Query to Find Disconnected Objects in the Metaverse

I needed a query to figure out which users in the metaverse were not connected to AD. With help from Carol Wapshere’s post on querying the metaverse (http://www.wapshere.com/missmiis/sql-query-find-metaverse-objects-with-n-connectors), I came up with this:

select EmployeeID from mms_metaverse where object_type =‘person’ and object_id not in

(select mv_object_id from dbo.mms_connectorspace cs

join dbo.mms_management_agent ma on

cs.ma_id = ma.ma_id

join dbo.mms_csmv_link mv on

mv.cs_object_id = cs.object_id

where ma.ma_name =‘ADMA’and object_type =‘user’)

AttributeNameViolatesSchema InvalidRepresentationException

I recently added a new attribute and binding in the FIM portal. After refreshing the FIM MA schema I added an attribute flow to this new attribute and received AttributeNameViolatesSchema InvalidRepresentationException exceptions.

Not sure why, but restarting the FIM Service, FIM Sync Service and doing an iisreset fixed the problem. Perhaps the FIM Sync Service restart wasn’t necessary… But I’m not sure at this point.

FIM Performance

Had a weird situation for a few days where all update or delete requests to the FIM portal were timing out–but retrieving data worked just fine.

Running this command against the FIMService DB seems to have helped:

exec sp_updatestats ‘resample’

Several sites led me to the solution here: http://social.msdn.microsoft.com/Forums/sqlserver/en-US/f0692fe1-f2e1-4cb9-9fdb-0cf27077bc39/update-stats-with-full-scan-on-database

Mystery of the Disappearing FIM Search Scopes

I was working in a dev environment and noticed that the “All Users” search scope was no longer appearing in the drop down list.

This perplexed me because I had not changed any search scopes or permissions in a long time. All I had been doing was merrily cleaning up some attributes the schema no longer needed.

Turns out one of the attributes I deleted was referenced in the search scope in the list of attributes to search and the results to display. Removing the now no longer existent attribute allowed the search scope to be displayed again after a service restart.

Unable to evaluate condition “condition name” as there are validation errors

I was encountering this error in a FIM Workflow with an If-Else statement that was using a Declarative Rule Condition where the declarative rule condition name was the “condition name”.

The fix was to add something like the following in the code behind:

private void ccManagerEmailFound(object sender, ConditionalEventArgs e)

{

e.Result = bManagerEmailFound;

}

Then, change the If-Else to a Code Condition and select the new code condition just added.

Oracle Generate WSDL returns error 500

Oracle and I are new acquaintances and I had a few problems getting the WSDL to generate from the Integration Repository. Here are the steps I took that (I think ) eventually got me past the “SOAProvider Access resulted in exception server returned HTTP response code 500 for URL” error.

1. Reset the ASADMIN user password from the console.

2. Updated the system-jazn-data.xml file with the new password (pre-pended with !).

3. Restarted the Oracle Process Manager service from “Services”.

4. Granted “All Users” permission on the “User Account” procedure.

5. Selected the “User Account” procedure and clicked “Generate WSDL”. It took a few minutes to run.

6. Clicked “Deploy”.

 

SharePoint Not Prompting For Credentials

Ran into a case where SharePoint was remembering the client credentials–even though we’d never selected a “remember” box. The credentials were being remembered even after the browser had had all instances shut down.

This turned out to be a browser issue in my case. The domain *.domain.com was listed as a Trusted Site (Tools–>Internet Options–>Security–>Trusted Sites).

Removed that, deleted the saved passwords (Tools–>Internet Options–>Browsing History–>Delete–>Passwords) and closed all instances of IE.
Then, opened IE and was prompted for the login. Gave it. Closed IE and opened it again and was prompted for the login.
As an aside, before we figured this out, I also had to add some JavaScript to the master page to force the user to log out after a certain amount of time. Found this solution here:http://sharepoint.stackexchange.com/questions/29261/how-to-log-off-user-from-sharepoint-site-if-the-user-has-been-inactive-for-20-m

<scripttype=”text/javascript”>

function Timeout() {

var t = setTimeout(“RedirectToLogout()”, 20 * 60000);

}

function RedirectToLogout() {

    var path = “~/_layouts/SignOut.aspx”;

window.navigate(path);

}

Timeout();

</script>