GAL Synchronization FIM 2010

Similar Messages

• FIM 2010 GAL Synchonization Error

  number one
  Forest
  exchange server 2013
  a server with active directory 2012
  a server running FIM 2010 R2 sp1
  number two Forest
  a server with Exchange 2010
  Active directory server 2008
  r2
  I'm setting up a global address list
  with FIM Server
  configure agents with default attributes
  Forest users number one, they
  are synchronized to the number two
  Forest
  Forest users number one, they
  are not transferred to the number two
  Forest.
  users see them as delete and
  are not added, attached the error.
  Forest groups the number one
  Forest synchronized to the number two
  my question is?
  that users are not synchronized and groups
  are synchronized if the forest
  both.
  is there any attribute to be removed
  for being Exchange 2010 and AD
  2008.
  that I take is when they are
  forest and exchange different
  version?

  Satpal,
  You could theoretically do this by exposing AD to the Internet, you would need to expose port 389 for remote domain publically so that FIM server could reach that without direct connection. You could use reverse proxy software such as TMG/UAG to publish
  this port safely, although I don't the exact implementation details for that. As far as the Exchange provisioning piece, that is already a trick to get to to work in some internalized scenarios so making that work publically is seemingly unlikely; you are
  better off disabling that and just running PS cmdlets on Exchange servers after exports to AD are completed. You could use script/automated process on Exchange server to launch this after export from FIM is finished.

• GAL synchronization to specific target OU

  We already have GAL synchronization setup between two AD\Exchange forests using FIM 2010 R2. What we want is to configure Management Agents to put contact objects from specific OU into target specific OU, for example users from DOMAINa/Resursser/Users/Shared
  Accounts 
  should be synchonized and put into DOMAINb/domainaGroups/Shared Accounts
  And there is a few pairs of such OUs. Should we configure separate Management Agent in FIM for each pair or is there any way to configure it in one Management Agent?
  As You can see on below screen it is impossible to select two containers as target container

  You can do it one pair of Management agents by modifying the Galsync.dll code.
  If you create multiple GalSync Management Agents with the default code it will take the info from one MA and try and provision a contact to each other GalSync MA, which if you have more than one Galsync MA pointing to the same forest would result in duplicate
  contacts.
  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

• Unable to process your request in FIM 2010 R2.

  Hi,
  Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.
  This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message
  Unable to process your request .
  NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.
  Regards
  Anil Kumar  

  I make the changes in the  web.config file at location
   C:\inetpub\wwwroot\wss\VirtualDirectories\80  on FIM server and added  the
  requireKerberos=”true”  as per the FIM installation
  document. Restarted the IIS and reboot the server. After that unable to login on the FIM Portal, However, SharePoint  URL is working fine.
  Please help me to resolve the issue.
  Anil

• How to do provisioning in Active Directory multiple lavel OU structure from FIM 2010 R2 with Country basis.

  Hi,
  I want to do provisioning in Active Directory multiple level Organization Unit(OU) from FIM 2010 R2  with country name basis.
  Suppose i have Asia,Europe,UK,USA region OU and they have another OU in Asia OU like India,china etc if country name is India then Users should be go in India OU and if  if country name is China then Users should be go
  in China OU.so please give me any idea on this this would be very helpful for me
  Regards
  Anil Kumar

   
  Do you have Region attribute in your user object? If yes, then you can do something like this
  "CN="+displayname+
  ",OU="+country+
  ",OU="+region+
  ",DC=mycompany,DC=local"
  If you don’t have region attribute, then you have to write own IIF statement for every county
  IIF(Eq(contry,"China",",OU=China,OU=Asia","")
  You can also parse your dn for synchronization rule in some other place (e.g. metaverse extension), but if you want to do it codeless, IIFs are the way to go.

