FIM Metaverse & FIM Service
Dear all,
I am trying to sync user from AD01 to AD02 using FIM. I already installed FIM Sync & FIM service
As far as I understand, I need to have 02 MA to connect to AD01 and AD02 and the flow seems to be like this
AD01=====(MA01)=> CS01==> Metaverse ==>CS02=(MA02)=====>AD02
Now I still have no idea to configure them and appreciate someone can hell me some questions
- There is only one Metaverse on FIM Sync?
- How to push user object from CS01 to Metaverse? Is it projection rules?
- How to push Metaverse to CS02 and export them to AD02. Any pre-conditions to be able to create object on AD02
- Anyone have LAB guide for this scenario please send me the link.
Thanks a lot !
Hello,
you need only 2 AD MAs if there are different forests, each AD MA can handle mutiple Domains within a forest.
Yes there is only one Metaverse, its the combined store off all identity data.
For configuring MA and approp. syncrules see these articles:
https://technet.microsoft.com/en-us/library/ff686263%28v=ws.10%29.aspx
http://social.technet.microsoft.com/wiki/contents/articles/648.how-do-i-synchronize-users-from-active-directory-domain-services-to-fim.aspx
-Peter
Peter Stapf - ExpertCircle GmbH - My blog:
JustIDM.wordpress.com
Similar Messages
-
How do I manually uninstall FIM Portal and Service 2010
I installed Forefront Identity Manager 2010 as follows:
Server 1: FIM Sync Service
Servers 2, 3: SharePoint Farm, FIM Portal and Service
I've had issues from the installation. When installing FIM Portal and Service on Server 2 it failed to recognize fim sync service on server 1. We had FIM service unavailable errors in most usage scenarios (even though asmx returned service description).
I was able to use RunAs different user to start browser as the service account used to install and run the FIM service, browse to the identity management site using
http://localhost and saw the fim portal. I was never able to see the portal using DNS address or server name from the server 2 or any other computer on the network, or using any other account (although I checked the option to
enable portal access for authenticated users).
I tried to uninstall - this went through all the steps but failed during apply and did a rollback. However, subsequent attempts to change, repair or uninstall all fail with message that the site was not found, please create it...
I would like to manually remove FIM Service and Portal and begin again. How do I manually remove FIM Service and Portal when uninstall fails?
Thanks,
David SaylorAre you getting this error message while uninstalling FIM?
FIM Portal and Service is trying to find a site which is not there anymore. Just add the url which FIM was looking into the Central Administration >> Alternate Access Mappings
Save and exit out from Central Administration and try to uninstall now and it should work. It worked for me.
http://aryannava.com/2014/03/26/how-do-i-manually-uninstall-fim-portal-and-service-2010/
Aryan Nava | Twitter: @cloudtxt | Blog:
http://virtualizesharepoint.com
Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
Disclaimer: This posting is provided "AS IS" with no warranties.
Aryan, you should convert your blog post into a Wiki article:
http://social.technet.microsoft.com/wiki/contents/articles/23330.technet-guru-contributions-for-march.aspx
Thanks!
Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
Small Basic,
Wiki Ninjas,
Wiki)
Answer an interesting question?
Create a wiki article about it! -
FIM Portal Self Service User Provision Frequency
Hi All,
I have a question about fim portal self service.If a user updates their AD attributes (i.e telephone number) in the portal, how long before it appears in AD? Presumably it's dependent on a management agent run profile? If so can this be automatically triggered?
On the other hand, I assume automatic triggerring in a production environment is a bad idea due to load and frequency?
thanksHello,
my shedule is currently not the optimal, best way should be:
1: AD MA Import
2: FIM MA Import
3: AD delta sync
4: FIM delta sync
5: AD export & delta import (confirm)
6: FIM export & delta import (confirm)
I will also bring my shedules to this order in near future. Currently I am in the process to run imports and export in paralell to speed up things using PowerShell Jobs or Workflows.
Regards
Peter
Peter Stapf - Doeres AG - My blog:
JustIDM.wordpress.com -
FIM Portal - FIM service could not be contacted. Please contact your administrator.
