FIM portal data validation

Hi,
 I've implemented some basic data validation in the fim portal by editing the rdcd configuration for user editing control. I've added a regex expression for post code with a value of "^[0-9a-zA-Z\s]*$"
 Most of the examples I come across regarding portal validation all refer to copying the rcdc, creating a new control and then modifying that. My way seems to work, but I wanted to know if there's a good reason why I can't modify the xml associated
with the original rcdcs?
Thanks
IT Support/Everything

You can and this is the only way to accomplish this task.
But if you don't succeed, the easiest way is to rollback to default look - and that's why everybody's suggestion is to copy exported XML - just to have backup in case you have to roll back your changes :)
Also, if you want to create RCDC for custom object, it is easier to copy any other XML and change it according to your needs than creating it from scratch
Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

Similar Messages

  • When we synch data from AD to FIM Portal 2010 r2 the data is not updates in FIM Portal.

    Hi,
    When we synch data from AD to FIM Portal 2010 r2 the data is not updates in FIM Portal.
    Active directory attribute co have value vietnam but in FIM Portal country attribute have value VIET NAM
    we simply mapped AD Attribite to FIM Attribute for inbound
    co===>country
    why this happen
    Regards
    Anil Kumar

    Anil, please check what do you have in metaverse. It seems that you have attribute flow precedence configured in a way that doesn't export to FIM Portal.
    Let's say you have flows like:
    (AD MA)
    Import flow: (AD) description -> (metaverse) description
    (FIM MA)
    Import flow (FIM) description -> (metaverse) description
    Export flow (FIM) description <- (metaverse) description
    And you have higher precedence from FIM. Then, you would never have FIM value updated - even if value in AD changes. It would be exported to FIM only when you don't have this attribute filled in FIM.
    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

  • Unable to delete User object in FIM Portal - Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition"

    Hi,
    ***Problem
    I encounter a problem with FIM (version 4.1.3441.0 and 4.1.3496.0) when I try to delete a User object (and only a User object) whatever if it is
    manually/Expiration Workflow/Powershell.
    Deleting a User object used to be perfectly functional and, without any product version modification, stopped working. I haven't neither deleted/modified or add a
    "Grant" MPR or any of the corresponding Sets since last time I saw it working.
    Displayed error is "Request could not be dispatched" in FIM Portal and is referencing a stored procedure in Event Viewer.
    ***Error details
    When I try to delete a User object, here is the output :
    Portal
    "Processing error" on submit
    with the following details 
    Request status is stuck at "Validating" until next restart of FIM Service (after what it becomes “Canceled”)
    Request’s “Applied Policy” tab does not contain any MPR where, at least, a “Grant” MPR is expected
    As SQL Timeout is relatively high and error happens quickly, I don’t think there is a Timeout problem under that.
    Logs
    « Application »
    The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly.
    The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.
    Ensure the portal configuration is present and points to the resource management service.
     « Forefront Identity Manager »
    Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1088, Level 16, State 12, Procedure CalculateRequestSetTransitionsAssembleStatements,
    Line 332, Message: Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition" because it does not exist or you do not have permissions.
    Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
    Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State
    1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1088, Level 16, State 12, Procedure CalculateRequestSetTransitionsAssembleStatements, Line 332, Message: Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition"
    because it does not exist or you do not have permissions.
    Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
       at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler,
    TdsParserStateObject stateObj)
       at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
       at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult
    result)
       at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
       at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
       at Microsoft.ResourceManagement.Data.DataAccess.UpdateRequest(RequestType request, IEnumerable`1 updates)
       --- End of inner exception stack trace ---
    Requestor: urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4
    Correlation Identifier: e7209633-46d0-4f4b-a59e-807649ef71ea
    Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.InvalidCastException: Specified cast is not valid.
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType
    operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier,
    Boolean maintenanceMode)
       at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType
    operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Delete(Message request)
       --- End of inner exception stack trace ---
    For information, a maintenance plan rebuild/reorganize indexes daily and this problem has occurred on servers with different performances.
    Is any of you has already encounter this problem ?
    Any help would be greatly appreciated,
    Thanks in advance for your help,
    Matthew