• Supported platforms in FIM 2010 R2 Sp1

  I have FIM 2010 R2 Syncronization Server running on Windows 2008R2 OS. The available Galsync connectors that we have are Exchange 2003, 2007 and 2010. The FIM sync server runs on Exchange 2010 environment but in order to fulfill the requirements of establishing
  a connector with Exchange 2007 we followed the reference "http://social.technet.microsoft.com/wiki/contents/articles/3457.fim-how-to-export-to-an-exchange-2007-server-with-synchronization-server-in-an-exchange-2010-domain.aspx"
  to install Exchange 2007 EMC on the FIM Sync server. Now we have a new connector lined up to be added on our FIM server which is running on Exchange 2013 environment. I need to know how can we perform an upgrade from FIM 2010R2 to FIM 2010R2 SP1 without breaking
  the existing configuration especially with the connectors running legacy Exchange (2003 and 2007).
  Jimmy George

  Yes, you can upgrade to SP1 without impacting the legacy connections.
  Thanks, Brian

• Upgrade FIM 2010 R2 Sp1 Databases from SQL 2008 R2 to SQL 2012

  Hi,
  I want to upgrade my SQL from 2008 R2 to SQL 2012.
  FIM Databases   
  1) FIMService Database 
  2) FIMSynchronizationService Database 
  Mentioned above are my FIM databases running on SQL server 2008 R2 . Now I was looking for some article which could tell me if SQL can be upgraded without affecting my existing databases of FIM or if i can move these databases to a new server having SQL
  2012
  Activity I want to perform :  Create a fresh  Server of SQL 2012 and move my FIM 2010 databases over it by restoring the backups. but as per the link below it seems not possible!
  http://social.technet.microsoft.com/wiki/contents/articles/5465.fimilm-how-to-move-the-backend-sql-server-synchronization-service-database.aspx

  Hi Shivam,
  Please take a look here: Release Notes for Forefront Identity Manager 2010 R2 SP1.
  In the table you have tasks to upgrade SQL for FIMService and FIMSych.
  FIM Service:
  Upgrade FIM Service servers to FIM 2010 R2 SP1
  Stop FIM Service on all servers
  Backup Database [in case rollback needed]
  Upgrade SQL to SQL Server 2012
  Start FIM Service on all servers
  FIM Synch:
  Upgrade FIM Sync to FIM 2010 R2 SP1
  Stop FIM Sync
  Backup Database [in case rollback needed]
  Upgrade SQL to SQL Server 2012
  Start FIM Sync
  If you are not making in-place upgrade, I would do something like here:
  Stop FIM Services
  Backup the databases at SQL 2008
  Restore backed up databases on SQL 2012
  Make sure SQL Agent Jobs are moved (FIMService)
  Make sure Broker is enabled on FIMService database
  On FIM machines create SQL alias using cliconfg utility. Alias should have the name of "old(sql2008) SQL" and point to new name/instance.
  Start FIM Services - they would use "old" name to connect, but it would be translated to new location. So they would start.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• FIM 2010 R2 SP1 with SCSM 2012

  I know that FIM 2010 R2 SP1 now claims support for SCSM 2012. FIM Reporting allows us to use a free copy of SCSM / DW for just the purpose of reporting services. Does this only apply to SCSM 2010 or does this include SCSM 2012 as well? I just want to make
  sure that we don't install SCSM 2012 assuming that it's free when in reality only SCSM 2010 is free. This issue came about because SCSM 2010 did not require a product key, but SCSM 2012 does.
  Thanks,
  Mark
  Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

  On Fri, 4 Jul 2014 08:27:39 +0000, diramoh wrote:
  on Microsoft TechNet link, we have the following Details:
  Reporting: Unique key constraint violation when running reporting synchronization jobs
  If you attempt to run reporting synchronization jobs on a default System Console System Manager SP1 (SCSM SP1) installation, you may receive the error “Violation of UNIQUE KEY constraint ‘idx_ManagedEntityManagedTypeId’.  Cannot insert duplicate key…”. 
  To address this issue, please make sure you have the following updates installed on your System Center Service Manager Management Server, Data Warehouse Server, and any machines that have the System Center Service Manager Console installed on them:
  1. KB2542118 <http://support.microsoft.com/kb/2542118>– System Center Service Manager Cumulative Update 2
  2. KB2542118 <http://www.microsoft.com/download/en/details.aspx?id=26631>– System Center Service Manager FIM 2010 R2 Hotfix
  Note:  *You must have the SCSM Cumulative Update 2 installed before installing KB2542118*
  Shim is asking about the product key. The above has nothing at all to do
  with his question.
  Paul Adare - FIM CM MVP
  What should I do ......the machine can't find the program
  iexplorer.exe...
  Breathe a sigh of relief. -- Arthur Hagen in no.www

• FIM 2010 can provide user authentication?