Hello,
I have an issue with FIM where I can access the fim portal in it's entirety on the fim server itself using my domain admin credentials, but if I try to connect in from another server I can get the FIM homepage, but clicking through various menus I receive
a "service could not be contacted error".
I've setup fim as shown below:
http://technet.microsoft.com/en-us/library/ff512685(v=ws.10).aspx
vm-fim08-01 --- fim service + portal (uses SharePoint foundation 2010)
DNS Alias "fimportal" for vm-fim08-01
SharePoint - 80 application account: service.spportal
FIM service account - service.fim
vm-fim-sync -- fim sync service + sql 2008 R2
vm-fim-sql08 -- contains SQL 2008 R2 DB for fim service
SPNs configured as shown below (setspn -l):
service.fim
FIMService/fimportal
FIMService/fimportal.domaina.local
mssqlsvc/vm-fim-sql-01:1433
service.spportal
HTTP/fimportal.domaina.local
HTTP/fimportal
Delegation setup as shown in the pics on the two service accounts only.
http://fimportal/IdentityManagement/default.aspxfrom the
fim portal server (vm-fim08-01) works OK without a login prompt for full portal access (I don't received the service could not be contacted message). Using the fqdn fimportal.domaina.local from the same server this time asks for a login prompt,
I enter my current Windows credentials, get the home page, but I soon receive "The FIM service could not be contacted".
Using a different server with the fqdn I'm prompted for a login (using the alias logs me in immediately). Either way, whenever I use a different server other than the fim portal server I soon receive "The FIM service could not be contacted".
On the fim portal server's application event logs I see
The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly. The cause may be
due to a missing or invalid server url, a downed server, or an invalid server firewall configuration. Ensure the portal configuration is present and points to the resource management service."
I'm pretty sure this is down to an authentication failure, but changing delegation settings have not helped (I've tried setting my service accounts and computer accounts to delegate for any service, but it didn't help). I've checked my SPNs which
look right to me. Any advice is much appreciated.
Thanks in advanceYou did setup an alias for the DNS name. Kerberos delegation needs A records. If you use an Alias you get the type of errors you describe.
Locally this works as the kerberos ticket is available on the local server. If you access the portal from another computer the FIM service has to request a ticket with delegation, that service needs a records as it uses the hostname in the request. -
Hi All
im following this guide to install FIM portal and Service with load balancing
http://www.harbar.net/articles/fimportal.aspx
All went well, after modifying some of the scripts, but now the question is when i install the FIMservice on the second node do i create a new DB or i reuse the existing one ?
Also when installing the password reg and res portals, inorder to make them externally accessible all i need to do is just specify the external names only ?
Thanks in advance
Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answerThanks for your answer, but i am now struggling to get the portal up in the first place
below is what i am doing
Configured LB for the 2 fim portal/service machines
Deployed SPF 2013 and configure all the special settings and joined the second machine
Install fim service and portal on the 1st node
install fim service on the second node
All of the above goes successful until i try to login i get service unavailable in a forefront page
any ideas if i am doing something wrong ?
Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer -
NLB for Two FIM Service and portal servers in single domain
Hi,
I am currently working in a FIM Project in which i need to install two FIM service and Portal Servers in single Domain.
Customer wants to open the FIM Portal with common URL of both the Servers.
I have only knowledge that we need to do NLB between IIS of both the servers. anyone can provide help that how can we achieve this.
Any help would be really appriciated.
Thanks,Actually - just configure NLB and make sure that your Sharpoint site collection handles access mapping for this common name. Best would be to create it with this name as a site name from the start.
Same for service - configure all nodes to use same service name and configure NLB.
Here is some blog post which should help on details:
http://blogs.msdn.com/b/agileer/archive/2011/06/28/setting-up-an-nlb-cluster-for-a-fim-portal-web-service.aspx
Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl -
FIM Service could not be installed
Experts,
I am installing FIM 2010 R2 SP1.
installation order
step1 on server1 - FIM Synchronization server
step2 on server2 - FIM Service
step3 on server3 - FIM Portal
FIM Synchronization service installed successfully.
while installing FIM Service. All things goes smoothly but FIM Service is not visible in services.msc.