    While there are several SQL Agent jobs (FIM Temporal Events, Maintain Sets, and Maintain Groups among others)created by the FIM install only one of those is enabled and scheduled and it calls all of the same stored procedures that the other
    jobs do. Step 2 is Maintain sets and Step 3 is maintain groups. So the Maintain sets and groups jobs never need to get enabled and scheduled, but if you want them to be maintained more frequently then you can.
    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

  • Custom resource/attribute not visible in FIM portal for non-admins

    hi all
    I have a problem I am not able to solve and hope somebody can help. We have created an custom Resource in the FIM portal called Customer. It is an User Resource Type and  attribute type customer, data type=reference.
    We have made this attribute visible in the Users Properties by editing the RCDC for Configuration for User Creation, Configuration for User Editing and Configuration for User Viewing. It is now visible for alle users in the FIM Portal.
    But when an non-admin searches for an attribute in that Field, nothing shows up.... only member of the administrator set, are able to display the results.
    I have added the Resource to Filter permission - Administrator Filter permission + non-administrator filter permission.
    I have added the Resource to MPR - General: Users can read non-administrative configuration resources?
    Can anyone help?
    Best regards Andre
    Andre

    Hi,
    To be clear,
    You have create one new resource type 'Customer' and one attribute 'Customer' (Reference, binded to Person object)
    Update RCDC for Person (create/edit/view) to add a picker attribute with those parameters
    UsageKeywords: This is an optional string property. You can define a list of search scopes to be used in the Resource Picker by providing a list of the usage keywords that are supported by the SearchScopeConfiguration structure, where each keyword is separated by a (‘).
    ResultObjectType: This is an optional string property. The resource type is used to render resources in the pop-up dialog-box list. This is used with the Filter to help the Identity Picker identify what resource type is returned by the Filter, and render the data accordingly. This property is mutually exclusive with the UsageKeywords property (see above). When the search scope is applied, this has no effect. The string that is accepted for this property is any single, valid, resource-type name, for example, Person. When the filter is expected to return multiple resource types, Resource is used.
    Modify MPR "User management: Users can read attributes of their own" and "User management: Users can read selected attributes of other users" to add this new attribute
    Create a new MPR to give the right of all users to view new resource 'Customer' on all attributes
    Is that right?
    Regards,
    Sylvain

  • Error when loading FIM portal in new installation: The requestor's identity was not found.

    I have just installed the FIM portal into my test environment.  The synchronisation service was already working perfectly (can provision users from a .csv file).
    The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
    Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:
    Unable to process your request.
    Please contact your help desk or system administrator.
    Error processing your request: The server was unwilling to perform the requested operation.
    Reason: The requester of this operation is invalid.
    Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8
    Details: The requestor's identity was not found.
    >Go to Forefront Identity Manager home page
    (The web page header does show the FIM logo, so the portal itself is there).
    In the ForeFront logs on SPF1, I get the following:
    Log Name:      Forefront Identity Manager
    Source:        Microsoft.ResourceManagement
    Date:          1/13/2015 5:48:08 PM
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SPF1.testdomain.internal
    Description:
    GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
        <EventRecordID>523</EventRecordID>
        <Channel>Forefront Identity Manager</Channel>
        <Computer>SPF1.testdomain.internal</Computer>
        <Security />
      </System>
      <EventData>
        <Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
      </EventData>
    </Event>
    Log Name:      Forefront Identity Manager
    Source:        Microsoft.ResourceManagement
    Date:          1/13/2015 5:48:08 PM
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SPF1.testdomain.internal
    Description:
    Requestor: Internal Service
    Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
    Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
        <EventRecordID>522</EventRecordID>
        <Channel>Forefront Identity Manager</Channel>
        <Computer>SPF1.testdomain.internal</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Requestor: Internal Service
    Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
    Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
      </EventData>
    </Event>
    Further, I note that it has trouble connecting to the web exchange connector.  I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for?  I'm connecting to "mail.testdomain.internal",
    although that's actually a NLB group between two CAS/HUB servers.
    Log Name:      Application
    Source:        Microsoft.ResourceManagement.ServiceHealthSource
    Date:          1/13/2015 7:43:49 PM
    Event ID:      12
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:     SPF1.testdomain.internal
    Description:
    The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
    The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.
    Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the
    Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
        <EventID Qualifiers="0">12</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
        <EventRecordID>7581</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SPF1.testdomain.internal</Computer>
        <Security />
      </System>
      <EventData>
        <Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
    The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.
    Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the
    Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
      </EventData>
    </Event>
    I'm not really sure where to start investigating at this point.  The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could
    be mistaken).

