PAM: Failed with Operation requires that destination domain auditing to be enabled

  Issue:  When trying to create NEW-PAMGROUP : Failed with Operation requires that destination domain auditing to be enabled “System.Exception: Failed PAM group 'TFCAdmins' SID migration; Exception: System.ComponentModel.Win32Exception(0x80004005): The operation requires that destination domain auditing be enabled at Microsoft.IdentityManagement.WinTools.SidCloner.CloneSid(String sourceIdentity, String sourceDomain, StringsourceDC, String sourceUserName, SecureString sourcePassword, String targetIdentity, String targetDomain)” ——————————————— When looking at…

0

MIM / PAM Sign in as Different User

  SharePoint used to have a menu option called “Sign in as Different User” in the top-right corner of every page. It is very useful but form admins sometimes it can be a bit of a pain. So simple solution is to build it right into the Home Page Resources like you see below. In…

0

FIM/MIM OOB Solution CIO Direct Reports and Indirects

Scenario: In this scenario there was a request to have a distribution list for all  CIO > Manager + Direct Reports > Manager + Direct Reports. The end result will be everyone who reports to the CIO both directly and indirectly. Sample Data: CIO Direct and Indirect Reports Distribution List Directors DL Manager DL Supervisors…

0

AADSync – The server encountered an unexpected error creating performance counters

  Wonder why you get this error as we have seen this is a know issue in many of the MIIS/FIM products installations. Below is the error and the suggested fix: Log Name:      ApplicationSource:        ADSyncDate:          1/12/2015 12:47:11 PMEvent ID:      6313Task Category: ServerLevel:         ErrorKeywords:      ClassicUser:          N/AComputer:      AADSync.contoso.comDescription:The server encountered an unexpected error creating performance counters for…

3

AADSync – Configure filtering Part 2

  Continuing from our previous post  AADSync – Configure filtering Part 1 we will now look at using expressions on target attributes to decide who should get provisioned to the cloud. Will still use lessons learned from part one to make sure that our expression is properly being evaluated. A list of functions that can…

5

AADSync – Configure filtering Part 1

I have had several cases with questions on AADSync Filtering. As a general rule I never use Outbound filtering as these are not saved during upgrade. In this posting we will discuss one of the options used to filter objects as it is described in the msdn article : http://msdn.microsoft.com/en-us/library/azure/dn801051.aspx  by using the cloudFiltered(negative filtering…

10

FIM CM was unable to decrypt necessary data error

  Troubleshooting Steps: Enable FIM CM Tracing:(http://social.technet.microsoft.com/wiki/contents/articles/4020.how-to-capture-a-verbose-log-for-clm-or-fim-cm.aspx ) Enable CAPI Logging: (http://blogs.msdn.com/b/benjaminperkins/archive/2013/10/01/enable-capi2-event-logging-to-troubleshoot-pki-and-ssl-certificate-issues.aspx ) After looking at the CM logs we seen that the Cm was unable to find the correct certificate. "DOMAIN\USERA" "DOMAIN\USERA" 0x00000F60 0x00000006 Data to be decrypted: MIIDZAYJKoZIhvcNAQcDoIIDVTCCA1ECAQAxggF4MIIBdAIBADBcMEUxEzARBgoJkiaJk/IsZAEZFgNsb2MxGzAZBgoJkiaJk/IsZAE=. "2014-03-19 14:37:27.14 -06" "Microsoft.Clm.Security.Principal.RevertToSelfContext" "Microsoft.Clm.Security.Principal.RevertToSelfContext RevertIfImpersonating()" "DOMAIN\USERA" "DOMAIN\USERA" 0x00000F60 0x00000006 Reverting to the process identity…

1

FIM Workflow calling PowerShell 3.0 from 2.0 pipeline

In this scenario a customer was trying to use a PowerShell 3.0 cmdlet through a PowerShell custom activity. In this scenario we need to use remoting. I will not cover remoting in this article but provide links for your research. In this case we will be calling the local host of the FIM service machine…

2

Enabling Windows Installer verbose logging via registry

Recently , I had sever instances were we needed a installer log for change mode for FIM. I had the details but my colleague Peter documented this quite we for us: https://identityunderground.wordpress.com/2014/02/05/note-to-self-enabling-windows-installer-verbose-logging-via-registry-while-troubleshooting-fim2010-hotfix-installation-fail/ Thanks Peter

1

Microsoft BHOLD Suite – How to use Model Loader files

Kudos to my friend over in the BHOLD area Rob de Jong for posting a great article http://social.technet.microsoft.com/wiki/contents/articles/20843.microsoft-bhold-suite-how-to-use-model-loader-files.aspx

0