  Hi
  Can FIM 2010 be used to provide authentication to a 3th party applcation developed, for example, in .NET?
  These are the steps the application must accomplish:
  1. User provides his username and his password on login page.
  2. .NET app calls FIM 2010 and validate user and password with the user informations created in a previous synchronization with AD.
  Thanks 

  On Wed, 3 Sep 2014 11:08:14 +0000, Kusma wrote:
  Can FIM 2010 be used to provide authentication to a 3th party applcation developed, for example, in .NET?
  These are the steps the application must accomplish:
  1. User provides his username and his password on login page.
  2. .NET app calls FIM 2010 and validate user and password with the user informations created in a previous synchronization with AD.
  FIM does not provide login authorization.
  Paul Adare - FIM CM MVP
  About the use of language: it is impossible to sharpen a pencil with a
  blunt
  ax. It is equally vain to try to do it with ten blunt axes instead.
  -- Dijkstra

• SharePoint Foundation 2013 SP1 for Microsoft Forefront Identity Manager (FIM) 2010 R2 SP1

  For subsequent installation FIM 2010
  R2 SP1, I must create a Web application
  with the classical method of authentication. According to
  Microsoft (http://technet.microsoft.com/en-us/library/jj863242(v=ws.10).aspx),
  it is created using PowerShell the following commands:
  $ AdminCredentials = Get-user domain
  \ contosoAdmin
  • $ adminManagedAccount = New-SPManagedAccount -Credential $ adminCredentials
  • New-SPWebApplication -Name "FIM SharePoint Web Application" -ApplicationPool "FIMAppPool" -AuthenticationMethod "Kerberos" -ApplicationPoolAccount $ adminManagedAccount -Port
  80 -URL http://www.contoso.com
  But these commands do not specify an account for
  Web services applications,
  and services of that applications will run under the account
  under which installed Sharepoint. As a result,
  the Administration Console Sharepoint error occurs:
  the application service account has
  local administrator rights. But it should not
  be.
    I ask for advice on how to solve this problem.

  Where I can found ULS Log and configuration details as well?
  I have errors:
  Accounts used by application pools or service identities are in the local machine Administrators group.
  One or more web applications are configured to use Windows Classic authentication.
  When I create a Web application through the
  web interface, and select
  the account for the application pool and application services
  (see. Screenshot). So I decided
  that the account application services
  become account under which installed
  Sharepoint, which has local administrator rights.
  And the application pool account to the
  administrators group is not included. Therefore,
  the question arises: what kind of account
  reports error :: 
  there is only one Web application (but
  before I create and delete the same):
  New-SpWebApplication
  DisplayName                    Url
  Sharepoint-FIM                
  http://www.contoso.com
  help to solve the error, please.

• Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2

  HI,
  I am Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2,
  Before SharePoint Foundation 2013 installation I installed all prerequisite software that is required for SharePoint Foundation 2013 but when we run SharePoint Foundation 2013 setup that gives below error so I am requesting you please help on this.
  Setup is unable to proceed due to the following error(s):
  Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.
  Regards
  Anil Kumar

  You really need to do what error is suggesting.
  Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.
  Nosh Mernacaj, Identity Management Specialist

• Installing Sharepoint Foundation 2013 for FIM 2010 R2 SP-1

  Hi,
  As SharePoint Foundation 2013 is supported for FIM  2010 R2 sp-1 on windows 2012. I am trying to install the SharePoint  foundation 2013 on windows 2012. There are some prerequisite(like .net framework,windows Identity framework, sync, windows
  appfabric etc) which needs to be get installed before installing SharePoint 2013. I have installed on the prerequisite sucessfully but when try to install the SP 2013, getting the error, windows server AppFabric is not configured properly. Search
  on google and  configured the windows server AppFabric many times still getting the same issue. Kindly suggest if it  mandatory to configure the AppFabric.If yes, please suggest  the correct step to configure the AppFabric. 
  Error Print screen is as below.
  Regards
  Harry    

  Follow these guides to get it working: http://www.harbar.net/articles/fimportal.aspx https://konab.com/using-sharepoint-foundation-2013-with-fim/

• How do I add my Custom Workflow Activity to FIM 2010 R2 SP1 installed on Windows 2012 server?

