Trouble editing users after restore of FIM 2010 R2 RRS feed

  • Question

  • In our deployment setup, we ran into errors regarding deprovisioning users in our domain, so we desided to do a restore, to get back at a good state.

    We followed the restore plan from OCG training course nr. 520 - ForeFront Identity Manager 2010 - Impplementation Foundation Training

    Module 8 - Exercise 3 Restore (after a disaster)

    Restore the FIM Service and FIM Synchronization Services Databases
    Restore the FIM Encryption Keys
    Synchronize the data.

    Restored both databases - with the option "Overrite the existing database (WITH REPLACE)
    We also set "the Broker enabled"
    We ran the "miisactivate" - for restoring the FIM Encryption keys.
    We got alle data sources back in to sync with FIM

    BUT - now we can not edit existing users - they are not blue/hyperlinks.
    We can select a user, and click Details - but again only in "read only" mode.
    We can create new users, and submit, but after submit we can still not edit the user.
    I can edit my own user. (under "my profile")

    We have tryed logged on as an ordernary administrator, that worked fine before restore, and at the time when the databases were backed up.
    We have tryed logged on as FIM-ServiceAccount. Both with the same resault.

    We have verifyed that both users, after restore, are in the standard "set" Administrators.

    We have no trouble editing in :
     Management Policy Rules

    Tuesday, November 13, 2012 10:02 AM

All replies

  • Hi again

    Does anyone have a clue about what is going on in our setup ?

    Yesterday afternoon, we had a go on installing FIM on a different server and connect it to the restored databases as mention above.

    We still have the same error - in fact we do not get any errors - we just can't edit our users.

    Wednesday, November 14, 2012 7:14 AM
  • Hello,

    Some suggestions as to what you may check:

    • The ObjectSID of the logged-on user may be out-of-sync with the one as stored in Active Directory for that account due to the restore
    • The actual ResourceId of the logged-on user is out-of-sync with the ResourceID that is supposed to be with the administrator account as shown in the Administrators set
    • RCDC called "Configuration for User Editing" should have its checkbox "Applies to Edit" set
    • Operations on set "Administration: Administrators can read and update Users", checkbox "Modify a single-valued attribute" should be set

    Friday, November 23, 2012 5:16 PM