(2017-05-11) A Hotfix Rollup Package (Build 4.4.1459.0) Is Available for Microsoft Identity Manager 2016 SP1

Microsoft released a new hotfix for MIM 2016 SP1 with build 4.4.1459.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ4012498. If you have installed build build 4.4.1237.0 you cannot install this package. Build 4.4.1237.0 was a fresh MIM 2016 SP1 install and this hotfix enables the upgrade to SP1 without the need to uninstall first and reinstall.

Download link

–

Issues that are fixed or improvements that are added in this update

MIM Service

Issue 1

Authentication workflow fails with "The semaphore time out period has expired" after custom client requests AuthN token.

After you install the update, the request will complete as expected, and a clear message about a communications error is thrown into the event log.

–

Issue 2

Under a heavy load, there may be race condition situation when two MIM Service instances try to process the same workflow at the same time. This may cause workflow processing to fail.

After you install this update, this problem no longer occurs.

–

Issue 3

Set partitioning may not work if a set criteria contains a sub-condition. After you install this update, set partitioning works correctly.

–

Issue 4

Over time, some processing data accumulates in the MIM Service database, which may cause performance issues. This causes a problem when many Object IDs are retained in the FIM.Objects table. The SQL Server Agent job runs stored procedure FIM_DeleteExpiredSystemObjectsJob and removes expired system objects by collecting all the requests and any object references, and puts their object IDs into the ExpiredObjectKeys table.

Next, all values in the ObjectValue* tables are removed for each ID number in the ExpiredObjectKeys table. Finally, if the values in the ObjectValue* tables have indeed all been deleted, the matching row in the ExpiredObjectKeys table is also deleted. However, the object ID itself is never deleted from the fim.Objects table.

After you install the update, a new stored procedure in the debug namespace is added to clean up the database of these objects.

Stored Procedure Name: debug.DeleteObjectRemainders
Syntax: exec debug.DeleteObjectRemainders

–

Issue 5

After MIM SP1 clean installation, MIM Reporting or MIM Service Partitioning may not work correctly. After you install this update, both MIM Service reporting and partitioning are installed and function correctly.

–

Issue 6

If the FIMService database compatibility level is set to 120, SQL deadlocks may occur. After you install this update, these deadlocks no longer occur.

–

Improvement 1

Verbose trace logging in the MIM Service can now be enabled without forcing a restart of the service.

One new section is added to the Microsoft.ResourceManagement.Service.exe.config file to support this functionality. After you install this update, this new section is now present.

<dynamicLogging mode="true" loggingLevel="Critical" />

Logging can be set to any level between Critical and Verbose.

Two output files will be written to the installation folder for the MIM Service. It is important for the MIM Service account to have write permissions to this folder.

Folder location:

%programfiles%\Microsoft Forefront Identity Manager\2010\Service

Files written:

Microsoft.ResourceManagement.Service_tracelog.svclog

Microsoft.ResourceManagement.Service_tracelog.txt

–

Improvement 2

Support for System Center 2016 Service Manager and Data Warehouse is added for MIM Service Reporting.

Before this update, MIM Reporting could not install and perform with System Center 2016 Service Manager Console.

After you install this update, MIM Reporting can be installed and perform without a need to pre-install SCSM console, for any supported version of SCSM.

–

Synchronization Service

Issue 1

If the FIM Service management agent exports an object deletion but does not receive a confirmation of the deletion, that same object may be partly recreated in the FIMService.

After you install this update, an error will be displayed in the error list of the export run, and the recreation does not occur.

–

Issue 2

When the DN of an object is also the anchor, it cannot be renamed. Instead, you receive the following exception:

Unexpected-error

“The dimage has a different anchor or primary object class from what is on the hologram.”

After you install this update, the rename is processed as expected.

–

Issue 3

The Encryption Key Management Key (miiskmu.exe) tool may not abandon keys because of a time-out caused by a database lock.

After you install this update, the keys are processed without encountering the time-out.

–

Issue 4

When you run a synchronization profile step, periodic performance issues are encountered.

A fix was made to the mms_getprojected_csrefguids_noorder stored procedure to help improve performance.

–

Issue 5

Under certain circumstances, filter-based sync rules are applied even when they should not be.

After you install this update, the sync rule is applied only if it should be.

–

Issue 6

On Export for the Generic LDAP Connector, if the creation of an Audit Log file has been configured, the export run profile stops without posting a BAIL error.

After you install this update, an Export run profile step will run properly on the Generic LDAP Connector when the Audit Log File creation option is enabled.

–

MIM Password Reset Portal

Issue 1

When you reset a password by using the SMS authentication gate, an incorrect message is displayed to the user:

You need to click Next once you completed this call" and in next line "Call Verified:

After you install this update, the incorrect string, “Call Verified:” is removed from that dialog box.

–

MIM Identity Management Portal

Issue 1

Drag-and-drop users into the Remove box to delete or remove a member for group membership does not work in all circumstances.

After you install this fix, users can drag-and-drop users into the Remove box when you manage manual group memberships.

–

Issue 2

Local Date/Time settings being ignored for English (Australia).

After you install this update, the local date/time format settings are applied.

–

Issue 3

Custom controls are not initialized if we have custom event parameters in the Resource Control Display Configuration (RCDC).

After you install this fix, the custom controls are initialized as expected.

–

Issue 4

Error handling in the Resource Control Display Configuration is sometimes unclear.

In this update, error notifications are customized to describe the error more clearly.

–

Issue 5

When you use a copied link to a custom object in the Identity Management Portal, the object does not display as expected.

After you install this update, the custom object displays as expected from the copied link.

–

Issue 6

When you try to install the Identity Management Portal on SharePoint 2016 after you uninstall or during an update, the Portal is not installed. Additionally, you receive the following exception:

Timeout expired and error in Sharepoint log: Package name does not exist in the solution store.