  Hellos.
  I have tried and failed to add my custom.dll into the Windows Server 2012  GAC.
  We have a version of FIM 2010 R2 Sp1 running on Windows Server 2008 R2 and that was no problem. There seemed to be a gacutil.exe present on the system which added my assembly.
  I cannot find gacutil.exe on the Windows 2012 Server.
  I have downloaded and installed Windows SDK for Windows 8. However, when I try the gacutil.exe /i <myCustom.dll> nothing seems to happen.
  Are there any guidelines how to add custom workflow activities to FIM when installed on a Windows Server 2012 system?
  TIA
  *HH

  Well yes. It is fine when FIM is hosted on Windows Server 2008 R2.My difficulty is that I am using FIM 2010 R2 Sp1 and Windows Server 2012. No GACutility executable.
  However, the problem has been resolved. Powershell can be used to modify the assemblies.
  I opened a RunAs Administrator PS session. My assembly is in folder c:\Temp
  Using Windows Explorer I browsed the folder c:\windows\assembly and noted the System.EnterpriseServices entries: version (2.0.0.0) and public key token (b03f5f7f11d50a3a)
  (My version is 2.0.0.0 because when installing FIM and SharePoint 2013 the instructions I used suggested setting .Net version to be 2.0)
  These powershell commands got me going...
  PS C:\temp> [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
  GAC    Version        Location
  True   v4.0.30319     C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50...
  PS C:\temp> $publish = New-Object System.EnterpriseServices.Internal.Publish
  PS C:\temp> $publish.GacInstall("c:\temp\RunPowershellLibrary.dll")
  PS C:\temp>
  PS C:\temp>
  PS C:\temp> iisreset
  Amazingly I can see the assembly RunPowershellLibrary in my Windows 2012 GAC. :-)
  Also, what is more cheering is that the custom activity actually works with FIM 2010 R2 Sp1.

• How to synchronize Outlook 2010 with SAP Calendar

  Hello colleagues,
  How to synchronize Outlook 2010 with SAP Calendar??
  Thanks

  Install MfE (Mail for Exchange), then follow this: http://www.google.com/support/mobile/bin/answer.py?hl=en&answer=147951
  You can sync your mail, contacts and calendar with Google Sync. Tasks and notes are not supported. (Notes syncing is not possible with MfE anyway.)

• Oracle IdM integration with Microsoft ILM 2007/FIM 2010

  We currently have ILM 2007 in our environment with limited usage at the moment. We are looking at purchasing Oracle Identity Manager to implement an enterprise wide IAM solution.
  We were wondering if it is possible to continue using ILM like a middleware between our AD forests and the Oracle IdM. Where the Oracle IdM is the overarching IAM solution and Microsoft ILM 2007/FIM 2010 is like the metadirectory for our AD forests.
  Is this possible without installing the Oracle Management Connector on any of our DCs and using ILM as the directory that Oracle IdM connects to. All AD account provisioning/de-provisioning, acct updates, password sync/reset will be initiated from the Oracle IdM to ILM and then implemented on AD. In order words no direct interaction with AD domain controllers from Oracle IdM, everything will go to ILM and ILM in turn applies it to AD.
  Is this possible?
  Is there a custom connector that will work with ILM 2007/FIM 2010
  Is this a simple customization or something that can be problematic and expensive?
  Any feedback is much appreciated
  Thanks

  user1106726 wrote:
  We currently have ILM 2007 in our environment with limited usage at the moment. We are looking at purchasing Oracle Identity Manager to implement an enterprise wide IAM solution.
  We were wondering if it is possible to continue using ILM like a middleware between our AD forests and the Oracle IdM. Where the Oracle IdM is the overarching IAM solution and Microsoft ILM 2007/FIM 2010 is like the metadirectory for our AD forests.
  Is this possible without installing the Oracle Management Connector on any of our DCs and using ILM as the directory that Oracle IdM connects to. All AD account provisioning/de-provisioning, acct updates, password sync/reset will be initiated from the Oracle IdM to ILM and then implemented on AD. In order words no direct interaction with AD domain controllers from Oracle IdM, everything will go to ILM and ILM in turn applies it to AD.
  Is this possible?yes
  >
  Is there a custom connector that will work with ILM 2007/FIM 2010Yes, if you write one you will have a custom connector
  >
  Is this a simple customization or something that can be problematic and expensive?It won't be simple. Problematic and expensive maybe, depends on how good you are with OIM and ILM