What could be reason?
Should I install Portal first?
Thanks,
MannYou can install FIM Service and FIM Portal at the same time as seen on this guide
Step 8: Install FIM Synchronization Service, FIM Portal, SSPR, and FIM Reporting
What happens if you open your browser in your FIM server and go to
http://YourFIMServer/identitymanagement or
https://YourFIMServer/identitymanagement if you have enabled SSL?
He is not installing FIM Portal at the same box - so /identitymanagement would not work here...
Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
Deleting orphaned FIM MA CS objects
Has anyone ever found that they needed to do this, but couldn't afford to delete the entire FIM MA CS to achieve this outcome?
In my case I have a sync design which imports entitlement objects from two separate HR sources into FIM, but had the object deletion and FIM MA deprovisioning rules set incorrectly resulting in orphaned objects in the FIM MA when the source (projecting) MA
object was deleted. I have since corrected the rules, but had a few hundred bogus entitlement objects to delete out of FIM ... and wasn't prepared to work through the FIM Metaverse and manually disconnect each one ... and with no guarantee that I had
solved my design problem yet, there was a chance they would come back again anyhow.
So I needed to come up with a clever way of deleting these, and resorted to an old fashioned provisioning MVExtension to achieve this. Here is the code snippet for my Provision method:
void IMVSynchronization.Provision (MVEntry mventry)
// disconnect any orphaned entitlements (this should be unnecessary
if we can work out what is generating them)
if (mventry.ObjectType.Equals(Properties.Settings.Default.EntitlementMVObjectName)
&& mventry.ConnectedMAs.Count.Equals(1))
ConnectedMA fimMA = mventry.ConnectedMAs[Properties.Settings.Default.FIMMAName];
if (fimMA.Connectors.Count.Equals(1))
mventry.ConnectedMAs.DeprovisionAll();
What I want to know is how others have approached this problem themselves. I don't know if I really want to leave my MVExtension wired up forever, and am thinking there's probably a better way. I can already hear Carol asking "why wouldn't you just
use a PowerShell script?", and I can see how I might be able to copy the table results of an MV query from the Identity Manager into the clipboard, and paste it into a CSV, then process the CSV ... but there may not always be an easy way of identifying these
objects with such a query (although there probably is!).
Any other ideas people?
Thanks.
Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engineI accidently provisioned a few hundred objects into the FIM connector space, however they were never actually provisioned to the FIM portal due to attribute violation. Long story short, these objects had nothing to match on aside from their guid. So
what I did was:
Use PowerShell to find the CS DN of each orphaned object (link)
Correlate these DNs to MV IDs
Export the MV IDs to a csv file
Create a tab-delimited MA, with a simple join rule - to join on this MV ID
Configure deletion rule to delete MV object when <new MA> object was deleted
Run a full import and sync (this joins to all the orphaned objects)
Delete the <new MA> CS and then the MA itself. This removes the orphaned objects per the deletion rule in #5.
sample code:
#Import the FimSyncPowerShellModule Module
ipmo FimSyncPowerShellModule
$maNAME = 'Contoso FIMMA'
#Get the last export run
$LastExportRun = (Get-MIIS_RunHistory -MaName $maNAME -RunProfile 'Export')[0]
#Get error objects from last export run (adjust your filter as needed...)
