Custom FIM PORTAL to provide Special privilege to a Specefic User( eg. Sub-Administrator) or a Set of Users

Similar Messages

• CUSTOM FIM PORTAL for a user(test123)

  I have one user (test123)
  i want him to see (User & My Profile) from Navigation bar + (All users) from Search Scope.
  I created 2 sets for  Usage keyword  and @ MPRs for both.
  I can see these options in Navigation Bar and of Search scope as well.
  But in All users its showing only curtrent User...
  why its happening.

  I found the answer.
  Enable the Below mentioned MPR-
  User Management: Users can read selected attributes of other users

• Custom resource/attribute not visible in FIM portal for non-admins

  hi all
  I have a problem I am not able to solve and hope somebody can help. We have created an custom Resource in the FIM portal called Customer. It is an User Resource Type and  attribute type customer, data type=reference.
  We have made this attribute visible in the Users Properties by editing the RCDC for Configuration for User Creation, Configuration for User Editing and Configuration for User Viewing. It is now visible for alle users in the FIM Portal.
  But when an non-admin searches for an attribute in that Field, nothing shows up.... only member of the administrator set, are able to display the results.
  I have added the Resource to Filter permission - Administrator Filter permission + non-administrator filter permission.
  I have added the Resource to MPR - General: Users can read non-administrative configuration resources?
  Can anyone help?
  Best regards Andre
  Andre

  Hi,
  To be clear,
  You have create one new resource type 'Customer' and one attribute 'Customer' (Reference, binded to Person object)
  Update RCDC for Person (create/edit/view) to add a picker attribute with those parameters
  UsageKeywords: This is an optional string property. You can define a list of search scopes to be used in the Resource Picker by providing a list of the usage keywords that are supported by the SearchScopeConfiguration structure, where each keyword is separated by a (‘).
  ResultObjectType: This is an optional string property. The resource type is used to render resources in the pop-up dialog-box list. This is used with the Filter to help the Identity Picker identify what resource type is returned by the Filter, and render the data accordingly. This property is mutually exclusive with the UsageKeywords property (see above). When the search scope is applied, this has no effect. The string that is accepted for this property is any single, valid, resource-type name, for example, Person. When the filter is expected to return multiple resource types, Resource is used.
  Modify MPR "User management: Users can read attributes of their own" and "User management: Users can read selected attributes of other users" to add this new attribute
  Create a new MPR to give the right of all users to view new resource 'Customer' on all attributes
  Is that right?
  Regards,
  Sylvain

• How do I manually uninstall FIM Portal and Service 2010

  I installed Forefront Identity Manager 2010 as follows:
  Server 1: FIM Sync Service
  Servers 2, 3: SharePoint Farm, FIM Portal and Service
  I've had issues from the installation. When installing FIM Portal and Service on Server 2 it failed to recognize fim sync service on server 1. We had FIM service unavailable errors in most usage scenarios (even though asmx returned service description).
  I was able to use RunAs different user to start browser as the service account used to install and run the FIM service, browse to the identity management site using
  http://localhost and saw the fim portal. I was never able to see the portal using DNS address or server name from the server 2 or any other computer on the network, or using any other account (although I checked the option to
  enable portal access for authenticated users).
  I tried to uninstall - this went through all the steps but failed during apply and did a rollback. However, subsequent attempts to change, repair or uninstall all fail with message that the site was not found, please create it...
  I would like to manually remove FIM Service and Portal and begin again. How do I manually remove FIM Service and Portal when uninstall fails?
  Thanks,
  David Saylor

  Are you getting this error message while uninstalling FIM?
  FIM Portal and Service is trying to find a site which is not there anymore.  Just add  the url which FIM was looking into the Central Administration >> Alternate Access Mappings 
  Save and exit out from Central Administration and try to uninstall now and it should work.  It worked for me.
  http://aryannava.com/2014/03/26/how-do-i-manually-uninstall-fim-portal-and-service-2010/
  Aryan Nava | Twitter: @cloudtxt | Blog:
  http://virtualizesharepoint.com
  Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
  Disclaimer: This posting is provided "AS IS" with no warranties.
  Aryan, you should convert your blog post into a Wiki article:
  http://social.technet.microsoft.com/wiki/contents/articles/23330.technet-guru-contributions-for-march.aspx
  Thanks!
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• Error when loading FIM portal in new installation: The requestor's identity was not found.

