I need to put some control around the display name attribute (for all objects in the system). However, when I go to administration => schema management => all attributes => display name, I see the regular expression text field under validation tab is disabled for display name. How can I enable this? I see there is already an MPR called "Administration - Schema: Administrators can change selected attributes of schema related resource" which is granting admins to change the schema of the display name attribute, but it does not seem to help for the above scenario. Can someone please help?
↧
How to enable regex validation for display name attribute?
↧
DIstribution List & Members & E-mail
Hi there,
I have a scenario- How to do that activity?
DL : DG1 , DG2 , DG3 (all have email attribute's value)
Members : M1,M2,M3,M4,M5
DLs | Members
DG1 | M1,M2
DG2 | M1,M3,M5
DG3 | M3,M4
I want ONLY M1,M3 members can SEND E-MAILS to DLs(DG1,DG2,DG3).
How to perform that activity?
↧
↧
How to dereference objects during export flow
Hello!
I would like to export information from a referenced object during export flow but the referenced object is not part of the connector space object of the affected management agent. This is my demo configuration:
testEmployeeData:
- employeeId (anchor)
- personId (reference to testPerson object)
- telephoneNumber
- uid
testPerson:
- displayName
- givenName
- sn
- uid (anchor)
- employeeData (multi-value reference to testEmployeeData recors; can be null)
I have an SQL agent ("HR") that imports person and employeeData objects into the metaverse. The references seem to work as I can see them in the Sync Service Manager and they point to the right objects too. Now I would like to access some of the referenced objects' data during export attribute flow. I have configured an export-only "Persons" agent that should export the personal data into an attribute-value file. This is what I would like the export flow to look like:
displayName <- testPerson.displayName
employeeId (multi-value) <- testEmployeeData.employeeId (*)
firstName <- testPerson.firstName
lastName <- testPerson.sn
uid <- testPerson.uid
The problem is now the advanced attribute flow marked with (*). The testPerson.employeeData field contains a multi-valued reference to all matching employeeData records which contain the employeeId. The output file should contain all matching employeeIds instead of the reference values (GUIDs) but I can't get this to work. When I try to configure an advanced export flow rule flowing testPerson.employeeData to person.employeeId I just receive an error message stating that metaverse reference attributes cannot be defined as source attributes.
Do I have to create an appropriate connector space object for this to work? Or is there some other way to dereference objects in order to get certain attributes? By the way, the person connector space object in the "Persons" agent is created by
provisioning code based on testPerson metaverse objects.
Regards,
Philipp
↧
FIM 2010 R2 SP1 on window server 2012
I am installing FIM 2010 R2 SP1 on window server 2012.
however following pre-requisites is a problem
"Windows SharePoint Services 3.0 Service Pack 2 (SP2) or Microsoft SharePoint Foundation 2010."
"Windows SharePoint Services 3.0 Service Pack 2 (SP2)" can not be installed on Windows server 2012 .
Do I need to install Microsoft SharePoint Foundation 2010 or is there any workaround?
Thanks,
Mann
↧
FIM alternate approvers based on timeframe
Hi,
Is it possible in FIM to have alternative approvers and an escalation mechanism if/when approvals are not done within a predefined timeframe.
Thanks,
DW
↧
↧
My profile page opening in full windows instead of pop-up
Not a big issue but maybe someone found a solution for that already - several times I saw strange behaviour when clicking on my profile in FIM portal open profile in a full window mode instead of pop-up. When user is closing profile page it closes a browser.
Probably some IE setting but I can't nail it down - right now it is affecting few users for one of customers and it basically makes usage of my profile ... let say troublesome :).
Anyone came across such behavior? Any hints?
↧
Bulk Load FIM/Powershell - Extra account updated
Hi ~
I'm doing a test bulk upload using a file that contains only one record. After running PS script successfully, I check my search requests and see that two records files have actually been changed by the script. I've reviewed the script for any mentions of the second record ~ nothing there. Has this happened to anyone else? How can I troubleshoot this?
Thanks,
Kim
↧
Altering a FIM metaverse attribute-type
Hi All,
I have recently become acquainted with FIM 2010 R2 and I'm still learning all of the inner quirks that this wonderful product has to offer.
We are currently in the process of configuring the AAD connector (http://technet.microsoft.com/en-us/library/dn511001%28v=ws.10%29.aspx & http://technet.microsoft.com/en-us/library/dn511002%28v=ws.10%29.aspx#BKMK_SampleScript) for a customer (in lieu of using DirSync). Our original infrastructure and deployment included DirSync as well a consolidated Active Directory. I understand that the AAD connector has recently gone to GA (General Availability). As an attempt to minimize the infrastructure/components required for the deployment, we have removed DirSync and the Consolidated AD out of the picture.
Our implementation of FIM currently has multiple MAs (management agents) configured and running periodically. While going through the AAD connector guides, we realized that we needed to create several new metaverse attributes and object classes in order to support the AAD connector. In conjunction with the sample code provided and as a general inquiry, we are attempting to modify one of the attributes (accountEnabled) in the metaverse from an attribute-type of String (non-indexable) to Boolean.
What is the safest way, if any, to change an attribute-type in the metaverse? This attribute seems to be used in various spots throughout FIM (in attribute flows mostly), so we do not want to break any of the existing functionality.
I understand that the easiest way is to simply alter the sample code and change it to represent a String instead of Boolean. For now, this is not the intended method, unless stated otherwise by the FIM SMEs.
I appreciate any help that can be provided. Any feedback on your own experience with the AAD connector is also appreciated (pros & cons).