$errorObjects = $LastExportRun | Get-RunHistoryDetailErrors | ? {($_.dn -ne $null) -and ($_.ErrorType -eq 'failed-creation-via-web-services')}
#Build the custom Output Object
$outputFile = @()
$errorObjects | % {
$TmpCSObject = Get-MIIS_CSObject -ManagementAgent $maNAME -DN $_.DN
[xml]$UserXML = $TmpCSObject.UnappliedExportHologram
$MyObject = New-Object PSObject -Property @{
MVObjectID = (Select-Xml -Xml $UserXML -XPath "/entry/attr" | select -expand node | ? {$_.name -eq 'MVObjectID'}).value
$outputFile += $MyObject
#Output to file
$outputFile | Export-Csv -NoTypeInformation $env:USERPROFILE\desktop\Deletions.csv
See Wiki for latest updates:
http://social.technet.microsoft.com/wiki/contents/articles/25249.deleting-orphaned-fim-ma-cs-objects.aspx
Mike Crowley | MVP
My Blog --
Planet Technologies -
Getting app-store-import-exception with FIM-MA Full Imports SQL Timeouts
Hi,
Any idea whats going on here? Full Import on FIM-MA leads to app-store-import-exception.
Here is a quick profile of the situation:
FIM Sync, FIM Service & FIM Portal all are instaled on the same machine with 24GB RAM hosted as a Virtual Machine.
FIM-MA Full Import leads to app-store-import-exception
Event log reports "Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding"
Here is a screen shot: http://www.freeimagehosting.net/image.php?e5570db7f6.jpg
As you can see, FIM-MA imported close to 118500 objects before timing out.
Here are the things I have tried:
Extended FIM timeout on the services as per
Darryl's Blog
Provided FIM MA's password as per
Ahmed's suggestion
Restricted SQL Service Max RAM to 15 GB (Machine has 24GB) as per
David Lundell's suggestion
Thanks for your help in advance.
Thanks,
Here is the Application Event Log
Log Name: Application
Source: FIMSynchronizationService
Date: 1/6/2011 11:29:00 AM
Event ID: 6500
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: fimsrv.fimdev.pvt
Description:
The description for Event ID 6500 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
There is an error executing ILM MA full import.
Type: System.Data.SqlClient.SqlException
Message: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
Stack Trace: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Microsoft.ResourceManagement.Data.Sync.FullImportGetNext(Int64 beginObjectKey, Int64 maxObjectKey, Int32 batchSize)
at MIIS.ManagementAgent.RavenMA.FullImportGetNextBatch(Int64 maxObjectKey, Int32 batchSize)
the message resource is present but the message is not found in the string/message table
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="FIMSynchronizationService" />
<EventID Qualifiers="0">6500</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-01-06T17:29:00.000000000Z" />
<EventRecordID>1582399</EventRecordID>
<Channel>Application</Channel>
<Computer>fimsrv.fimdev.pvt</Computer>
<Security />
</System>
<EventData>
<Data>There is an error executing ILM MA full import.
Type: System.Data.SqlClient.SqlException
Message: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
Stack Trace: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Microsoft.ResourceManagement.Data.Sync.FullImportGetNext(Int64 beginObjectKey, Int64 maxObjectKey, Int32 batchSize)
at MIIS.ManagementAgent.RavenMA.FullImportGetNextBatch(Int64 maxObjectKey, Int32 batchSize)</Data>
</EventData>
</Event>
Thanks,
Jameel Syed |
Identity & Security Strategist | [email protected] |
Simplified Identity and Access ManagementThat is unusual. I suggest checking for database integrity and peforming index maintenance, on both the FIMService and FIMSync databases.
You could also increase the following timeout (see link below for more settings)
The values in Table 17 are located in the registry key: SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service.
Table 17
Registry value name
Value type
Class
Created by
Notes
ReadTimeOut
<dword>
HKLM
Admin
The default value is 58, specified in seconds.
Note
Only used by the management agent for FIM (FIM MA) for reading from the FIM Service data base.