Installing this update, setup will restart the SharePoint timer service to retry the failed SharePoint jobs, so setup can now complete.

–

Issue 7

The Approval View RCDC has incorrect symbols and displays an error.

After you install this fix, the approval view RCDC is displayed as expected, and does not throw an exception.

–

Issue 8

The membership buttons if custom group objects do not work correctly.

After you install this fix, the group membership buttons work as expected.

–

Issue 9

When you view the MIM Identity Management Portal by using the Firefox browser, object list-views, such as Users and Distribution Groups, do not display properly.

After you install this update, object list-views display as expected when you use the Firefox browser.

–

Issue 10

When you view the MIM Identity Management Portal by using the Internet Explorer browser, object list-views headings may not be left-aligned in the column.

After you install this update, object list-view headings display left aligned as expected.

–

Issue 11

When you run the MIM Portal in SharePoint 2016, the Join, Leave, Add Member, and Remove Member buttons do not work as expected on custom group object types.

After you install this update, these buttons work as expected against custom group object types.

–

Improvement 1

To address the fact that the default value of a Group Scope cannot be set, two optional properties were added to the UoCDropDownList and the UocRadioButtonList.

• DefaultValue
• This is an optional property. Use this property to define a default value for the control if the control is used to create new data

For example:

   <my:Control my:Name="My UocDropDownList" my:TypeName="UocDropDownList"
        …
         <my:Properties>
          ...
           <my:Property my:Name="DefaultValue" my:Value="MyDefault" />

• Condition
• Condition is optional attribute in property and it is used to specify the condition when the property is applied. The control can have several properties that use the same name but disjoint conditions
• The syntax for condition is as follows:
• my:Condition="[left part] [condition] [right part]
• Notes
• [left part] has the following options:
• Binding Source and path
• Simple value
• [condition] has the following options:
• ==
• !=
• [right part] has the following options:
• Binding Source and path
• Simple value

Example of creation different defaults for different types of group:

<my:Control my:Name="My UocDropDownList" my:TypeName="UocDropDownList"
        …
         <my:Properties>
          ...
           <my:Property my:Name="DefaultValue" my:Value=" MyDefautltForDistributionGroups" my:Condition="{Binding Source=object, Path=Type} == Distribution" />
          <my:Property my:Name="DefaultValue" my:Value=" MyDefautltForSecurityGroups " my:Condition="{Binding Source=object, Path=Type} == Security" />

-

Improvement 2

The name for all activity types that you created through Portal is authenticationGateActivity. After you install this update, all new ActivityType objects that are created, will have the following activity name values, according to type:

• Authentication: authenticationActivity1… authenticationActivityN
• Authorization: authorizationActivity1… authorizationActivityN
• Action: actionActivity1… actionActivityN

–

Improvement 3

Requestor or Approver has no means to provide Justification upon creating the request or Approving/Rejecting pending request.

With this update, a justification field is added to the Create Request view, and new justification request/workflow data can be used. The following attributes are added [//Request/Justification] and [//WorkflowData/Reason] parameters.

–

Certificate Management

Issue 1

When enrolling for a virtual smart card, entering a pin with fewer than 8 characters returns a misleading error.

After you install this update, a relevant error is returned to the user.

–

Issue 2

When renewing a smartcard, a user can be caught in an infinite renew loop.

The following steps will cause this issue:

1. The current smartcard profiles enter the renew window:
• User receives an email from FIM CM Service asking him to complete a renew request
2. User successfully executes the renew request and retrieves all certs renewed.
3. Several hours later, user receives a second email from FIM CM Service.
• This is not expected as the profile has already been renewed.
4. The user will end in an infinite renew loop if he executes all the requests FIM CM Service creates.

After you install this update, only the correct requests are created, and there is no infinite loop.

–

Issue 3

If the Delta CRLs are disabled on a Certification Authority used by MIM Certificate Management, the exception ERROR_FILE_NOT_FOUND will be thrown by MIM CM.

After you install this update, no exception is thrown.

–

Issue 4

MIM CM does not support NonAdmin mode when you work with virtual cards. Virtual smart card could be only created by the MIM CM Client during enrollment. It is also required to have local admin rights to create a virtual smart card. So, only local admins can enroll for a new virtual smart card through MIM CM Portal.

After you install this hotfix, a new registry key will configure the MIM CM client to run in non-admin mode. Notice that the virtual smart card must be pre-created before the user can enroll their virtual smart card under the non-Admin mode settings.

To enable NonAdmin mode, change or create DWORD value NonAdmin=1 under the following registry key on a client computer:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CLM\v1.0\SmartCardClient

–

Issue 5

When you use the MIM CM REST API to change the smart card status to “Disabled”, an Error 501 (NotImplemented) is returned.

After you install this update, this same code will successfully disable the smart card.

PUT …/api/v1.0/requests/{reqID}/smartcards/{smartcardID}
{
   “status” : “Disabled”
}

For more information, see the Update Smartcard Status topic on the Microsoft website.

–

Issue 6

MIM CM Server version 4.3.1999.0 or a later version (until current hotfix) cannot work with older version of CM Clients (FIM 2010R2 and MIM).

After you install this update, MIM CM Server will work with older MIM and FIM 2010R2 CM Clients (FIM 2010R2 Clients version 4.1.3508.0 and later versions were tested).

–

Issue 7

"OfflineUnblock" request could not be created by using the following call from the MIM CM REST API:

https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/create-request

After you install this update, this same code will successfully submit the OfflineUnblock request.

–

Issue 8

There is no possibility to use smart card id as a parameter when you create a "Disable"(or any other type) request by using the following call from MIM CM REST API:

https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/create-request

Only the "profile" parameter is available.

