FIM Sync RULE
Tuesday 10 July 2012
Friday 22 June 2012
Christmas – 2011
The Night we were in the office with Grace, Jyothi, Sai..We
enjoy a lots on that day..Grace bought the guitar and Sai played the Guiter ..
The picture is not clear, I have posted this so that I can go back and remember
the day I had spent in Microsoft Hyderabad.
Miss u all……..
Friday 25 May 2012
Friends and Life @Infosys
Time for me to move on. Today is my last day in Infosys.
Infosys.
Microsoft -- Hyderabad.
Just want take this opportunity to thank everybody for all
the support and guidance I have got from everybody during my tenure. It’s been
the most memorable time I have had in infosys and Microsoft and really feel sad today
to write the last day mail.
Guy's you are one of the best people I have ever meet and
learn lots of thing during my tenure in Microsoft. I always felt privilege to
be part of the team.
Thanks to Manish,Lyle, Anil,Alex,james and khalid for your
support and learn myriad things from you all. My sincere thanks to each one of
you!
I would like to thank all my leads, managers and colleagues
for providing all the guidance, appreciation, encouragement whenever I needed.
I would be taking away with me a lot of learning’s from here.
Wish all of you good luck and the best in life! [V-ANSI]
Wish all of you good luck and the best in life! [V-ANSI]
Infosys.
Microsoft -- Hyderabad.
Tuesday 10 April 2012
Notice Board in FIM
Notice Board in
FIM, It is good to display the downtime and maintenance of FIM in home page
instead of sending mail to the user.
I see the production team use to display this information in the home page of FIM, I did a little bit of investigation and here is my finding.
I see the production team use to display this information in the home page of FIM, I did a little bit of investigation and here is my finding.
Click
Administrator -> Home Page Resources ->Click New
Friday 6 April 2012
At Work
Group TS
If your Sync Rule and MPR are fine, the best approach to investigate group errors is to find the error message in connector space.
Verify the group in FIM Connector space Search by RDN and Resource ID.
In AD Connector space search by RDN and CN name.
Verify the group in FIM Connector space Search by RDN and Resource ID.
In AD Connector space search by RDN and CN name.
If you are able to locate the group in FIM connector space and the state of the connector is False then the group fails to project in metavers.Find the sync errors with the group that will help to narrow down the investigation.
Tuesday 6 March 2012
PowerShell
The day was ending as usual and before I leaved I have to move 500 servers to OU. At beginning I thought it will take 15 to 20 min using the script and will leave the day as usual.
I have used the bulk move script to move the servers to the OU, Hiccups started when the server are falling to move and to verify the list of server fail to move out of 500 servers will take more 2 hours to investigate.
Thought of using vlookup function in excel but it is not always show the result as excepted and then what next – Will powershell serve the need and the answer is YES.
Here are the steps how I did it…
There are two input file as.txt and ansi.txt
as.txt is the file that has been used in bulk move and ansi.txt is the list of all server in the OU after the bulk move.
PS C:\Users\Administrator> Compare-Object $(Get-Content C:\Users\Administrator\Desktop\as.txt) $(Get-Content C:\Users\Administrator\Desktop\ansi.txt) -includeequal Where-Object { $_.SideIndicator -like '<=' }
InputObject SideIndicator
----------- -------------
100 <=
Thursday 23 February 2012
Recovery of an group from the AD recycle bin.
Useful Link in Recovery of an group from the AD recycle bin. http://darshanaj.wordpress.com/2011/11/29/active-directory-recycle-bin/
It work and able to recover the group that has been deleted in AD.
Note - Recovery of group deleted in FIM require few change in the attribute of the group in ADSI EDIT after recover the group as shown in the snapshot. -- I will cover the recovery of FIM manged group some where in future.
It work and able to recover the group that has been deleted in AD.
Note - Recovery of group deleted in FIM require few change in the attribute of the group in ADSI EDIT after recover the group as shown in the snapshot. -- I will cover the recovery of FIM manged group some where in future.
Monday 20 February 2012
MPR configuration for FIM Portal Access
Using Power Shell to check your MPR configuration for FIM Portal Access
FIM Portal
Create a Search Scope for Groups in FIM portal.
How to display the new attribute in FIM Portal from the serch within tab. The steps are below to show the All Groups attribute in the seach within tab in FIM portal.
Click Administrator --> Click Search Scope-->Click New
On the General pages,type
Display Name: All Groups
Description:All Groups
Usage Keyword(on Separate lines):
BasicUI
Global
GlobalSearchResult
Group
Order: 94
Click Next
On the search definition page,type:
Attribute Searched: DisplayName
Filter: /Group
Click Next
On the result tab, from the resource type drop-down list, select Group, and then in Attribute ,type DisplayName,Email
Click Finish and submit.
Perform an IISRESET.
Browse the FIM Home pages.
How to display the new attribute in FIM Portal from the serch within tab. The steps are below to show the All Groups attribute in the seach within tab in FIM portal.
Click Administrator --> Click Search Scope-->Click New
On the General pages,type
Display Name: All Groups
Description:All Groups
Usage Keyword(on Separate lines):
BasicUI
Global
GlobalSearchResult
Group
Order: 94
Click Next
Attribute Searched: DisplayName
Filter: /Group
Click Next
On the result tab, from the resource type drop-down list, select Group, and then in Attribute ,type DisplayName,Email
Click Finish and submit.