http://technet.microsoft.com/en-us/library/ff800821(WS.10).aspx
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html -
FIM reporting -- Run FIMPostInstallScirptsForDatawarehouse.ps1 script
We have 3 servers and
1. Server 1 -- FIM Service
2. Server 2 -- Service Manager server + Sql Server 2008 r2 with (ServiceManager DB on instance 1 +DWStagingAndConfig, DWRepository, and DWDataMart DB on instance 2)
3. Server 3 -- Data warehouse server
We have installed FIM reporting and MPSyncJob is successfully over. Next step is to run FIMPostInstallScirptsForDatawarehouse.ps1 on Data warehouse server but The FIM Reporting post installation scripts required to execute
.\FIMPostInstallScriptsForDataWarehouse.ps1
scripts in the Data Warehouse server. However, this script requires access to the "SQLCmd" tools and the "SMCmdletSnapIn" snapins. These two components are both present
when the SQL server resides in the Data Warehouse server. In this scenario that condition is not true. In this procedure, we will run the FIM post installation powershell script in the SQL server. We will create a PSSessionConfiguration in the Data Warehouse
server that will get called from the remote SQL server to execute the "SMCmdletSnapIn".
To run the script i was following the steps on this link social.technet.microsoft.com/wiki/contents/articles/17916.troubleshooting-fim-install-fim-data-warehouse-support-scripts-on-a-remote-sql-server.aspx
But in creating PSSession i am getting Access Denied error .
So is it possible, if i will install SQL server management studio on Data Warehouse server as i will get SQLCmdlets of powershell in Data Warehouse server so i can run the script directly on Data warehouse server without creating PSSession
Will it work ??You can download just the needed pieces from
http://www.microsoft.com/en-us/download/details.aspx?id=16978.
Thanks, Brian
I think Brian wanted to paste the link without dot at the end ;)
http://www.microsoft.com/en-us/download/details.aspx?id=16978
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
Business objects FIM (Financial Information Management)
Hello.
I would like to know if a forum to talk about FIM?
I have some doubt in certain configurations and I dont know where I question them.
by the way, the my problem is:
I installed the data services 3.1 and boe xi 3.0, then i installed fim, the problem is when I execute
http://servername:8080/fim/client/fim.jsp
HTTP Status 404 - /fim/client/fim.jsp
type Status report
message /fim/client/fim.jsp
description The requested resource (/fim/client/fim.jsp) is not available.
Apache Tomcat/5.5.20
this is a message appear. And I dont know how to solve this.
The BOE Xi30 Console works pretty good and is working above tomcat/apache.
I really need your guys help
Thanks,
My Best Regards
AmitHello Amit,
I recommend to post this query to the [Enterprise Information Management|Data Services and Data Quality; forum.
This forum is dedicated to topics related to Data Integration (Data Integrator, Data Federator, Text Analysis for Data Integrator, Rapid Marts, and Integration for PeopleSoft Enterprise), Data Quality (Data Quality and Data Insight), and Metadata Management.
It is monitored by qualified technicians and you will get a faster response there.
Also, all Enterprise Information Management queries remain in one place and thus can be easily searched in one place.
Thanks a lot,
Falk -
I am implementing FIM R2 SP1 on win 2012 servers and migrating FIM 2010 RTM configurations to the new environment. Some of the custom Sets, MPRs etc did not import correctly into the new portal and when I try to manually add a set or
alter an MPR I recieve the following error
Error processing your request: The operation was rejected because of access control policies.
Reason: The operation failed as a result of insufficient access rights.
Attributes: ActionParameter,ActionType
Correlation Id: 11a13390-6a1f-4776-a796-fd0f05101120
Request Id:
Details: No policy grants the Requestor permission to complete all changes.
I have tried enabling "all attributes" in "Administration: Administrators control set resources" and "Administration: Administrators control management policy rule resources" and recieved the same errors. I am logged in
as the user who installed the portal and it is a member of the administartors set.
What am I missing? Any ideas welcome please.Hi Peter,
I found the import had not completely imported the configuration while trying to import the configuration (as I said above) and while trying to troubleshoot this issue I discovered this error.
I have tried importing the old database and this does not help.
I should mention that the configuration is coming from the production environment into a stand-alone development environment for testing.
I have, today, in an attempt to resolve this error, uninstalled the portal and service (which are installed on the same server) and reinstalled it creating a new database. This is to attempt to resolve any "overwritten" default sets or MPRs
as you have suggested.