For example:

POST api/v1.0/requests
    {
        "target":"e5008CDD9E614F9BBEDC45EEEE6776F0",
        "comment":"any comment",
        "type":"Disable",
        "profiletemplateuuid":"7860DEBB-771D-464E-AAC5-2F093282CE66",
        "datacollection":[],
        "priority":"1",
        "smartcard":"49BFE09C-5590-4CC4-8A21-FB4289F4F6C8"  
     }

After you install this update, you can use the smart card id as a parameter.

Notice that the smart card id is not the same as that of the smart card serial number. Smart card id is created by the MIM CM for each active smart card.

–

Issue 9

MIM CM Client tracing does not log datetime. After you install this update, the date time data will be included in the client trace log.

–

Issue 10

Cancelling a user in the existing virtual smart cards modal dialog box can lead to an unusal and confusing error message instead of simply cancelling the operation.

After you install this update, the operation cancels the user.

–

Issue 11

Retire flow stops responding for TPM virtual smart cards when the NonAdmin option is set in the registry.

–

Issue 12

Duplicate Revocation Settings under Replace policy does not apply to a duplicated profile. After you install this update, the flow works as expected. The revocation delay is successfully copied to the duplicated profile.

–

Issue 13

MIM Certificate Management does not log web service exception data. After you install this update, CM now logs all web service exception data.

–

Improvement 1

Before this update, the only options for PIN rules in the MIM CM Modern App is MinimumPinLength.

After you install this update, the following validation settings are now available:

• Digits
• LowercaseLetters
• MaxLength
• MinLength
• SpecialCharacters
• UppercaseCharacters

–

MIM Add-in for Outlook

Issue 1

The 32-bit MIM Add-in dlls (for example, OfficeintegrationShim2010.dll) are unsigned after you apply the MIM SP1 MSP update (4.4.1302.0 build).

In this update, all files are signed as expected.

–

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

(2017-05-11) A Hotfix Rollup Package (Build 4.4.1302.0) Is Available for Microsoft Identity Manager 2016

Microsoft released a new hotfix for MIM 2016 with build 4.4.1302.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3201389. If you have installed build build 4.4.1237.0 you cannot install this package. Build 4.4.1237.0 was a fresh MIM 2016 SP1 install and this hotfix enables the upgrade to SP1 without the need to uninstall first and reinstall.

–

Issues that are fixed in this update

Microsoft Identity Manager 2016

Issue 1

When you try to upgrade to Microsoft Identity Manager SP1, you may have to uninstall and reinstall previous versions of Microsoft Identity Manager.

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

(2016-11-23) Microsoft Identity Manager (MIM) 2016 Service Pack 1 Packages

Somewhere in September Microsoft released SP1 for MIM  2016 as you can read here. The first package was MIM 2016 with SP1 already included. If you wanted to install SP1 on your current deployment you had to uninstall first and reinstall with MIM 2016 with SP1 included where you would reuse all DBs. This procedure is described here. However, for some customers uninstalling everything and reinstalling it is a little bit too much. The impact and downtime is not acceptable. Because of that Microsoft has also released a SP1 update package that can be deployed on existing MIM 2016 deployments.

–

There is a subtle different of which you must be aware:

• MIM 2016 with SP1: build 4.4.1237.0
• SP1 update package: 4.4.1302.0

–

As you can see the builds are different! Please be aware you cannot apply the SP1 update package to a deployment already running MIM 2016 with SP1. You can only apply it when running MIM 2016 RTM.

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

(2016-07-21) A Hotfix Rollup Package (Build 4.3.2266.0) Is Available for Microsoft Identity Manager 2016

Microsoft released a new hotfix for MIM 2016 with build 4.3.2266.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3171342

Download link

–

Issues that are fixed and features that are added in this update

Privileged Access Management (PAM)

Issue 1

When you create a PRIV ONLY PAM user, the PAM monitor service throws the following warning message when it tries to update the PAM users email in active directory and the value already exists:

System.Exception: Set PAM object dictionary already contain attribute ‘Email’.

–

FIM add-ins and extensions

Issue 1

SSPR windows clients on systems that use a high DPI setting have an incorrect scaling of the final page (the Password Reset Flow page) in which the radio buttons are overlapped.

–

Issue 2

SSPR windows clients have text messages that overlap after a password reset if the resulting message (success or error) contains more than three lines.

–

FIM Certificate Management

Issue 1

The ExecuteOperations.Disable operation from the Microsoft.Clm.BusinessLayer.Shared.dll public library does not work correctly and returns an error because of incorrect object initialization.

–

Issue 2

A smart card search takes 3.5 minutes on an idle server. Additionally, the search never ends if the server is stressed.

–

Issue 3

There is a redundant space in the "Profile Summary" string on the Request Complete page for some languages.

–

Issue 4

The Duplicate Revocation Settings policy is replaced because some users could not set it.

–

Issue 5

A certificate in the Certificate Management portal may use the LDAP CN name instead of DisplayName when it calls REST.

–

Issue 6

For ZH-Hans and some other languages, link underlining in the Certificate Management portal is misplaced (stroke instead of an underline) because of a font issue.

–

FIM Synchronization Service

Issue 1

Under certain conditions, the file selection dialog box does not appear on the MA configuration wizard pages.

–

Issue 2

Error messages are logged in the event log (such as Event ID 6313). Additionally, performance counters don’t work.

–

Issue 3

The Sync Service crashes when you run a Full Synchronization process that has Equal Precedence set for attributes that exist in IAF or EAF.

–

Issue 4

When an incorrect page size (either less than the minimum or more than the maximum) is used for the run profile of the ECMA2 management agent, the page size value quietly changes to the minimum or the maximum after you click Finish.