    I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.

  • PO Confirmation with Delivery Date Validation Check

    Dear Experts,
    We have requirement in SNC to restrict PO confirmation within a agreed Delivery Date tolerance. This Delivery date validation should work similar to the Quantity validation we have in SAP standard through the PO_ITMUNDERDELIVERY/ PO_ITMOVERDELIVERY validation profiles.
    So the business wants that the Suppliers can only Confirm a PO when the Delivery date in the confirmation is within agreed tolerance (-5 / +1 day ) of the requested delivery date.
    Can you please let us know if there is some standard way through configurations to achieve this. I looked for validation profiles available for delivery date, but could see only for Quantity validations.
    Another option we looked for was to have a Z Table to store this Delivery date tolerance (-5/+1 days), and implement the BAdi /SCMB/BOL_VALFRMWRK to achieve through custom developments.
    Please let me know what solution options we can have for this requirement, as it is urgent.
    Thanks & Regards.
    Shiv.

    Hi Shiv,
    I think there is no need for Z-customization and you can achieve this standard way only thing you have maintained OWN validation:
    After below setting whenever Supplier try to give confirmation which is out side tolerance then system won't allow him to save the confirmation and if supplier is EDI which sends ROC_IN confirmation XML will fail in SNC (You can see that XML in SXI_MONITOR tcode in SNC).
    SPRO>Supply Network Collaboration>Basic Settings> Validation>Own Settings-->Maintain Settings in Validation Profiles
    And maintain below setting
    Profile:POC3
    Val.Check:PO_ACCEPTED_CONF_PUBLISH     
    Status:Active 
    Msg.Type:E(Error )
    Save Mode:DO Not Save message
    Continuation mode:Discontinue checks
    Checked
    Checked
    1-Error
    Profile:POC8
    Val.Check:PO_ACCEPTED_CONF_PUBLISH     
    Status:Active 
    Msg.Type:E(Error )
    Save Mode:DO Not Save message
    Continuation mode:Discontinue checks
    Checked
    Checked
    1-Error
    If you want alert whenever PO confirmation is not within tolerance activate the alert type 7035
    Path:SPRO>Supply Network Collaboration>Exceptions>Alert Type Activation>Activate Alert Types
    Alert type=7035
    History=<Blank>leave this entry blank.
    save this entry.
    If you want receive alert as email then maintain email alert notification:
    See the below link:
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8009bba5-7806-2d10-0b80-fa26d8bcb07c?QuickLink=index&overridelayout=true
    In the above link you need to change alert type from 7051 to 7035.
    Regards,
    Nikhil

  • SQL Deadlock after deleting person object in FIM portal

    Hello everybody,
    I have an issue on FIM portal after deleting person object.
    On FIM Portal, I have an error message: access denied.
    I'm on 4.1.3496.0 version.
    On event viewer, I see following deadlock:
    Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTranstionsMembershipConditionEvaluation, Line 2298, Message:
    Transaction (Process ID 54) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
    at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
    at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
    at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
    at System.Data.SqlClient.SqlDataReader.get_MetaData()
    at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
    at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
    at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
    at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
    at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
    at System.Data.SqlClient.SqlCommand.ExecuteReader()
    at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
    --- End of inner exception stack trace ---
    Did you ever see that ?
    Thank you.
    Antho

    There are several possibilities:
    1) Could be caused by
    multiple workflows trying to act on the object
    2) Could be a flaw in the product like happened with an older version
    (4.0.3594.2) the
    kb article says: Fixes
    an issue with SQL Server deadlocks that might occur during periods of high concurrency of requests or approvals.
    So I suggest looking at the request history -- look at the delete request and see which MPRs were applied and what workflows were spawned.
    Does this happen a lot or just once in a while?
    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

  • Source MV is NULL (from the FIM Portal), How to flow this without the destination attribute being deleted?

