25 articles Uncategorized

Install and Configure a Group Managed Service Account with Microsoft Identity Manager 2016 SP1 with Hotfix 4.5.26.0

Hello All !! Microsoft Identity Manager has had numerous support, enhancements, and bug fixes over the past year such as adding support for SQL AlwaysOn, SQL on IaaS, and System Center 2016, the ability to create new custom objects that act like groups, and operational items like quickly enabling verbose tracing without service restart. Today,…

What the MIM Hybrid !! Azure AD B2B collaboration with Azure App Proxy and Microsoft Identity Manager

This is pretty Exciting work we have been doing around B2B and Guest Access to on-premises access. Azure AD B2B has made enabling access to documents and applications to business partners extremely easy and secure. This has been great for cloud workloads but left a gap in the hybrid world that we live in. Microsoft’s latest…

Creating Microsoft Identity Manager (SP1) Portal Site on SharePoint 2016

Hello all been a busy season for FIM/MIM today I wanted to walk through the steps of installing MIM SP1 on SharePoint 2016. Below are the steps I took to get everything working from service and portal standpoint. As a reminder all accounts were pre-created and service principal names(SPN) were already set. For more information,…

PAM: Failed with Operation requires that destination domain auditing to be enabled

  Issue:  When trying to create NEW-PAMGROUP : Failed with Operation requires that destination domain auditing to be enabled “System.Exception: Failed PAM group 'TFCAdmins' SID migration; Exception: System.ComponentModel.Win32Exception(0x80004005): The operation requires that destination domain auditing be enabled at Microsoft.IdentityManagement.WinTools.SidCloner.CloneSid(String sourceIdentity, String sourceDomain, StringsourceDC, String sourceUserName, SecureString sourcePassword, String targetIdentity, String targetDomain)” ——————————————— When looking at…

FIM/MIM OOB Solution CIO Direct Reports and Indirects

Scenario: In this scenario there was a request to have a distribution list for all  CIO > Manager + Direct Reports > Manager + Direct Reports. The end result will be everyone who reports to the CIO both directly and indirectly. Sample Data: CIO Direct and Indirect Reports Distribution List Directors DL Manager DL Supervisors…

AADSync – The server encountered an unexpected error creating performance counters

  Wonder why you get this error as we have seen this is a know issue in many of the MIIS/FIM products installations. Below is the error and the suggested fix: Log Name:      ApplicationSource:        ADSyncDate:          1/12/2015 12:47:11 PMEvent ID:      6313Task Category: ServerLevel:         ErrorKeywords:      ClassicUser:          N/AComputer:      AADSync.contoso.comDescription:The server encountered an unexpected error creating performance counters for…

AADSync – Configure filtering Part 1

I have had several cases with questions on AADSync Filtering. As a general rule I never use Outbound filtering as these are not saved during upgrade. In this posting we will discuss one of the options used to filter objects as it is described in the msdn article : http://msdn.microsoft.com/en-us/library/azure/dn801051.aspx  by using the cloudFiltered(negative filtering…

FIM CM was unable to decrypt necessary data error

  Troubleshooting Steps: Enable FIM CM Tracing:(http://social.technet.microsoft.com/wiki/contents/articles/4020.how-to-capture-a-verbose-log-for-clm-or-fim-cm.aspx ) Enable CAPI Logging: (http://blogs.msdn.com/b/benjaminperkins/archive/2013/10/01/enable-capi2-event-logging-to-troubleshoot-pki-and-ssl-certificate-issues.aspx ) After looking at the CM logs we seen that the Cm was unable to find the correct certificate. "DOMAIN\USERA" "DOMAIN\USERA" 0x00000F60 0x00000006 Data to be decrypted: MIIDZAYJKoZIhvcNAQcDoIIDVTCCA1ECAQAxggF4MIIBdAIBADBcMEUxEzARBgoJkiaJk/IsZAEZFgNsb2MxGzAZBgoJkiaJk/IsZAE=. "2014-03-19 14:37:27.14 -06" "Microsoft.Clm.Security.Principal.RevertToSelfContext" "Microsoft.Clm.Security.Principal.RevertToSelfContext RevertIfImpersonating()" "DOMAIN\USERA" "DOMAIN\USERA" 0x00000F60 0x00000006 Reverting to the process identity…