  I have just installed the FIM portal into my test environment.  The synchronisation service was already working perfectly (can provision users from a .csv file).
  The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
  Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:
  Unable to process your request.
  Please contact your help desk or system administrator.
  Error processing your request: The server was unwilling to perform the requested operation.
  Reason: The requester of this operation is invalid.
  Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8
  Details: The requestor's identity was not found.
  >Go to Forefront Identity Manager home page
  (The web page header does show the FIM logo, so the portal itself is there).
  In the ForeFront logs on SPF1, I get the following:
  Log Name:      Forefront Identity Manager
  Source:        Microsoft.ResourceManagement
  Date:          1/13/2015 5:48:08 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      SPF1.testdomain.internal
  Description:
  GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft.ResourceManagement" />
      <EventID Qualifiers="0">3</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
      <EventRecordID>523</EventRecordID>
      <Channel>Forefront Identity Manager</Channel>
      <Computer>SPF1.testdomain.internal</Computer>
      <Security />
    </System>
    <EventData>
      <Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
    </EventData>
  </Event>
  Log Name:      Forefront Identity Manager
  Source:        Microsoft.ResourceManagement
  Date:          1/13/2015 5:48:08 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      SPF1.testdomain.internal
  Description:
  Requestor: Internal Service
  Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
  Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft.ResourceManagement" />
      <EventID Qualifiers="0">3</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
      <EventRecordID>522</EventRecordID>
      <Channel>Forefront Identity Manager</Channel>
      <Computer>SPF1.testdomain.internal</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Requestor: Internal Service
  Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
  Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
    </EventData>
  </Event>
  Further, I note that it has trouble connecting to the web exchange connector.  I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for?  I'm connecting to "mail.testdomain.internal",
  although that's actually a NLB group between two CAS/HUB servers.
  Log Name:      Application
  Source:        Microsoft.ResourceManagement.ServiceHealthSource
  Date:          1/13/2015 7:43:49 PM
  Event ID:      12
  Task Category: None
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:     SPF1.testdomain.internal
  Description:
  The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
  The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.
  Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the
  Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
      <EventID Qualifiers="0">12</EventID>
      <Level>3</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
      <EventRecordID>7581</EventRecordID>
      <Channel>Application</Channel>
      <Computer>SPF1.testdomain.internal</Computer>
      <Security />
    </System>
    <EventData>
      <Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
  The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.
  Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the
  Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
    </EventData>
  </Event>
  I'm not really sure where to start investigating at this point.  The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could
  be mistaken).

  I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.

• I can not re install Adobe Acrobat 7.0 professional on my computer.  It is saying a qualifying product is not detected. I cant even get through using the customer service line they provide 800-272-3623.  This is the worst interactionI have ever had with a

  i can not re install Adobe Acrobat 7.0 professional on my computer.  It is saying a qualifying product is not detected. I cant even get through using the customer service line they provide 800-272-3623.  This is the worst interactionI have ever had with a company.

  Hi joej49728017,
  I am so sorry for the inconvenience caused. However this is just because Adobe Acrobat 7.0 is an outdated version & the now the activation server for it does not exist.
  Please refer to the following KB doc.  Error: "Activation Server Unavailable" | CS2, Acrobat 7, Audition 3
  The above link will help you to  install a special version that does not require activation.
  In case you further need any help, please let us know. We will be more than happy to help you.
  Regards,
  Aadesh

• FIM 2010 Reporting installation reinstalls FIM portal

  Hi,
  We have FIM 2010 R2 running in production environment. We have added some of our custom developed sharepoint forms inside FIM's sharepoint site to enhance the User Interface.
  We now want to deploy FIM reporting feature. But, the installer of FIM re-installs the FIM portal along with installing reporting feature. After reporting feature installation wizard completes, we see that all our customized sharepoint pages are lost and
  default FIM web portal appears again.
  Is there any method of installing reporting feature withou reinstalling FIM portal?
  Mayank Vaish

  I would start with the IIS Bindings -- to which IPs and names is the Password Registration Portal bound?
  Try to access the site directly. It could simply be that the link is incorrect. The link is stored on the FIM Portal server in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Portal  and look at the value of
  RegistrationPortalUrl
  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