    Hi all. I had a quick search but couldn't find what I was looking for.
    Easy question.
    I've setup the following flows:
    FIM MA
    (FIM)employeeEndDate  -> (MV)employeeEndDate
    AD MA
    (MV)employeeEndDate  ->(AD)accountExpire (I have a rule extension to convert it to a UTC etc)
    If I enter an enddate on a person object in the FIM portal it will flow to the MV and then flow to AD (via the AD CS/MA). 
    But (as with all attributes, this is just an example) if I remove the enddate on the person object in the FIM portal it will in turn delete the attribute (AD)accountExpire in the CS of AD. 
    This is normal and expected... My question is. How do I flow a NULL and still have the CS attribute retain a value?
    I'm not wanting to flow a NULL to the destination but I am taking a NULL in as a source (I am working with rule extensions, I have tried a 'ispresent' but as there's no longer a 'space' to flow to it does nothing, I'm stuck with between flow NULL or do nothing,
    depending on if I allow NULLs to flow). 
    The reason is the AD attribute accountExpire is never NULL, but either a date or "0" or "9223372036854775807"(Taken from the MSDN page: )
    I had thought of using a RE on the import rule of the FIM MA but you can't use RE there.
    I hope I've made the question clear, thank you for any help or tips in advanced. 

    Try adding a second attribute for your rules extension when exporting from the MV that always has a value (Ctrl + click the other attribute). This will ensure that the rules extension is always fired, something like this:
    (MV) accountName
    (MV) employeeEndDate --> (AD) accountExpires
    From there you should be able to use .IsPresent to check for a value, and flow out the correct value in your rules extension. 

  • Unique username generation when creating new user via FIM Portal?

    Hi,
    Is it possible to create a new user using the FIM Portal, and have FIM create the unique username upon submission of the request in the Portal?
    So effectively, when you create a new user in the Portal, the 'accountName' attribute would not be a mandatory field and therefore removed from the GUI using RCDC , and instead be generated based upon the unique AD username rules.
    Thank you.

    Just my 2 cents worth ... make sure you identify and test the "edge cases" for whatever solution you end up implementing, and don't just assume a solution that works for someone else will automatically work for you in 100% of cases (this is most likely why
    this feature is not OOTB, even though most people would want something like this from the get-go).
    To be specific, I have implemented option #2 myself with success, after initially implementing option #3 and running into grief with a particular use case (education environment end-of-school year roll-over involving large numbers of concurrent leavers/joiners
    in the same import/sync cycle).  To be specific, when implementing a workflow-based solution to do this there is a small but nonetheless realistic chance that 2 user requests being processed in parallel calculate exactly the same AccountName value, and
    of course one will succeed and the other will fail ... and of course by default this will fail the entire request.
    I solved the problem in my case by adoption option #2 using an approach where I reserved a unique accountName in the MV (downside is that in some cases the user may never end up being provisioned to AD if this is in advance of the actual hire date), thereby
    avoiding clashes by getting the FIM Sync Service to control integrity rather than the FIM Service where parallelism is a design feature :).
    So just make sure you understand the pros and cons of each approach when deciding what is best for you.  Note that this discussion has come up many times before on previous posts on this forum, and it will be worth looking through these if you are still
    in the early stages of formulating your approach.
    Bob Bradley (FIMBob @
    TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

  • Custom FIM PORTAL to provide Special privilege to a Specefic User( eg. Sub-Administrator) or a Set of Users

    If an Organisation wants a User (lets Say- Paul Walker) to act as a Sub-Administrator, Who can see the Security Groups or My SGs or My SGs Membership in its Naigation Resource Bar in Fim Portal and the Search Scope as well to view
    that Data.
    Found a Solution.
     