Perform an IISRESET.
Browse the FIM Home pages.
Saturday 18 February 2012
Groups Errors in FIM.
From user side if they create group in FIM and are not provision in AD, then there is no indication that group creation was successful unless the user does not get the feeling that group is not working at all or some one from IT get into it to investigate.
As I have experienced a user created group with scope universal and domain local group as member, the group failed to sync and if the user want to delete the group in FIM, it errors out ObjectSIDString is either null and empty, cannot delete the group at this time.
To delete the group I have to go advanced view of the group in FIM, locate the field for “ObjectSIDString Group binding”, and type any number in it (for example 1234).Click OK and submit the change.
The group got deleted at last.
As I have experienced a user created group with scope universal and domain local group as member, the group failed to sync and if the user want to delete the group in FIM, it errors out ObjectSIDString is either null and empty, cannot delete the group at this time.
To delete the group I have to go advanced view of the group in FIM, locate the field for “ObjectSIDString Group binding”, and type any number in it (for example 1234).Click OK and submit the change.
The group got deleted at last.
Wednesday 8 February 2012
Fine-Grained Password Policies
In Day to Day life at my work if there is a need to extend the password of the system accounts I enrolled the system account to the security group in AD or in FIM and the requestor will need to re set the password of the accounts.
I grab information on FGPP's and present in details way what it is and how it works..............
Active Directory domain could only have one password and account lockout policy per domain for domain accounts.
FGPP's allowed organizations to specify multiple password policies within a single domain. You can use fine-grained password policies to apply different restrictions for password and account lockout policies to different sets of groups and users in a domain.
To know more about how it works refer to
http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx
I grab information on FGPP's and present in details way what it is and how it works..............
Active Directory domain could only have one password and account lockout policy per domain for domain accounts.
FGPP's allowed organizations to specify multiple password policies within a single domain. You can use fine-grained password policies to apply different restrictions for password and account lockout policies to different sets of groups and users in a domain.
To know more about how it works refer to
http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx
Windows Server 2008 R2 - Recycle Bin feature is an irreversible action.
Active Directory Recycle Bin provides a very quick way to recover Active Directory objects that have been deleted without needing to reboot a domain controller, perform authoritative restore operations, and wait for replication. Once enabled, any object can be quickly restored using a simple PowerShell command
Tuesday 17 January 2012
Error - NoSuchManagementAgentException Error
There are a few gaps in TechNet and it can be confusing switching from one article to other, so I have collate it here in my Blog...Hope it will make sense.
In My lab I have use the Notepad as my HRdatabase,to project the user in metaverse and finally provisioning in FIM portal.
In My lab I have use the Notepad as my HRdatabase,to project the user in metaverse and finally provisioning in FIM portal.
Create the data file.
Copy the records from the following data and then paste them into a new Notepad file
Copy the records from the following data and then paste them into a new Notepad file
EmployeeID:1
FirstName:Anirban
LastName:Singha
UserID:ansi
EmployeeType:Full Time Employee
FirstName:Anirban
LastName:Singha
UserID:ansi
EmployeeType:Full Time Employee
EmployeeID:2
FirstName:Anil
LastName:Panem
UserID:Anilkp
EmployeeType:Full Time Employee
FirstName:Anil
LastName:Panem
UserID:Anilkp
EmployeeType:Full Time Employee
Save the Notepad file on your local drive as C:\HRData.txt
For creation of Notepad MA,FIM MA and Inbound Sync Rule please refer to - http://technet.microsoft.com/en-us/library/ee534902(WS.10).aspx
For creation of Notepad MA,FIM MA and Inbound Sync Rule please refer to - http://technet.microsoft.com/en-us/library/ee534902(WS.10).aspx
Challenges – when I run the Sync of FIM MA and Notepad MA receiveing the below error.
Use the PowerShell to enable provisioning you can do this by running the script, Using Windows PowerShell to Enable Provisioning (http://go.microsoft.com/fwlink/?LinkId=189660).
Make sure your Notepad MA have precedence over the FIM MA.
Overview -
Saturday 14 January 2012
Groups not provisioning in Active Directory.
I have seen user coming back and say I have created group and my group is still not working L and it relay feels pain to go back and say you have to delete the group and re create the group.
FIM 2010 and R2 never checks the existing display name of the group, it goes fine with the alias.so what cause the group falling with the same display name ?
I have done some TS into it and find the group fails to provision in AD and if you do the metaverse search of the group you will find group with already existing display name.
Now again I am coming back to my question? Why the group are failing.
Each object in AD has a GUID assigned to it, but since the GUIDs are hard to remember, we generally use DNs
Every object in AD have a specific location and stored uniquely in AD and store the data as CN=DisplayName,OU=XXXXX,DC=COM.
If group with the same display name created it conflict with the already existing DN in AD and Synchronization Rule in FIM not allow the groups to get provision in AD. J
Subscribe to:
Posts (Atom)
-
Note : This series is for the Beginner and trouble shooting the Error With Sync Engine, Based on Test Lab, Highly advice do not do Full Syn... -
Error “Does not have a parent object in Management agent.” When I run the Delta Sycs for FIM MA, I started getting the error Sync-r... -
This article can be refer as reference only, how can you build your first Management Agent connect to Service Now. The samples code show...