–

Issue 5

An error message from the Management Agent cannot be parsed if it contains some special symbols. Therefore, the error message doesn’t appear in the error list as expected, and a non-informative error window appears.

–

Issue 6

You receive a "Reference to undeclared entity ‘qt’" error message when you run the history process and the history text contains the "greater than" (>) symbol.

–

Issue 7

New Functionality: The ability to skip the Management Agent during the import of a server configuration is added. A new -Skip parameter is added to the Import-MIISServerConfig cmdlet.
The names of MAs to skip should be delimited by a semicolon (;), as in the following example:

Import-MIISServerConfig -Path "C:\exported" -Skip "FIMMA;ADMA"

Note If you do not use the -Skip parameter, the default behavior occurs.

–

Issue 8

A "MEMORY_ALLOCATION_FAILURE" error occurs in the Performance Monitoring tool when the performance data .dll file cannot open the process.

–

FIM Portal

Issue 1

Multivalued labels are displayed incorrectly in a single line in the UI.

–

Issue 2

When you upload Resource Control Display Configurations (RCDC), the xml-format is not verified.

–

Issue 3

You cannot drag-and-drop a user to the Remove box to delete the user or to remove the user from a group membership.

–

Issue 4

Local date and time settings are ignored for the Australian English (en-AU) locale.

–

Issue 5

This update enables customizations that have controls that are shown or hidden based on the state of the email-enabling check box.

An additional attribute to RCDCs configuration data is included in this update. The Now Event element may have a Parameters attribute. For Group RCDC for the OnChangeEmailEnabling event, the element should contain a comma-separated, case-sensitive list of controls to show or hide.

Example

<my:Control my:Name="EmailEnabling" my:TypeName="UocCheckBox"
 my:Caption="%SYMBOL_EmailEnablingCaption_END%"
 my:Description="%SYMBOL_EmailEnablingDescription_END%"
 my:AutoPostback="true" my:RightsLevel="{Binding Source=rights,
 Path=Email}">
        <my:Properties>
         <my:Property my:Name="Text" my:Value="%SYMBOL_EmailEnablingValue_END%"/>
        </my:Properties>
        <my:Events>

Note If the Parameters attribute is not included, the default behavior occurs.

–

FIM Service

Issue 1

In SharePoint Server 2013 and later versions, if you edit a workflow or update an email template by using the FIM Portal, the version is automatically updated to 4.0.0.0. This causes a system error message during processing.

–

BHOLD

Issue 1

When you add a user to an organizational unit (OU) that has some incompatible permissions in the OUs role, all the incompatible permissions are assigned.

–

Issue 2

Some issues are fixed for attribute-based authorization (ABA) roles that are assigned to a user when the roles have incompatible permissions.

–

Issue 3

When you use Access Management Connector to provision new OUs with a parent OU, all the parent OU roles are inherited but are also disabled.

–

Issue 4

An error occurs in BHOLD during installation in Internet Information Services (IIS) 10.

–

Issue 5

If two or more roles that are assigned to a user who has the same permissions as the roles, and the roles use the endDate attribute, you cannot extract a user permission that has the latest date.

–

Issue 6

An email alias is truncated if it is longer than 30 characters.

–

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

(2016-07-21) A Hotfix Rollup Package (Build 4.1.3765.0) Is Available for Forefront Identity Manager 2010 R2

Microsoft released a new hotfix for FIM 2010 R2 with build 4.1.3765.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3171318

Download link

–

Issues that are fixed and features that are added in this update

FIM Certificate Management

Issue 1

A smart card search takes 3.5 minutes on an idle server. Additionally, the search never ends if the server is stressed.

–

Issue 2

The Duplicate Revocation Settings policy is replaced because some users could not set it.

–

Issue 3

There is a redundant space in the "Profile Summary" string on the Request Complete page for some languages.

–

FIM Synchronization Service

Issue 1

In a metaverse search and when you view the object, there is a Last Modified field. But when you sort that field, it sorts as a generic text field instead of as a date field.

–

Issue 2

Error messages (such as Event ID 6313) are logged in the event log. Additionally, performance counters don’t work.

–

Issue 3

The Sync Service crashes when you run a Full Synchronization process that has Equal Precedence set for attributes that exist in IAF or EAF.

–

Issue 4

When an incorrect page size (either less than the minimum or more than the maximum) is used for the run profile of the ECMA2 management agent, the size value quietly changes to the minimum or the maximum after you click Finish.

–

Issue 5

An error message from the Management Agent cannot be parsed if it contains some special symbols. Therefore, the error message doesn’t appear in the error list as expected, and a non-informative error window appears.

–

Issue 6

You receive a "Reference to undeclared entity ‘qt’" error message when you run the history process and the history text contains the "greater than" symbol (>).

–

Issue 7

Under certain conditions, the file selection dialog box does not appear on the MA configuration wizard pages.

–

Issue 8

A "MEMORY_ALLOCATION_FAILURE" error occurs in the Performance Monitoring tool when the performance data .dll file cannot open the process.

–

FIM Portal

Issue 1

Multivalued labels are displayed incorrectly in a single line in the UI.

–

FIM Service

Issue 1

During an Export process between the Synchronization and FIM Service, the msidmCompositeType request may fail if some multivalued string attribute value is changed in the scope of the Export session. This behavior affects performance.

–

Issue 2

In SharePoint Server 2013 and later versions, if you change a workflow or update an email template by using the FIM Portal, the version is automatically updated to 4.0.0.0. This causes a system error message during processing.

–

BHOLD

Issue 1

When you add a user to an organizational unit (OU) that has some incompatible permissions in the OUs role, all the incompatible permissions are assigned.

