June 17, 2014

FIM EnumerateResource returns "nothing" when TotalResultsCount = 1

Writing about web page http://www.wapshere.com/missmiis/getting-something-back-from-the-enumerateresourcesactivity

After adding workflow elements to enumerate an object, the ResorceType that gets returned is "nothing", however TotalResultsCount is 1 or more.

What's going on?

I'd added three separate enumerations to a workflow, and they worked fine. I added a fourth (enumerating a /Person resource) it was returning blank, despite the xpath being correct.

My standard set of workflow modules for doing an enumerate is normally this;

  • Code: prepareToEnumerate
  • EnumerateResource: enumerate
  • Hidden: Iteration handler
  • Code: Deug logging

There are two sets of code associated with a workflow;

  • MyWorkflow.vb - contains the code executed by the workflow objects entered into the designer
  • MyWorkflow.design.vb - is the saffolding for the designer, and holds metadata about your code

The modules I'd created in the designer previously seem to have been added just fine to the designer.vb file. However the last one wasn't - there was no reference to my hidden iteration handler, so I added it manually using the excelent guide at missmiis's blog.

The process she describes adds-in a reference to your hidden iterator code, and manually adds your iterator code as a handler to the EnumerateResource code. The design.vb code contains comments warning about making changes - seems like they can be safely ignored.

There's lots of stuff on the web that implies all enumerateResource code that requires an iterator needs to be manually added to the design.vb code. I'm still convinced that the first few enumerates I added worked automatically, and that maybe some other aspect (like the enumerate object was added to an if-else block) prevented it being added. I'll post an update once Ive experimented a little more.


March 28, 2014

How to get FIM to synchronize to an untrusted domain

It is straightforward to sync objects to and from an untrusted domain with FIM.

When I tried it, it didn’t work at first and I found a bunch of misinformation about whether it’s even possible to have a FIM system in one domain/forest sync objects to an untrusted domain. Some blogs insist there needs to be a forest trust in place, and in one Microsoft example they assume that a trust has been set up. Not so; no trust is needed.

The key is to ensure that both the domain hosting FIM and untrusted domains can resolve each other’s names in DNS - here's how I did it.

Before you configure the AD MA:

1. On the untrusted domain, set up a DNS forwarder to point to the domain that hosts FIM

new conditional forwarder

2. In the domain that hosts FIM, in DNS, set-up a Conditional Forwarder pointing to the untrusted domain. A conditional forwarder tells your domain ‘if you get DNS requests for untrusteddomain, send them to this ip address to be resolved’

new_conditional_forwarder.png

TIP: if you want the conditional forwarder to be replicated throughout your AD (seriously, you do) tick the 'Store this...' box. Also, don't worry about the Big Rex X - it goes away once DNS has resolved the netbios name of your untrusted domain.

3. Test your DNS config by pinging the untrusted domain (ping untrusteddomain.myorg.co.uk -4) from the domain that's hosting FIM. Now check that the untrusted domain server can ping the domain that's hosting FIM (ping domain.myorg.co.uk -4). When you can, you’re good to go.

4. Create a new AD MA in the FIM Synchronization manager

5. Configure the connection parameters like this;

ad_ma_settings.png

6. Click OK, and you should be presented with a list of partitions in the untrusted domain.


October 04, 2013

FIM Service Will Not Start After Installation

The FIM Service needs an internet connection to complete installation. If you use a FIM development or sandbox environment that is isolated from your main network and the Internet, you may find the FIM Service will not start at the end of the installation process, and fails with a timeout error.

The issue is caused because the default timout for a service to start-up is 30seconds. The FIM Service uses the .NET 3 framework, and at FIM Service startup the .NET CLR attempts to validate the .NET authenticode signature by connecting to a microsoft web-site. If you have no connection to the Internet the authenticode certificate revocation check will wait for several minutes before timing out, by which time the FIM service-startup has timed-out.

I resolved the problem by configuring an additional temporary network interface to my VM which natted to my real network. Once the VM could 'see' the Internet to do the signature check, the FIM Service started normally. Then I removed my temporary network interface.

You could also:

(FIM service fails to start. Fim service does not start. Fim installation fails)


October 02, 2013

How to add extra adjustment points to a Visio curved connector

Writing about web page http://www.tech-archive.net/Archive/Visio/microsoft.public.visio.general/2010-04/msg00165.html

By default a Visio curved connector has three adjustment handles that you can use to change the curve. You can add more to make more complex bends, or smooth-out lumpy curves. It's straightforward to do, but the information is surprisingly difficult to find;

  1. Select the curve
  2. Select the Freeform Tool (Home tab>Tools Pane > Dropdown at the top right)
  3. Hold the Ctrl-key and click where you want the new adjustment points adding

Three new adjustment points appear


September 19, 2013

VB and C# functions generate the same 'random' strings each time

I'm using a standard VB.net pattern to generate random usercodes;

Function GenerateUsercode()
Dim s As String = "abcdefghijklmnopqrstuvwxyz"
Dim r As New Random
Dim sb As New StringBuilder
For i As Integer = 1 To 8
Dim idx As Integer = r.Next(0, s.Length)
sb.Append(s.Substring(idx, 1))
Next
Return sb.ToString()
End Function

However, if I call it twice, quickly, it generates the same 'random' usercode. Here's what it looks like when I call it with:

dim pass1 as string = GenerateUsercode()
dim pass2 as string = GenerateUsercode()
System.Diagnostics.Debug.Write(pass1 & " " & pass2)

Output:

uerpajfv uerpajfv

It looks like something is being cached. If I set a breakpoint and step throgh the code, it generates two random strings. I tried resetting things; reDIMming all the variables after they'd been used, resetting the stringbuilder to zero length, and started Googling in earnest. This blog had the answer; The problem is that the 'Dim r As New Random' line in the function is being executed so quickly (presumably a combination of fast processor, very good compliler optimisation) that the random seed is being created with the same value each time it's generated.