    Hello,
    NavigationBar, HomepageResources and SearchScopes are also displayed via Permission MPRs.
    You have to deal with UsageKeywords also. You can get an overview of how this works if you take a look on how this is done with the BasicUI Keyword to display the default elements.
    As an example you can do the following:
    1. Add the Usage SubAdminUI to the Navigation, Homepage and Searchscope elements you need.
    2. Create a set for each of the 3 having a dynamic filter UsageKeyword = "SubAdminUI"
    3. Create a set to combine the 3 sets to one using filter ResourceID in "Name of the Sets"
    4. Create a Set "SubAdminUI Users" and add the Admin Users to them. (dynamic or static)
    5. Create an permission MPR and grant SubAdminUI Users read to the Objects in Set created in Step 3
    6. Perform an iisreset to clear cache
    You should now see the Portal elements as the SubAdmin. Next you need make sure that SubAdmin can read and edit group resources. Create permission MPRs as well for this. How to do this depends on if you use the owner attribute of the groups or not.
    Regards
    Peter
    Peter Stapf - Doeres AG - My blog:
    JustIDM.wordpress.com

  • Error Installing FIMService_x64_KB2870703.msp when FIM Service and FIM Portal (SharePoint) are on two different servers!

    I'm trying to install KB2870703 however I have our servers setup this way:
    Server A: FIM Service & Sync Service
    Server B: SharePoint 2013, Password Reset Portal, Password Registration Portal
    When attempting to install FIMService_x64_KB2870703.msp It starts and dies almost instantly
    The errors from the log:
    Action 12:27:15: CheckSharepointAdminServiceRunning.
    Action start 12:27:15: CheckSharepointAdminServiceRunning.
    SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIEE5B.tmp-\
    SFXCA: Binding to CLR version v2.0.50727
    Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning
    Exception thrown by custom action:
    System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
    or one of its dependencies. The system cannot find the file specified.
    File name: 'Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' ---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
    or one of its dependencies. The system cannot find the file specified.
    File name: 'Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'
    WRN: Assembly binding logging is turned OFF.
    To enable assembly bind failure logging, set the registry value  (DWORD) to 1.
    Note: There is some performance penalty associated with assembly bind failure logging.
    To turn this feature off, remove the registry value .
       at Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.IsSharepointAdminServiceRunning(Session session)
       --- End of inner exception stack trace ---
       at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
       at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
    CustomAction CheckSharepointAdminServiceRunning returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 12:27:15: CheckSharepointAdminServiceRunning. Return value 3.
    Action ended 12:27:15: INSTALL. Return value 3.
    Property(S): Data = C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\

    On Wed, 26 Mar 2014 00:15:57 +0000, jmanley WI wrote:
    I installed it on server B I need to install on server A to update the Database Schema. My understanding is having the portal seperated from the portal is supported. Is that incorrect?
    You don't mention the FIM Portal at all in your first post.
    Paul Adare - FIM CM MVP
    "The day Microsoft makes something that doesn't suck is probably the day
    they
    start making vacuum cleaners" -- Ernst Jan Plugge

  • The timesheet creation failed, because of problems with the project I server or with data validation

    Hi,
    One of my user is facing issue in creating new time sheet,
    "The time sheet creation failed, because of problems with the project server or with data validations".
    This issue is coming to only few members out of 10000 members.
    Note: For the same user, can able to do in other machines. only the problem in his machine. Have ran the office diagnostics, but still the problem persists.
    Is any add-on's/any settings need to update in IE. Could any one please help me on how to fix this issue?
    Many thanks in advance.