–

Issue 2

Some issues are fixed for attribute-based authorization (ABA) roles that are assigned to a user when the roles have incompatible permissions.

–

Issue 3

When you use the Access Management Connector to provision new OUs with a parent OU, all the parent OU roles are inherited but are also disabled.

–

Issue 4

An error occurs in BHOLD during installation in Internet Information Services (IIS) 10.

–

Issue 5

If two or more roles assigned to a user who has the same permissions as the roles, and the roles use the endDate attribute, you cannot extract a user permission that has the latest date.

–

Issue 6

An email alias is truncated if it is longer than 30 characters.

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

(2015-12-12) A Hotfix Rollup Package (Build 4.3.2064.0) Is Available for Microsoft Identity Manager 2016

Microsoft released a new hotfix for MIM 2016 with build 4.3.2064.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3092179

Download link

–

Issues that are fixed or features that are added in this update

This update also fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

–

MIM add-ins and extensions

Issue 1

This hotfix addresses an issue that affects the password reset window and that occurs on monitors that have high DPI settings when the Windows display sizing of items is set to a custom size, such as 200 percent or more.

–

Certificate Management

Issue 1

You try to enroll a smart card by having the correct profile selected (with correct adminKey). However, the user PIN doesn’t correspond to the smart card PIN policy. In this situation, you receive the following error message:

The card cannot be accessed because the wrong PIN was presented.

–

Issue 2

MIM Configuration Manager Reporting doesn’t show smart card settings correctly. Settings are shown only for the Pkcs11 smartcard provider and not for baseCSP.

–

Issue 3

All policies in the MIM Configuration Manager allows for changes to "Revocation Settings" only for all certificates together. In this fix, a new page is added (CertificateTemplateRevocationSettings) to show "revocation settings" for the selected certificate. Changes to ProfilePolicyrevocationSettingsPage are also made to show all certificates of the profile.

–

MIM Synchronization Service

Issue 1

When you configure an ECMA2 run profile, you receive a “Value of ‘10’ is not a valid value” error message.

–

Issue 2

The Sync Engine reports a staging-error during delta import when the Generic LDAP connector detects the renaming of an object distinguished name.

–

Issue 3

When a rename, or a distinguishedName change, of a user is exported to Oracle Directory Enterprise Edition (ODSEE), that user is removed from group memberships. You expect that the membership reference to the renamed object will be updated, instead.

–

Issue 4

When unsupported characters are entered in the SMTP address, MIM Sync cannot correctly provision the object into GALSync MA. In this situation, the object fails and throws an error. This problem also causes the object to be duplicated.

–

Issue 5

ECMA2 Export only MA displays an "The image or delta doesn’t have an anchor" error message when you perform an Export, CS Search, or CS Deletion.

–

Issue 6

The Sync Service stops responding when you stop a run profile for the ECMA connector.

–

Issue 7

The Active Directory MA interprets objects that are restored in the directory as deleted.

–

Issue 8

If you call Set-MIISECMA2Configuration to set the configuration for the SharePoint connector (Microsoft.IdentityManagement.Connector.Sharepoint.dll, version 4.3.836.0), the call fails silently but the verbose output says that the operation was successful.

–

Issue 9

The Set-MIISADMAConfiguration cmdlet supports only a single partition and a single container. In this update, the following changes are made to the parameters of this cmdlet.

-Partitions

The -Partitions parameter allows one or more partitions to be specified in the Active Directory MA.

• The -Partitions parameter can apply single or multiple containers by using the ";" delimiter.
• If the -Partitions parameter is absent, the Set-MIISADMAConfiguration cmdlet behaves in the same manner as it did prior to this update.

Example command that uses the -Partitions parameter:

Set-MIISADMAConfiguration -MAName ‘AD_MA’ -Forest Contoso.COM -Credentials (Get-Credential Contoso\ma_ADMA) -Partitions ‘DC=Contoso,DC=COM;DC=ForestDnsZones,DC=Contoso,DC=COM’

-Container

This parameter is updated to allow one or more containers to be specified together with the -Parameters parameter. It uses the following rules:

• If the –Partitions parameter is present, parameter –Container can now apply to single or multiple containers by using the ";" delimiter.
• If –Container is absent or no container are given for the partition, all the containers of this partition are selected.
• If –Partitions is absent, the MIISADMAConfiguration cmdlet behaves in the same manner as it did prior to this update, and –Container can accept only a single containe.

Example command that uses the -Partitions and -Container parameters:

Set-MIISADMAConfiguration -MAName ‘AD_MA’ -Forest Contoso.COM -Credentials (Get-Credential Contoso\ma_ADMA) -Partitions ‘DC=Contoso,DC=COM;DC=ForestDnsZones,DC=Contoso,DC=COM’ -Container ‘OU=1,DC=Contoso,DC=COM;CN=Users,DC=Contoso,DC=COM;CN=Infrastructure,DC=ForestDnsZones,DC=Contoso,DC=COM’

–

MIM Portal

Issue 1

This hotfix addresses an issue in the MIM Portal that affects the sorting of a customized list view based on the columns that are specified in the ColumnsToDisplay property.

–

Issue 2

This hotfix updates HTML elements and attributes in the password registration portal and MIM Portal.

–

Issue 3

The object picker does not search objects that have special characters in their name.

–

Issue 4

This hotfix updates the translation of the user interface strings that relate to the “Password Reset AuthN Workflow” activity into Russian.

–

Issue 5

This hotfix addresses an issue that affects the Leave Member and Remove Member buttons when the group resource type is customized.

Issue 6

This hotfix adds a new search scope that is named "All Groups" to enable searching for and joining groups if the user does not know whether the group is a security group or a distribution list.

–

Issue 7

Specific culture localization settings for Spanish and French revert to English.