There's actually no need to regenerate the seed every time because the

r.Next

gets the next random number based on the seed. The solution is to move the 'Dim r As New Random' out of the function to the main delarations area where it executes once, and the pattern works perfectly.


September 10, 2013

FIM Oracle MA

If you're struggling to configure the Oracle MA in FIM, there's an excellent guide to installing the Oracle client on a Windows server here.

I struggled even with this guide; I downloaded and merged both sets of driver files, created environment variables, and ran the ODBC_install app which flashed-up a dos box breifly, but gave no indication whether it had worked. When I ran the Windows Data Sources (ODBC) tool and tried to add a new User DSN, no Oracle driver was listed.

Turns out that the Oracle Drivers are 32-bit drivers; there's no 64-but version. And on a 64Bit Windows server, the Windows Data Sources (ODBC) tool lists only 64 bit drivers. You have to open a command prompt and specifically run the 32bit version of the Windows Data Sources tool:

c:\windows\SysWOW64\odbcad32.exe

The Oracle driver will be listed; select it and set-up your odbc connection as usual.


August 13, 2013

Connecting to the FIM Web Service from custom applications

I've been evaluating Groovy/Grails vs .NET as a method of making a better FIM Portal and struggled to find clear documentationon on the right address to use to connect to the FIM web service from a development environment.

First check that the FIM web service is actually running on your FIM Service server.

Connect to the server, open a command window, and type netstat -a You should see entries for 0.0.0.0.5725 and 0.0.0.0.5726 indicating that the FIM Service is listening on these ports. [If you changed the default ports during install, you should see the FIM service listening on your custom ports.] If these ports aren't listed, then the FIM Web Service isn't listening and you need to get it running before you go any further.

To access the FIM Web Service, use the address:

http://<servername>:5725/ResourceManagementService/MEX

If you have Visual Studio handy, a quick way to check FIM Web Service is working is to create a new ASP.net web project, add a Service Reference, paste in the address above with your server name (or localhost), and click the Go button. Click to expand the Service node and you will see the service types and operations available:

Accessing the FIM Web Service from Visual Studio




May 20, 2013

How to export your own data using the PowerShell export–csv commandlet

You’ve created a bunch of your own data in a PowerShell script, and want to export it as a csv file. Maybe you’ve tried using the Export-Csv commandlet, but it didn’t work as you expected, so you’ve resorted to hacking strings about and ‘exporting’ it using Write-Host and Start-Transcript, or something similar?

The trick is to turn your data into objects. Once your data is in object form you can pass it straight to export-csv, or to any other commandlet. Here’s how I did it:

Scenario

I’m extracting data from Active Directory accounts to pass to a colleague who needs to email each account-holder. I’ve ended-up with the following PowerShell variables, each containing about 1000 records that I want to export as a .csv file.

My Powershell Variable

Where the data came from

$AdAccountname

SamAccountname

$PrimarySMTP

Extracted by looping through proxyAddresses looking for the one that starts “SMTP:”

$MonthsRegisted

Date calculation that compares registration date to now, and records the number of months


Approach


Block diagram showing how to arrange data in PowerShell so that it will export to a csv file correctly


1. Create an empty array to store my stuff

2. Create an object for each line of our results

3. Add each column from each line as an attribute of this object

4. Pipe the array to export-csv


Steps

Decide on a name for my new object. I’ll go with $contactObject

Create an empty array ($resultsarray) to hold my 1000 new $contactObject objects

Loop for each “Contact”-----------------------------------------------------

Make a new empty “Contact” object

Add $AdAccountname attribute to “Contact”

Add $PrimarySMTP attribute to “Contact”

Add $MonthsRegisted attribute to “Contact”

Add the “Contact” object to the results array ($resultsarray)

------------------------------------------------------------------------------

When the loop is finished, Export $resultsarray as a .csv file

PowerShell Code

Example Powershell code that will output data using the export-csv commandlet

# Declare an array to collect our result objects
$resultsarray =@()

# $contacts will be the ‘loop counter’, so set it to the same as any of our variables; $AdAccountname will do
$contacts=$AdAccountname

# For every $contact held in the $contacts, do this loop
foreach ($contact in $contacts){

# Create a new custom object to hold our result.
$contactObject = new-object PSObject

# Add our data to $contactObject as attributes using the add-member commandlet
$contactObject | add-member -membertype NoteProperty -name "AD Account" -Value $AdAccountname
$contactObject | add-member -membertype NoteProperty -name "SMTP" -Value $PrimarySMTP
$contactObject | add-member -membertype NoteProperty -name "Registered" -Value $MonthsRegisted

# Save the current $contactObject by appending it to $resultsArray ( += means append a new element to ‘me’)
$resultsarray += $contactObject
}
$resultsarray| Export-csv Contacts.csv -notypeinformation

September 2019

Mo Tu We Th Fr Sa Su
Aug |  Today  |
                  1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30                  

Search this blog

Tags

Galleries

Blog archive

Loading…
RSS2.0 Atom
Not signed in
Sign in

Powered by BlogBuilder
© MMXIX