    I would check the compatibility settings in IE etc, or try another browser (chrome, safari etc.)
    Ben Howard [MVP] | web |
    blog | book

  • Excise Invoice Cancellation on Date validation only

    Hi Experts,
    i am having critical requirement from Business, which is not available in SAP Standard, So i need help from you guys...
    Excise invoice can be cancelled on the same day of system/posting date. but when the system date and posting dates are not matching it should through error..
    Example  : i created Excise invoice on 17th june,2011 this is posting date of excise invoice, if i try to cancell on 17th june , it should allow.
                        but when i try to cancell the excise invoice on 18th june (system date) , it should not allow to cancell and it say Error !!!
    i heard there will be possible through User Exit  OR Function Module OR Routins ... Please help me
    Thanks and Regards
    Madhu

    Dear Madhusudhanan,
    Following are the list of User Exits available for J1IIN
    J_1I7_USEREXIT_EXCISE_BEF_SAVE User exit after the excise header and details are written and they can changed in J1IS  , J1IIN and Automatic creation of Excise Invoice.
    J_1I7_USEREXIT_EXINV_ADDL_DATA User exit for Excise Invoice Additional Data    in J1IS and J1IG                 
    J_1I7_USEREXIT_J1I5_MATFORM    User exit for J1I5 material form changes                           
    J_1I7_USEREXIT_J1I5_VALIDATE   User exit for subsequent J1I5 data validation                      
    J_1I7_USEREXIT_J1IEX_BEF_SAVE User exit for J1IEX before the data is saved                    
    J_1I7_USEREXIT_J1IEX_CHANGE    User exit for changing data before display             
    J_1I7_USEREXIT_J1IS_BASE_VALUE User exit to Change base value in J1IS                
    I strongly believe that the first exit will serve the purpose.
    Now if you are cancelling it using J1IH, Check the following thread.
    J1IH-User Exit
    Thanks & Regards,
    Hegal K Charles

  • How to delete the orphaned Expected Rule Entries exist in the FIM portal

    Hi,
    How to delete the orphaned Expected Rule Entries exist in the FIM portal.
    A large number of orphaned Expected Rule Entries exist in the FIM portal (originally 140000k+ objects, currently 75000+ objects). They consume the a lot of FIM database space and slows down the identity lifecycle management synchronization processes.
    Regards
    Anil Kumar

    Hello,
    in my environments i use this approach:
    https://social.technet.microsoft.com/Forums/en-US/1af6cf77-4c55-4a3e-93cc-0baae80bc88f/expiration-workflow-cannot-delete-ere?forum=ilm2
    This sets up a compination of Sets, Workflow and MPR to let the "Expiration Workflow" delete EREs as soon as they get orphaned.
    This works fine since 3 years now, even if there are comming SQL-Jobs within a FIM update, but I implemented this before this was done.
    I would suggest to clear the current orphaned EREs with PowerShell to avoid request flooding when implementing the above solution. Then implement that housecleening above.
    Regards
    Peter
    Peter Stapf - ExpertCircle GmbH - My blog:
    JustIDM.wordpress.com

  • Data Validation - a feature that Numbers really needs.

    Right now, the newly purchased Numbers app for iPad/iPhone is little more than a crippled document viewer for me because numbers doesn't support 'data validation' (as implemented in excel).
    Its not a hard concept and likely utilized in a LOT of spreadsheets on the planet.  Not supporting such a critical feature is a problem, as it makes numbers, at least for me, rather pointless as an authoring tool since I cannot change or update data in my worksheet without likely corrupting the document's data integrity.
    Hopefully, someone at Apple is working on fixing this.
    Given that one cannot use data validation - how do I lock down a spreadsheet so I don't accidentally change cell contents?
    The fact that there is no 'undo' button on the iPhone version that I do get on the iPad (same app) makes it worse.. I'm occasionally and unintentionally dragging selections of stuff around the page really hosing up the iPhone spreadsheet.
    So I need to just remember what needs to be updated, update the excel spreadsheet when I can, then delete the iWork-iCloud doc, upload the replacement, then refresh the iPhone/iPad version.. very cumbersome and not at all 'cloud-like' or usefull.
    Apple developers.. are you paying attention?

    Yeah I know that apple likely has the same system as Microsoft in sending general support to a forum such as this. And maybe thae same stupid moron that not paying attention to the forums if their users is a food idea.
    That doesn't change the point of the issue nor that apple directs ,e here to ask said question
    Written in the iPad split soft keypad that covers up the forum post I'm typing. Joy

Maybe you are looking for