–

Issue 8

When you update an integer attribute value on the Extended Attributes tab of an object in the MIM Portal, the value is limited to a 32-bit integer. This issue occurs even though the same attribute allows 64-bit integer values if it is updated outside the Portal.

–

Issue 9

Resource Control Display Configuration (RCDC) does not allow a default tab to be configured

In this hotfix, the UOCInitialTabName parameter is added to the URL so that an object loads together with its associated RCDC.

Examples

The current RCDC users page has four tabs: General, Work Info, Contact Info, Summary.

If you open the corresponding XML, you find XML code that resembles the following:

<my:Grouping my:Name="WorkInfo" my:Caption="%SYMBOL_WorkInfoTabCaption_END%" my:Enabled="true" my:Visible="true">

If you provide the following code for an RCDC users page, the Work Info tab automatically opens:

http://mimPortal/IdentityManagement/aspx/users/EditPerson.aspx?UOCInitialTabName=WorkInfo

Or, if you provide the following code for a default administrators page, the Work Info page automatically opens:

http://mimPortal/IdentityManagement/aspx/users/EditPerson.aspx?id=7fb2b853-24f0-4498-9534-4e10589723c4&_p=1&UOCInitialTabName=WorkInfo

–

MIM Password Registration Portal

Issue 1

On the Question and Answer page, the initial scroll position is incorrect and prevents users from seeing the initial question.

–

MIM Service

Issue 1

roker service conversations are closed after a sync export to the MIM Service database.

–

Issue 2

A custom expression that includes Concatenate() is replaced by a plus sign (+) and generates an error when it is saved.

–

Issue 3

This hotfix addresses an issue that affects the MIM Service database stored procedures in which deadlocks might occur in approval workflows. In particular, deadlocks might occur in deployments that have complex or general Set definitions (for example, sets that match "/*" instead of specific resource types).

–

BHOLD

Issue 1

An inconsistency can occur between the Permission name and attribute changes that occur during an export, import, and subsequent export process in MIM Sync. In this case, BHOLD receives duplicates of a renamed group and maintains the original group in the database.

–

Issue 2

The Attestation Campaign Portal has an incorrectly worded title that displays campaign progress.

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

(2015-07-08) HTTP Error 500.0 Internal Server Error – When Accessing Federation Metadata

Do you have a claims based website and do you get the following error when accessing the federation metadata of the application?

Figure 1: HTTP Error 500.0 – Internal Server Error

–

To try to resolve this error, do the following:

• Check if the builtin group IIS_IUSRS has Read and Execute NTFS permissions (Scope: This Folder, Subfolders and Files) on the folder of the web application
• Check if the builtin group IIS_IUSRS has the user right "Impersonate A Client After Authentication" on the server running the claims based application

–

After configuring this, execute GPUPDATE /FORCE and IISRESET

–

Also see: ERROR 500.0 | Internal Server Error | AuthenticateRequest | StaticFile | 0x80070542

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

(2015-06-28) A Hotfix Rollup Package (Build 4.1.3646.0) Is Available for Forefront Identity Manager 2010 R2 SP1

Microsoft released a new hotfix for FIM 2010 R2 SP1 with build 4.1.3646.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3054196

Download link

–

Issues that are fixed or features that are added in this update

This update also fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

–

FIM Service

Issue 1

When you update the criteria of a group or set, you receive a SQL error if negative conditions exceed 7 in the filter when you click View members. After you apply this update, the View Members button works as expected.

–

FIM service portals, add-ins and extensions

Issue 1

When you use the FIM Credential Provider Extension for Self-Service Password Reset (SSPR), you cannot answer by using double-byte characters through the Windows Input Method Editor (IME) in the "Question and Answer" gate. After you apply this update double-byte characters are not permitted when you are first creating answers.

–

Issue 2

In the FIM Password Registration Portal, auto-focus on the first text box can cause the first registration question to be hidden from view. After you apply this update, the text box and its caption now act as a single control when they receive the focus, and the question is no longer hidden from view.

–

Issue 3

On the FIM Password Registration and Password Reset websites, autocomplete was not disabled for the logon forms. After you apply this update, autocomplete is disabled for all logon forms.

–

Issue 4

After you apply this update, the Object Picker control in the FIM Identity Management Portal returns invalid results if there were special characters in the search string. After you apply this update, the Object Picker control parses the HTML strings correctly so that the Object Picker control returns the correct results.

–

Certificate management

Issue 1

The revocation settings in a profile template can only be configured for all certificates together and not for each certificate separately. After you apply this update, the administrator can configure the following settings from the Revocation Settings page for each certificate in the policy:

• RevokeThisCertificate
• PublishBaseCRL
• PublishDeltaCRL

–

Related changes in the FIM CM API –> Changes in the FIM CM API were also made to accommodate this change.

• Properties of Microsoft.Clm.Shared.ProfileTemplates.RevocationOptions that were changed or added.

PublishBaseCrl
This property is obsolete. Use the PublishBaseCRL property from CertificateTemplateRevocationOptions instead.

PublishDeltaCrl
This property is obsolete. Use the PublishDeltaCRL property from CertificateTemplateRevocationOptions instead.

RevokeOldCertificates
This property is obsolete. Use the RevokeThisCertificate property from CertificateTemplateRevocationOptions instead.

CertificateTemplateRevocationSettings
Collection with configuration for each certificate template in the profile template
CertificateTemplateRevocationSettings is ReadOnlyCollection of Microsoft.Clm.Shared.ProfileTemplates.CertificateTemplateRevocationOptions type:

public ReadOnlyCollection<CertificateTemplateRevocationOptions> CertificateTemplateRevocationSettings { get; }

• New object Microsoft.Clm.Shared.ProfileTemplates.CertificateTemplateRevocationOptions has the following properties.