I thought I would try out the FIM 2010 R2 Service and Portal configuration Backup Tool described here
http://technet.microsoft.com/en-us/library/jj134311(v=ws.10).aspx but note there is no instructions for their use in restoring the environment. I assume you just copy the
files to the appropriate place, run the reg keys and sql scripts that it creates and that does it all for you? I was hoping that this might be a successful alternative to the old Import-FIMconfig way of doing things. -
FIM 2010 - Set Population not kicking off workflow
Hi,
I am having a problem with Set Transition kicking of a MPR, in FIM 2010 R2 which I have never seen before after numerous implementations of both FIM and FIM R2.
Scenario:
My MPR kicks off a workflow which adds 6 sync rules, to users based on the "set transition in" set with criteria IsADConnected=true.
The user is transitioned into this set but the MPR never fires. Everything is enabled and I have checked everything obvious. When I view the set in the "Sets" screen in FIM I can see that the user has transitioned in, and is a computed member based
on my criteria "IsADConnected=true"
The "FIM_MaintainSetsJob" job runs at 1am which auto corrects set membership and this does cause the MPR to kick off and consequently the sync rules to be applied. So it does work, just not when it should.
What I have tried to fix this:
Created a new workflow, set and MPR which does exactly the same job as the "broken" Set/MPR/workflow - Same thing happens (ie. it doesn't work)
I read on one post that someone re-indexed the FIM service database and this fixed it for them - I tried this also but no joy. (some indexes were at 98/99% but they have been reduced after reindexing)
Has anyone ran into this issue before and does anyone have any idea what can cause it? It's doing my head in at this stage!
Thanks
PaulI ran into the same problem using the pattern for expected state detection:
/Person[DetectedRulesList = Set[ObjectID='<GUID of the Set with the DREs>']/ComputedMember]
Pasted from <http://technet.microsoft.com/en-us/library/ff608269(v=ws.10).aspx>
My users weren't transitioning into the set when they got a DRE. Went on a wild goose chase until I saw this post. Enabling the
FIM_MaintainSetsJob fixed
the problem. Pretty frustrating... -
Password History in FIM Password Reset
Hello
We have a problem no one seem to be able to fix.
We have a register/reset portal up n running and everything works great. Users can register and then change passwords.
The problem is the password History, they can change back to old passwords. I have tryed all thinkable solutions but we cant seem to handle the history. We have policys on group level that applies this rules.
Anyone with a solution or that have similar problem?Hi Tobias,
Make sure you have the following configuration:
FIM 2010 Self Service Password Reset now supports Enforcement of all domain password policies
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
FIM & SQL IOPS examples?
Hi,
Would anyone have any example FIM SQL & FIM Reporting IOPS, to give us some indications?
Thanks,
SKPlease run FIM Service installer in "Repair" mode - it should fix missing jobs.
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.
Maybe you are looking for
-
Derrubar Estratégia de Liberação de Pedido - Troca de Item
Caros, Boa tarde. Estou com o seguinte caso em um cliente. Tenho configurada a Estratégia de Liberação para Pedidos de Compra de qualquer valor. Imaginem um PC com um Item A no valor de R$ 1.000,00 e já aprovado. Se o comprador eliminar a linha do It
-
TS3367 can't turn off mute on face time; caller can't hear me
can't turn off mute on face time; caller can't hear me.....
-
IPhoto library not showing in Photos
Just upgraded to 10.10.3, opened Photos app, selected my primary iPhoto library from the options and - nothing. No photos at all appear in Photos. Tried changing the default Library to my backup disk's by restarting Photos with Option key held down.
-
Robohelp 10 unable to create next/previous buttons in new TOC folder
Suddenly I'm unable to create next/previous buttons in new TOC folder. I create folder, add pages, go to Browse sequence editor, create new Browse Sequence, generate Multiscreen HTML & when it's through no browse sequence in shown ie no next/previous
-
LSO - Attendance Cancellation Reason - make required?
Hi all - I can't seem to find a way to make entry of a Cancellation Reason required by a Training Admin (in ECC) when he or she Cancels an individual Booking. We've defined our Customer-Specific list of reasons, but right now a user can just leave t