While exporting a very tiny number of objects to FIM, the export operation gave a stopped-server error and the Event Viewer for FIM reported the "export session has timed out". It the rambled on a bit about connection times taking too long, resetting the timeout value, etc.

After failed attempts to fix this by rebooting the FIM Sync Server, clearing out the metaverse, etc. the solution turned out to be blindingly obvious--restart the FIM Service.

This is a simple thing I get asked about from time to time. Frequently, there is a requirement for users to be able to login to the Forefront Identity Manager (FIM) portal with an email address that does not have the same domain as the AD domain the portal is authenticating to.

The implementation of this is so simple, just create an attribute flow from the EmailAddress to the userPrincipalName. That should do it.

Yet again Paolo has a useful FIM post: https://espace.cern.ch/idm/Lists/Posts/Post.aspx?ID=25 (Thank you, Paolo!)

This time it's on installing the FIMAutomation on a computer without the FIM service installed.

I had to change one minor thing in his steps, so wanted to post them here mainly as a bookmark for myself. I've just copied and pasted his post but changed the step to what worked for me.

From the C:\Program Files\Microsoft Forefront Identity Manager\2010\Service folder on the FIM server, copy the following files:
•Microsoft.ResourceManagement.Automation.dll
•Microsoft.IdentityManagement.Logging.dll
•Microsoft.ResourceManagement.dll
Then, from an elevated visual studio prompt [edit: I was able to do this with a regular command prompt opened via "Run as Administrator"], register the snapin and GAC-install the other assemblies:
(1) > InstallUtil.exe -i .\Microsoft.ResourceManagement.Automation.dll
(2) > gacutil -i Microsoft.ResourceManagement.dll

I recently installed SharePoint Foundation and when I tried to navigate to Central Administration, I was receiving the Resource Not Found 404 error.

By doing a View Source on the page, I saw that the error was being thrown in a method called CheckSuspiciousFilePath.

So, I went to IIS and checked the physical path in the basic settings for the administration site. Turns out, the file path had a duplicate \ in it: D:\\. By changing that to D:\, the site started working.

(Thanks to this post: http://mosshowto.blogspot.com/2008/10/ressource-cannot-be-found-error.ht... for the helpful tip on using View Source to see the error.)

The "Service not available" message is one of the most frustrating things to see when working with FIM. Thomas posted a great post on how to get the stack trace instead. (http://setspn.blogspot.com/2010/06/fim-2010-enable-advanced-error-loggin...) I always forget commenting out the ILMErrors section. (Thanks, Thomas!)

Additionally, the problem I encounter sometimes is a double http://http:// in the service address in the web.config. Not sure what causes the FIM installation to do that on repair (I probably did something wrong), but it's easy to fix once you can see the error messages.

The developers of the Codeplex project for the FIM 2010 Resource Management Client (http://fim2010client.codeplex.com/) did a great job providing a tool that is straightforward to use and easy to learn.

One thing I could not find an example for was creating a management policy rule. It didn't take too long to figure out, but I thought I'd post the code here.

There are functions to do the following:

- Create a Set
- Retrieve the ObjectID of the Set
- Create the MPR

I only needed one specific type of MPR, so the code isn't ideal, but may help someone get started a little faster than I did.

==========
CREATE SET
==========
public void CreateSet(string sSetName, string sFilter)
{
using (DefaultClient client = new DefaultClient())
{

credentials = new NetworkCredential("user", "pwd", "domain");
client.ClientCredential = credentials;
client.RefreshSchema();

Hi--I have been remiss in paying attention to this site because of work. It looks like things got a little fubared while my back was turned.

Going to try to find time over the weekend to upgrade things. My apologies to anyone who asked for help in the comments. I wasn't even getting notifications of them.

I was having a silly issue with this, but thought I'd put it in here.

I have a custom MVExtension that is determining a csentry should be deprovisioned based on a custom attribute that is set by the source MA to a constant value. If that value goes away, the deprovisioning logic kicks in.

The simple way to get the Deprovision logic to kick in at that point is to have the Dperovision() action called on the csentry:

CSEntry csentry = ManagementAgent.Connectors.ByIndex[0];
csentry.Deprovision();

Then, in the RulesEx for that management agent, in the Deprovision section, I set the csentry["userAccountControl"].Value to disabled and called:

DeprovisionAction Deprovision = DeprovisionAction.Disconnect;
return Deprovision;

The "trick" I was missing was that I had to change the Deprovision option on the management agent to "Determine with a rules extension". Easy to overlook when there wasn't enough coffee to go round in the morning. ;-)

I got this warning when creating a management agent with a multi-valued attribute table. I was confused for a bit because my source and destination attributes were multi-valued. It turns out I'd mistakenly selected the wrong column in the "Attribute Name" column configuration. The object certainly wasn't multi-valued!

I was having trouble with a FIM custom workflow with an enumerateResourcesActivity. If an object was found, the code activity would be called, but if nothing was returned, I could not figure out how to trap that.

Turns out code activities are only executed as the resources are enumerated. (Which makes sense when I think about it, but I guess I didn't feel like thinking about it that hard.)

At any rate, I added an additional code activity after the Enumerate Resources Activity and used that to check a variable to see if the code activity on the Enumerate Resources Activity had been called.

Hope that helps someone else.