CertificateTemplateCommonName

Obtains the string value together with the common name of the current certificate

RevokeThisCertificate

Obtains a Boolean value that indicates whether the current certificate that is associated with the smart card or the software profile that is to be operated on during a revoke operation will also be revoked.

PublishBaseCRL

Obtains a Boolean value that indicates whether a revocation operation causes the base certificate revocation list (CRL) to be published.

PublishDeltaCRL

Obtains a Boolean value that indicates whether a revocation operation causes a delta CRL to be published.

–

FIM synchronization service

Issue 1

The management agent for Active Directory receives a "Replication Access Denied" error when you run a Delta Import run profile step on domains that contain a read-only domain controller (RODC).

The documentation currently indicates that the account that is used in the management agent for Active Directory should have replicating directory changes. This is insufficient for domains that have the RODC feature enabled. The account that is used in the management agent for Active Directory should also be granted the replication directory changes in filter set permission to run Delta Import in such domains.

–

Issue 2

When a new synchronization rule is created and is projected into the metaverse, the following situation occurs whenever a synchronization rule does not project because of a synchronization error:

• The synchronization exception causes the synchronization engine to remove the newly projected metaverse object because the synchronization failed.
• The synchronization engine does not remove the import attribute flow rules that were added in the server configuration during the synchronization of the metaverse object.

–

Effect

• Changes to the existing synchronization rule that failed initial sync do no resolve the problem.
• The replacement of that synchronization rule does not resolve the problem.

–

After you apply this update, synchronization rule fragments will not be left in the server configuration when an attempt at failed projection or synchronization is made.

–

BHOLD and Access Management Connector

Issue 1

When you create delta-attestation campaign in BHOLD Analytics, an error message is displayed regardless of whether the campaign was created. After you apply this update, the error message is displayed only if there were errors when the campaign was created.

–

Issue 2

In BHOLD Attestation, user interface elements may not be available with new versions of Internet Explorer. After you apply this update, web forms work and are displayed as expected.

–

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

(2015-05-03) A Hotfix Rollup Package (Build 4.1.3634.0) Is Available for Forefront Identity Manager 2010 R2 SP1

Microsoft released a new hotfix for FIM 2010 R2 SP1 with build 4.1.3634.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3048056

Download link

–

Issues that are fixed or features that are added in this update

This update also fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

–

Password Change Notification Service

Issue 1

Windows 2012 R2 Domain Controller Support

Supportability for Password Change Notification Service (PCNS) and Active Directory Management Agent in a Windows Server 2012 R2 domain and forest includes the following:

• Password Change Notification Service is working correctly on Windows Server 2012 R2-based domain controllers.
• Active Directory Management Agent for Windows 2012 R2 domain and forest correctly handles password change events.

Note In all supported cases, the FIM Synchronization Service must be installed only on a Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 member server. It must not be installed on a Windows Server 2012 R2 member server unless the PCNS component is installed on a Windows Server 2012 R2 domain controller.

–

Synchronization Service

Issue 1

When PCNS calls into the FIMSynchronizationService, the FIMSynchronizationService makes an LsaLookupNames2 API call. This call fails because of the format of the domain.

For example, the format of the domain fails and generates the following error:

BAIL: MMS(3120): d:\bt\35150\private\source\miis\password\listener\pcnslistener.cpp(316): 0x80070534 (No mapping between account names and security IDs was done.): Win32 API failure: 1332
BAIL: MMS(3120): d:\bt\35150\private\source\miis\password\listener\pcnslistener.cpp(570): 0x80070534 (No mapping between account names and security IDs was done.)

–

FIM Service and Identity Management Portal

Issue 1

Custom search scope

Incorrect results are shown when multiple question mark (?) characters are found.

–

Issue 2

Comma-separated values (CSV) format is not supported for file upload for UocFileDownload in an FIM resource control display configuration (RCDC). After you apply this hotfix, CSV format is added to the allow list of supported formats for this control.

–

Certificate Management

Issue 1

When a customer search returns too many objects, the following error is generated:

‘ADsDSOObject’ failed without an error message available, result code: -2147016669(0x80072023)

The method that is used, SearchUsers, did not use the DirectorySearcher object. Search is now updated to use the DirectorySearcher object.

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

 

(2015-03-20) A Hotfix Rollup Package (Build 4.1.3627.0) Is Available for Forefront Identity Manager 2010 R2

Microsoft released a new hotfix for FIM 2010 R2 with build 4.1.3627.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ3022704

Download link

–

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

–

BHOLD integration with the FIM Identity Management Portal and language packs

Issue 1

When a customer has installed the FIM Portal, BHOLD FIM Integration, and FIM language packs, a user who views a localized FIM Portal page sees the page revert to English after going to a BHOLD Self-Service page.

–

BHOLD Reporting

Issue 1

When a customer who uses BHOLD Reporting removes a filter from a report, successive reports continue to generate a report as if the filter was not removed.

–

BHOLD Model Generator

Issue 1

When you use the BHOLD Model Generator for role mining, and the Retain existing model check box is not selected, an exception may be reported when the BHOLD Model Generator loads files again.

–

Issue 2

When you use the BHOLD Model Generator for role mining, an exception may be reported when you create membership roles and proposed roles.

–

Issue 3

When you use the BHOLD Model Generator for role mining, if the user who’s running Model Generator does not exist in BHOLD, then attribute roles and ownership roles may not be created.

Issue 4

When the BHOLD Model Generator is run by a different user than who ran it previously or who installed BHOLD Core, and the Retain existing model check box is not selected, an exception may be reported.

–

FIM Service and Identity Management Portal

Issue 1

When multiple FIM Service computers are deployed, authentication workflow instances for SSPR requests that time out may remain in the Authenticating state indefinitely.