Thanks,
LG
↧
How to stop FIM from Deleting Connections?
There is something that i need, but have ben unable to do... and that is to keep my BDC data even when there is no connection. I have not been able to figure out how to stop deletes from happening... this is what happens when my service is down
This is the result of the DeltaImport... It adds a SPS-Dummy object and removes all my objects, this causes all my fields in the user profile to become empty. I do not want this to happen. How can I configure FIM to not do this?
This is the result of the DeltaSync...
I have been working on this for days, and I just can't figure it out. I am going crazy!!! Please assist me.
↧
↧
How to Run FIM 2010 PowerShell Cmdlets on FIM Machine
Hello All,
Not sure what I am missing here, not able to run the 'FIMAutomation' on a FIM 2010 machine.
The below is the error message.
Add-PSSnapin : The Windows PowerShell snap-in 'FIMAutomation' is not installed on this machine.
Please let me know, where I have to look further to run the snap in successfully.
Thanks and Regards,
Anirban Singha
India
↧
kerberos-no-logon-server in fim 2010
Hi,
When we run Export run profile of ADMA Management Agent then we get fallowing error
kerberos-no-logon-server
and all user that provisioned in AD OU in disabled mode and also taking more time for provisioning.
please provide any solution.
Regards
Anil Kumar
↧
Can one migrate SSPR without requiring registered users to re-register?
Hi,
Assume a lab environment was used for a SSPR POC (Question & Answer) - Can one migrate a FIM SSPR solution without requiring registered users to re-register?
thanks
dw
↧
FIM R2 SP1 & Sharepoint Designer 2013
Hello all,
We installed successfully FIM R2 SP1 on Sharepoint Foundation 2013.
The portal is running and at the first glance it looks fine.
Unfortunately we have no chance to open the FIM site via SharePoint Designer.
We receive following Error Message: "Object moved: Object moved to here"
Any ideas or suggestions?
Kind regards Fatih
↧
↧
Users cannot access the FIM Portal unless they are a member of the local Group "Users" on the FIM Service server
Hi,
I have an FIM 2010 R2 SP1 install on Windows 2012 infrastructure using SharePoint 2013. Roles are broken out so I have a separate server for FIM Service, FIM Sync and SQL backend.
I have populated users as required but they cannot access the FIM Portal unless they are members of the local security group "Users" on the FIM Service server itself. When not added to this group they get prompted for credentials repeatedly and after entering them repeatedly then I receive a message from the below link
"https://idmportal.company.com/_layouts/MSILM2/ErrorPage.aspx
Unable to process your request"
Once I add the user into the "Users" group on the FIM Service server then the user logs in with no issues.
Has anyone else come across this issue?
Thanks,
B
↧
some users are not synced with dirsync
hi all,
i have installed the dirsync tool to sync my on-premises AD with office 365, i have some users located in one OU some of them are synced and the others not, the strange thing when i move the users to another OU they sync.
Thanks
↧
Azure AD connector, FIM, ADFS and multiple forests.
Hi - Hope you can help. I have a pretty unique problem in our business and I'd like to check whether we can solve it with the AD connector for FIM. We have multiple AD forests in our business with trusts between them (about 10 forests!). We also have
FIM implemented with all objects in the 10 forests synchronised to a centralised directory - with linked user objects. We are looking at moving to Office 365 but we realise that the DirSync won't work with our 10 forests. So we would presumably
need the AD connector for FIM combined with ADFS. Assuming that the AD connector can synchronise all the correct attributes to AD in Office 365, how does the authentication work? If a user logs in from their own forest, using their password in their local
forest, what kind of ADFS architecture would one need? i.e. does the ADFS server look back to the source forest for that user? Can one ADFS server look back to every source forest if there are 10 of them? Does ADFS know that the user in the source forest is
the same as the user in the unified directory that FIM updates? Hope this scenario makes sense. I guess my real question is whether I can have a hybrid solution with Office 365 and 10 forests where all the AD admin and password management is done in each source
forest. thanks in advance for any advice!
↧
Copy Distribution Group's members to another Distribution Group in FIM 2010.
Distribution Group 1 : Test_Main
Members: M1,M2
Distribution Group 1 : Test_Sub
Members: S1,S2
i want members of Test_Main(M1,M2) to be the members of Test_Sub.
whenever client adds a member to Test_Main automatically becomes the member of Test_Sub.
How to do it?
I knw I can add Test_Main(group) as a member of Test_Sub.
but does it mean its(Test_Main) members automatically becomes the members of Test_Sub..??
↧
↧
RCDC dynamic operation
I am having Boolean attribute(say "isPermanent") on each user object. I want to create a field in user RCDC which will allow only that user object's accountname which have "isPermanent" set to true. Is it possible?
↧
account for FIM Service MA
Experts,
I am going through FIM installation "http://technet.microsoft.com/en-us/library/hh332707(v=ws.10).aspx".
It is mentioned to create 'domain service account' for FIM Synch service, FIM Password reset portal, SharePoint service etc but for 'FIM Service Management Agent', just 'domain account'.
Is there any difference between 'domain service account' and 'domain account' or am i reading too much in between the lines?
Thanks,
Mann
↧
Get FIM 2010 Training Feb 8-11 from author of FIM Best Practices Vol1
Feb 8-11 I will be teaching 50382A Implementing Forefront Identity Manager 2010 and of course adding in lots of valuable information from various FIM implementations that I have performed and supervised. Additionally, material from my book will be referenced.
For more info and to sign up click here
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
↧