21 марта 2012 г. 20:43
I am currently evaluating FIM 2010 for a large company. I need to sync user accounts from domain A to domain B. However being very new to FIM I have no idea how to setup that type of import and export up if in using the correct wording. I have the Sync server/portal and sync service setup but am kind of lost from there. I followed a video already on how to configure AD to sync with FIM but not with another domain. And even that only went so well. I get this error. But more importantly I need to sync users between domains.
There is an error executing a web service object creation request.
Message: Fault Reason: Policy prohibits the request from completing.
Fault Details: <RequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="</RequestFailures">http://www.w3.org/2001/XMLSchema"></RequestFailures>
Stack Trace: at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Create createBody)
Inner Exception: Policy prohibits the request from completing.
22 марта 2012 г. 11:39
Basicly you need
1. One inbound synchronization rule from domain A
2. One outbound synchronization rule to domain B
3. A set that consist all the users you want to synchronize
4. A workflow that adds the outbound synchronization rule
5. A MPR that binds set and workflow
These Technet articles might help you
That error you're seeing is quite generic. You should go to Search Request Page and see what it says. Usually when I've seen this message it's because there is some RegEx validation in the attribute or binding (for example ^(Contractor|Intern|Full Time Employee)?$)
- Помечено в качестве ответа Markus VilcinskasMicrosoft Employee, Owner 18 апреля 2012 г. 21:44
22 марта 2012 г. 15:56Thanks for the info. I followed those steps to and get this to at least try again to sync to FIM and under Manage My Requests I see create Person: "Request Denied. SO i ran a powershell script that tells if there are some permissions missing and it reports this:
FIM MPR Configuration For Synchronization Check
PS C:\Users\ttinis> cd .\Desktop
Missing attributes of Synchronization: Synchronization account controls users it synchronizes:
Caution: Your current MPR configuration requires your attention!
22 марта 2012 г. 17:18
That message is telling you to edit the "Synchronization: Synchronization account controls users it synchronizes" MPR and add the objectSidString to the Target Attributes.
23 марта 2012 г. 12:20It looks like I was able to do a sync to FIM and see the users accounts. About an hr after the sync was done the portal now stopped working. It goes to service unavailable. Interesting, not sure what would have happened there since no changes had been made to the portal.
25 марта 2012 г. 20:54
Could it be possible that you have updated the SID of your FIM service account?