• FIM Portal in High Availability Installation

  Hi Team,
  I am working on something and trying to perform HA in FIM. Below is my current system:
  1) server A and B for SQL DB.
  2) Server C and D for FIM Portal.
  3) Server E for FIM Service.
  4) Server F For FIMSync Service.
  Steps I have performed:
  Installed SQL on server A & B for Every Required DB and done Clustering.
  1) Installed FIMSync service on server F.
  2) Installed FIM Service on Server E.
  3) Installed SharePoint 2010 Foundation server Farm Installation on Server C.
  4) Installed FIM Portal on Server C.
  5) Installed SharePoint 2010 Foundation with same Farm on Server D and FIM Portal as well.
  But when I try to access FIM Portal with Server D's Host name then it is showing error "Service Unavailable".
  Please help !!!!!
  Thanks~ Giriraj Singh Bhamu

  Make sure you have correct SPNs registered and that you have provided correct address of FIMService for FIMPortal. Remember also about delegation needed to be configured.
  SPNs to be registered:
  FIMService/<ServerE> Domain\FIMserviceAccount
  HTTP/<ServerC> Domain\FIMWebAppAccount
  Delegation: FimServiceAccount to FIMserviceAccount and FIMWebAppPoolAccount to FIMServiceAccount.
  "Service Unavailable" is telling you nothing. Examine Eventvwr.
  By the way - this installation hardly seems to be HA - what if your Server E would fail? There is no other server that has FIMService installed. The same for ServerF
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Portal db provider(best practice)

  Best practice question here. If I wanted to create a few db portlets(suggestions/questions) is there already an existing portal db provider/schema that I should add them to? Or is it best to simply create a schema and db provider?

  That is an interesting question, we created our own schemas for each of the portal sites we have, so basically custom made providers for all portlets used in those portals.

• Linking of Public URLS to FIM PORTAL & Registration Portal & Reset Portal

  As we all Know we have 3 Portal
  We have
  1) FIM Portal on port-80 :
      Internal URL- http://<appserver name>/IdentityManagement/default.aspx
  2) FIM Password Registration Portal- Port 8080
      Internal URL- http://<appserver name>:8080/default.aspx 
  3) FIM Password Reset Portal- Port 8081
       Internal URL- http://<appserver name>:8081/default.aspx 
  I want these URLs to connect to Public Urls
  1) fimportal.com
  2) fimregportal.com
  3) fimresportal.com
  I have tried for FIM PORTAL- Alternate MAPPING USING DNS -- but it's goin to TEAM SITE and then we provide Credentials >> then All SITE CONTENT >> then Microsoft Forefront Identity
  Then we have the portal.
  We want whenever user browse "fimportal.com" >> goes to http://<appserver name>:8080/default.aspx  url >> ask for credentials >> Fim Portal.
  Please suggest.

  FIM Password Registration Portal :
  Open the 8080 Port.
  Add a “A” Record for http://<appserver name>:8080/default.aspx in
  DNS and pointing it to Public IP.
  FIM Password Reset Portal :
  Open the 8081 Port.
  Add a “A” Record for  http://<appserver name>:8081/default.aspx  in
  DNS and pointing it to Public IP.
  FIM Portal:
  We can Redirect to the FIM Portal.

• FIM Portal giving Syntax Error "WebResource.axd"

  Hi Team,
  It is fresh installation of FIM 2010 R2. FIM Sync, FIM Service and Portal are installed on the same box.
  When opening FIM Portal, it does not load properly. Some boxes are misplaced and on checking the status bar I can see a list of errors.
  First error in the list is "Syntax error" "WebResource.axd" Code: 0 URL: http://FIMPOrtal/webresource.axd?.......
  It is followed by several "The value of the property 'WebForm_GetElementByTagName' is null or undefined, not a Function object" error for ScriptResource.axd file.
  I have sharepoing 2010 installed. There is no NLB installed. I get the same error when accessing portal using "localhost" or IP.
  I have tried to repair the FIM Service and Portal installation that did not help. I have also re-installed the service and portal.
  It gives the same error after lowering the security on IE, trying from other machine or adding the portal website to local sites. 
  Kindly help me fix this error. Any help would be greatly appreciated.

