is deprovisioning started if that userid "disappears" from the feed?

DataSource (1111,...,...,...) -> MA -> Import -> CS -> Sync -> Disconnect 1234

does that mean the CS is really just a cache? and deprovisioning is started from a diff of Import(n) cf Import(n-1)?

or is the missing userid (1234) noticed during the Sync? In either case, MIM needs to "diff" somewhere to find out userids that have "disappeared" from the feed. Would be good to know where that discovery happens and where that "cache" is.

thanks,

Alistair

MIM 2016 - MIMService not installing - error 'Forefront Identity Manager' (FIMService) failed to start.

May 13, 2020, 2:17 pm
$
0
0

Trying to install MIM2016 and getting the FIMService failed to start error message.

I have already got these services listed in User Rights Assignment (impersonate user, logon as a service etc) enabled in the Group Policy.

But it is failing to start when trying to install MIM Service

Where are the MIM/FIM Synchronization Service Parameters?

May 14, 2020, 12:25 am
$
0
0

The documentation of the MIM/FIM Synchronization Service Parameters is not consistent. I found these articles https://docs.microsoft.com/en-us/previous-versions/mim/hh322883(v=ws.10)?redirectedfrom=MSDN And https://docs.microsoft.com/en-us/archive/blogs/iamsupport/tuning-fim-service-ma-export-processing Describing how to configure the parameters. The data inside conflicts. So in the first article one must set gateAsynchronousExportsOnAcknowledgements In order to be able to set the exportRequestsInProcessMaximum. But in the second article the exportRequestsInProcessMaximum Is simply set without defining gateAsynchronousExportsOnAcknowledgements. Further I could not find all the parameters in one article. There are more parameters possible. Maybe you know where I can find the specifications that I can trust?

GH

Search

MIM Password Register Portal not working.

May 15, 2020, 8:34 am
$
0
0

Hello experts,

The environment is as follows.

  • 1 Server : SYNC and Service and Portal
  • 1 Server : Register and Reset portal

Some backgrounds:

  • MIM Portal and Sync works perfectly. We can have users in AD and have them synchronized in MIM Portal and also have users created in Portal and provision them in AD. So syncronization works.

I recently installed Register and Reset portal on a server, the installation is successfull; However just for testing purpose, I cannot even open the Register portal from the server itself:



if I click on the portal, register... I will have this:

first of all, is this even a reliable test?

On client side, even with extension installed and ensuring that the user is in 'Password Reset' set, the IE is not opened and when I navigate to it, the same issue is faced. however it request me to authenticated myself and the thiongs is, it is trying to connect to the actual server itself (Portal.contoso..) not through the CNAM I created in DNS for register. so even with that I do not know what account I should type.

what I have to check? SPNs? app pool , service accounts?

I would appreciate if you could help me.

How to synchronize custom resource Type from metaverse to MIM Portal

May 16, 2020, 12:22 pm
$
0
0

Hi MIM Experts!

I’m trying to import all my company computers into MIM Portal.

In MIM Portal, I’ve successfully created a Custom Resource Type calledcomputer, including new attributes and new bindings.

I’ve also created MPRs and provided all permissions in MIM portal to new Resource Type Computers.

I’ve also created the new Object Type computer in Synchronization Service using the Metaverse designer.

I’ve also Full Imported and Full Synced  successfully the list of computers into the metaverse from my external SQL Computers Table. (Synchronization Rules is working as expected)

But I’m failing syncing the computers from Metaverse to MIM Portal.

I’m trying this:

-         MIM Synchronization Service,

-         Edit MIM MA, FIM Service Management Agent

-         Go to “Select Object types”, Show All

-         I only have:

  • DetectedRuleEntry
  • ExpectedRuleEntry
  • Group
  • Person
  • SynchronizationRule

BUT my new object Type computer is not found!!

I’ve updated the schema several times, restarted services, but still fails.

Please, help

PD: adding new attributes to the existing object type user-person works well


Alejandro

Display advanced tab for user/person in portal?

May 18, 2020, 7:24 am
$
0
0
I want to allow a "department admin" to edit a couple of attributes for a certain set of users.  The set and MPR are working for other attributes.  These attributes are not in the RCDC and I'd like to avoid adding them.  But the"department admin" users can't see the "extended attributes" tab in "advanced view".  Is there a way to expose that to them without making them mim admins?

MIMWAL - Check if a Template Exists

May 18, 2020, 3:15 pm
$
0
0

Hi,


I need to set a default template name if a specific one is not found for the current user language

I'm calculating the name of the Template and using it on the Send Mail Activity.

How can I with MIMWAL check if an email notification  template exists?

Many thanks,

JD

MIMWAL . Check if a string is part of a set of strings

May 18, 2020, 3:21 pm
$
0
0

Hi,

I need to validate if a string attribute corresponds to any of the 10 allowed ones

What operations/operators do I have available for this in MIMWAL? 

I just found a referente to several types of functions (including text functions), but I do not see whow can I have in MIMWAL this kind of simple constructs. Any help?

Thanks,

JD

Viewing all 6657 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>