–

Issue 2

When you set or edit custom integer-valued attributes through the FIM Portal Extended attributes tab of an object, "Particular value is not supported" error message may be displayed for integer values that are greater than 2147483647.

Certificate Management

Issue 1

The FIM Certificate Management website incorrectly sends a request to the domain to look up the IdentityOneTimePasswordsRole+ FIM CM internal role.

–

Issue 2

When you select a user in the FIM CM Portal to manage a smart card, the following exception is triggered:

Object cannot be cast from DBNull to other types.
Technical Details
Type: System.InvalidCastException
Source: mscorlib
Stack Trace: at System.DBNull.System.IConvertible.ToDateTime(IFormatProvider provider)
at System.Convert.ToDateTime(Object value, IFormatProvider provider)
at Microsoft.Clm.DataAccess.Certificates.CalculateCertificateStatus(CertificateDataSet certData)
at Microsoft.Clm.BusinessLayer.Profiles.GetProfilesByStatus(Guid userUuid, ProfileStatus status)
at Microsoft.Clm.Web.UserDetail.LoadIntoInterface()
at Microsoft.Clm.Web.UserDetail.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

–

Issue 3

FIM CM orphans smart cards in the FIMCertificateManagement database if initial enrollment for the smart card is tried under the incorrect profile template. This returns the following exception:

The card cannot be accessed because the wrong PIN was presented.

When you repeatedly try to enroll the smart card with the correct profile template, you receive the following error message:

Processing error: Invalid smart card. This card may only be reused for the user and profile template for which the card is assigned. Please retire the card first before enrolling for a different user or profile template.

Note After you apply this update rollup, when the wrong profile template fails with the "wrong PIN" exception, the following symptoms occur:

• An incorrect administrator key is detected.
• The smart card object in the database is moved to a retired state, without following the retire policy.
• The user receives a message that states that the operation failed, probably because an incorrect profile template selection, and alternative profile templates are suggested.

–

Issue 4

When errors are encountered during the virtual smart card enrollment process, the virtual smart card on the computer is rolled back. However, the request in FIM Certificate Management remains in the "executing" state, making it possible for users to continue trying the existing request. However, the user cannot continue with the request because the virtual smart card being created on the computer no longer exists.

–

Issue 5

Expired or revoked logon certificates are no longer removed from smart card upon renewal in FIM CM.

This update adds functionality to remove certificates from smart cards on certificate expiration or revocation. This is a new option available in the Profile Template General Options settings page.

–

Synchronization Service

Issue 1

When the Active Directory global address list (GALSync) management agent is used against an Active Directory forest that hosts Exchange Server 2013, the GALSync solution does not generate the correct value for the msExchVersion attribute.

–

Issue 2

In a test environment, if there is no available connected data source for a particular kind of management agent, import audit trail files and export audit trail files are sometimes used to test the synchronization service solution functionality. When you use the FIM synchronization engine, this may trigger unexpected results.

The import and export operations seem to work, but on import, the run statistics show a delete and add for each object that’s exported to the drop file. Additionally, there are no objects left in the connectorspace.

This behavior occurs because the connectorspace object does not have the anchor value in the hologram as expected. Therefore, the connectorspace object is deleted and is intended to be replaced by the matching object that’s being imported. Additionally, the import add operation fails. The following workaround can be used in most scenarios.

–

Workaround

Important  Before you use this workaround, make sure that you have a current backup of the FIMSynchronizationService database.

The steps and SQL script that are documented in this workaround assume that you use a value from the metaverse object to populate the anchor value of new connectorspace objects during provisioning. If the management agent relies on the connected data source to create and provide anchor values for new objects, the provisioning code or synchronization rule may have to be temporarily changed to use a value from the metaverse to support this workaround.

This workaround is provided for a management agent with export and import run profiles configured as follows:

• Export run profile that’s configured to create an audit trail file and stop the run
• Import run profile configured to resume from audit trail file

To use this workaround, follow these steps:

1. Run the export run profile.
2. Run the script to update the FIMSynchronizationService database.
3. Run the import run profile.

–

Sample script

The sample script that’s provided here is not intended for use in a production environment and is only meant to address the specific scenario that’s documented in this article in a development or test environment.

Before you run this SQL script, it must be changed to replace the management agent identifier (cs.ma_id). If a metaverse attribute other than UID must be used, the script must also be updated to replace all instances of "mv.uid" with the fieldname of the attribute to be used.

/*
 Fix anchor field in CS table for "broken" connectors after export to log file only
 Note:
 "mv.uid" should be fixed with valid field in MV table used as anchor
 "cs.ma_id = '2F2516F6-AD5B-4CFA-9F2B-AA4385D1879E'" should be fixed with valid id of target MA
 in CS table.
*/
  
update [FIMSynchronizationService].[dbo].[mms_connectorspace]
set [anchor] = cast(reverse(cast(len(mv.uid)*2 as binary(4))) as binary(4))+cast(mv.uid as varbinary(800))
from [FIMSynchronizationService].[dbo].[mms_connectorspace] cs
 join [FIMSynchronizationService].[dbo].[mms_csmv_link] l
  on cs.object_id = l.cs_object_id 
 join [FIMSynchronizationService].[dbo].[mms_metaverse] mv
  on mv.object_id = l.mv_object_id
where cs.ma_id = '2F2516F6-AD5B-4CFA-9F2B-AA4385D1879E' and cs.[anchor] is NULL

-

Issue 3

When you perform an export run for ECMA 2.0 Export Only MA, you receive the following error message:

The image or delta doesn’t have an anchor.

–

Forefront Identity Manager Connector for SharePoint User Profile Store

Issue 1

The SharePoint connector fails when there are multiple user profile services.

–

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————