  Hello,
  can you provide a screenshot of that misplaced elements.
  I currently only know to reasons of misplaced elements in portal.
  1. NLB (which you dont use)
  2. Redirect in IIS
  but maybe a screen would provide more information to us.
  Regards
  Peter
  Peter Stapf - Doeres AG - My blog:
  JustIDM.wordpress.com

• FIM portal data validation

  Hi,
   I've implemented some basic data validation in the fim portal by editing the rdcd configuration for user editing control. I've added a regex expression for post code with a value of "^[0-9a-zA-Z\s]*$"
   Most of the examples I come across regarding portal validation all refer to copying the rcdc, creating a new control and then modifying that. My way seems to work, but I wanted to know if there's a good reason why I can't modify the xml associated
  with the original rcdcs?
  Thanks
  IT Support/Everything

  You can and this is the only way to accomplish this task.
  But if you don't succeed, the easiest way is to rollback to default look - and that's why everybody's suggestion is to copy exported XML - just to have backup in case you have to roll back your changes :)
  Also, if you want to create RCDC for custom object, it is easier to copy any other XML and change it according to your needs than creating it from scratch
  Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Error Installing FIMService_x64_KB2870703.msp when FIM Service and FIM Portal (SharePoint) are on two different servers!

  I'm trying to install KB2870703 however I have our servers setup this way:
  Server A: FIM Service & Sync Service
  Server B: SharePoint 2013, Password Reset Portal, Password Registration Portal
  When attempting to install FIMService_x64_KB2870703.msp It starts and dies almost instantly
  The errors from the log:
  Action 12:27:15: CheckSharepointAdminServiceRunning.
  Action start 12:27:15: CheckSharepointAdminServiceRunning.
  SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIEE5B.tmp-\
  SFXCA: Binding to CLR version v2.0.50727
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
  Exception thrown by custom action:
  System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
  or one of its dependencies. The system cannot find the file specified.
  File name: 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
  or one of its dependencies. The system cannot find the file specified.
  File name: 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
  WRN: Assembly binding logging is turned OFF.
  To enable assembly bind failure logging, set the registry value  (DWORD) to 1.
  Note: There is some performance penalty associated with assembly bind failure logging.
  To turn this feature off, remove the registry value .
     at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)
     --- End of inner exception stack trace ---
     at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
     at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
  CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 12:27:15: CheckSharepointAdminServiceRunning. Return value 3.
  Action ended 12:27:15: INSTALL. Return value 3.
  Property(S): Data = C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\

  On Wed, 26 Mar 2014 00:15:57 +0000, jmanley WI wrote:
  I installed it on server B I need to install on server A to update the Database Schema. My understanding is having the portal seperated from the portal is supported. Is that incorrect?
  You don't mention the FIM Portal at all in your first post.
  Paul Adare - FIM CM MVP
  "The day Microsoft makes something that doesn't suck is probably the day
  they
  start making vacuum cleaners" -- Ernst Jan Plugge

• Customer Support Portal to report problems is not working

  The Customer Support Portal at: https://www.adobe.com/cfusion/support/index.cfm?event=portal&loc=en_us
  Is not working.
  I called into installation help.  The person said he could not help me and I needed to report the problem through the Customer Support Portal.
  When I go there I sign in.
  I select Installation Help
  I select Your Products
  A drop down box appears
  It says Select Your Product.
  The problem is it doesn't show any products to select.
  Thanks,
  Docfxit
  PS:  How can I report an installation problem to the developers?

  Hi Docfxit
  What product are you trying to install? Acrobat? Reader? PhotoShop? LiveCycle........? Are you an enterprise customer?
  If you are an enterprise customer you should have been given an email address for support
  If not you can always post the questrion on the forums and we'll try to help from there.
  This forum is for the online service hosted at Acrobat.com
  The forum for the desktop application Adobe Acrobat (Standard / Pro / Pro Extended) is http://forums.adobe.com/community/acrobat
  Tai

• How to delete the orphaned Expected Rule Entries exist in the FIM portal

  Hi,
  How to delete the orphaned Expected Rule Entries exist in the FIM portal.
  A large number of orphaned Expected Rule Entries exist in the FIM portal (originally 140000k+ objects, currently 75000+ objects). They consume the a lot of FIM database space and slows down the identity lifecycle management synchronization processes.
  Regards
  Anil Kumar

  Hello,
  in my environments i use this approach:
  https://social.technet.microsoft.com/Forums/en-US/1af6cf77-4c55-4a3e-93cc-0baae80bc88f/expiration-workflow-cannot-delete-ere?forum=ilm2
  This sets up a compination of Sets, Workflow and MPR to let the "Expiration Workflow" delete EREs as soon as they get orphaned.
  This works fine since 3 years now, even if there are comming SQL-Jobs within a FIM update, but I implemented this before this was done.
  I would suggest to clear the current orphaned EREs with PowerShell to avoid request flooding when implementing the above solution. Then implement that housecleening above.
  Regards
  Peter
  Peter Stapf - ExpertCircle GmbH - My blog:
  JustIDM.wordpress.com