Support-Tip: (INSTALLATION): Installation Companion – Accounts Reference

PURPOSE The purpose of this blog is to cover the different accounts / service accounts that are needed/required in a Microsoft Identity Manager 2016 solution.  Documented here are these accounts for an Identity Manager solution with explanation of their responsibilities. NOTE This blog does not cover the MIM Certificate Management, BHOLD or PAM Scenarios  … Read more

Support-Tip: (AADCONNECT): How to insert the TargetAddress Attribute Value into the ProxyAddresses list

PRODUCTS INVOLVED Microsoft Azure AD Connect Sync (AADCONNECT) PROBLEM SCENARIO DESCRIPTION The goal here is to update the proxyAddresses attribute on a User and/or Contact object with the value that is in the targetAddress attribute only if the proxyAddresses attribute does not contain a primary SMTP.  This should only happen for objects that are coming… Read more

FIM SP1 R2 4.1.3766 Upgrade to MIM SP1 4.4.1302 In-place Direct Upgrade

Greetings As of  November direct upgrade from FIM 2010 R2 SP1 (build 4.1.3766.0) to MIM 2016 SP1 (build 4.4.1302.0) is supported. Important: With various components, there are specific instructions that must be followed to ensure the solution is properly upgraded.  Please make sure to read the information below carefully and test the upgrade in a… Read more

Support-Tip: (AADCONNECT): Provisioning non-mail enabled user when joining on mail

Hey All, Tim Macaulay here from Microsoft Support for FIM/MIM/AADCONNECT SYNC. Interesting issue I worked on yesterday that I wanted to share with everybody. PRODUCTS INVOLVED Azure AD Connect PROBLEM SCENARIO DESCRIPTION In this scenario, Azure AD Connect was installed/configured to join on the mail attribute.  However, we wanted to synchronize non-mail enabled user objects… Read more

Support-Tip: (AADCONNECT): Object reference not set to an instance of an object when adding a new sync rule

PRODUCTS INVOLVED Azure AD Connect 1.1.561.0 Sync Rule Editor PROBLEM SCENARIO DESCRIPTION In AADConnect Sync Rule editor when attempting to add a new Sync Rule, you may receive the error message “Object reference not set to an instance of an object”. ERROR MESSAGE Object reference not set to an instance of an object CAUSE This… Read more

Support-Tip: (FIM Service MA): stopped-server – Error: 15517: State: 1.  Cannot execute as the database principal because the principal “dbo” does not exist this type of principal cannot be impersonated or you do not have permission.

The “stopped-server” run status is one of those that keeps popping up and having different causes to the run status.  This one I encountered was quite interesting. SCENARIO Export on the FIM Service Management Agent returns a “stopped-server” run status.  In this scenario, the Full and Delta Imports both worked successfully, but the export always… Read more

Support-Tip: (GALSYNC): Exchange 2010 Provisioning: extension-dll-timeout on Export

APPLIES TO:  Forefront Identity Manager 2010, R2, R2 SP1 Microsoft Identity Manager 2016, SP1   ENVIRONMENT / ASSOCIATED WITH THE BREAK – FIX SCENARIO Synchronization Service Engine GalSync Management Agent (Connector) Microsoft Exchange 2010   PROBLEM SCENARIO DESCRIPTION GalSync Management Agent configured for Exchange 2010 provisioning was failing on Export with “extension-dll-timeout”.  The export would… Read more

SUPPORT-TIP: (INSTALL): Custom Action DetectServiceAccount causes install to fail

APPLIES TO Forefront Identity Manager 2010 / R2 / R2 SP1 – Synchronization Service Engine Microsoft Identity Manager 2016 / SP1 – Synchronization Service Engine PROBLEM SCENARIO DESCRIPTION Attempting to upgrade the Synchronization Service Engine, it fails prematurely.   TROUBLESHOOTING ACTIONS Obtain a Windows Installer Verbose Log In the Verbose log, look for Return Value… Read more

Support-Tip: (SYNC): Unable to connect to the Synchronization Service” error when you attempt to open the MIISCLIENT.EXE

APPLIES TO Forefront Identity Manager 2010 Synchronization Server / R2 / R2 SP1 Microsoft Identity Manager 2016 / 2016 SP1 Azure AD Connect Sync   PROBLEM SCENARIO DESCRIPTION You attempt to launch the Synchronization Service Manager Console either by clicking on the icon on the Start Menu or by attempting to launch the MIISCLIENT.EXE and… Read more

Support-Tip:(CM): FIM/MIM Certificate Management (CM) and Certificate Management Agent (cmAgent) certificate issued by a Foreign Certification Authority (CA)

  Applies To: Forefront Identity Manager 2010 (All builds) Forefront Identity Manager 2010 R2 & R2 SP1 Microsoft Identity Manager 2016 & SP1 PROBLEM SCENARIO DESCRIPTION CM is servicing a Certification Authority (CA1), however it was different Certification Authority (CA2) that issued cmAgent certificate. CM certificate requests targeted to CA1 will fail (Denied by Policy… Read more