MIM Event Broker Forum

Welcome to the community forum for MIM Event Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+7
Completed

REST API to access Event Broker service methods directly

Bob Bradley 3 years ago • updated by anonymous 2 years ago 1

I know this is somewhere on the roadmap, but I thought I'd give you a specific example of how I would like to use this to lookup the Operation List name for a corresponding guid from within a PowerShell script. I know this method exists on the WCF endpoint because it is exposed in the WSDL. However it is not a simple exercise to access this from PowerShell.


For the time being I have a work-around which relies on looking up the Event Broker registry key to determine the extensibility file path, then querying the operations extensibility xml directly. However the limitation here is that this will only work if the script is running locally on the Event Broker service host.

Answer
anonymous 2 years ago

Now that this has been proven in Identity Broker we'll look at this for MIM Event Broker.

+4
Completed

Event Broker agent wizard leads to "The server is unwilling to process the request" exception for specific OU

Bob Bradley 3 years ago • updated by anonymous 1 year ago 10

When an OU is configured for an AD agent that is NOT the domain root (e.g. "OU=Employees,DC=mim2016,DC=local") we get the following exception when the generated incoming operation list is activated:


Operation faulted: The server is unwilling to process the request. - Please see the log viewer for more details.

This is because the AD Sync Changes check operation uses the full DN for the "Domain" property instead of the DC part only (i.e. "DC=mim2016,DC=local").


To avoid this error the AD sync changes operation needs to extract the DC DN from the full DN supplied.

Answer
anonymous 1 year ago

Fixed in 4.0

+2
Fixed

Event Broker Operation management halts with Blank screen

Shane Day (Chief Technology Officer) 3 years ago • updated by anonymous 2 years ago 4
Hi Product Team!
Attempting to delete operations from "/Operation" (Operation Lists Page) is met with a blank screen. The URL redirects to "/Operation/ModifyOperationLists" but the page is blank.
The only way to delete operations via the GUI is to Open the operation from the operations list. Click Actions and Delete from within the Operation. Even attempting to delete the operation this way acts strange.. When attempting to delete from within the operation the "Are you sure" window pops up for a second and automatically submits the deletion without confirmation.
Happy to ellab on this if required.

Item originally from Ryan Crossignham from PRODUCT-389

screen2.png - Latest 21/Sep/15 4:47 PM - Ryan Crossingham
+1
Completed

Email logger does not support multiple TO email addresses

Bob Bradley 3 years ago • updated by anonymous 2 years ago 4

Presently the TO address supports only a single target email address. However this field is multi-valued in the sendmail API and the logger could easily be extended to support this. There is no tooltip on this field so it was not intuitive that this restriction applied - however attempts using "," and ";" delimiters both failed. Work-arounds include setting up multiple loggers, or using a distribution list. However there are times when this would still be handy - especially when d-lists are not easily modified or the requirement is only temproary.

Answer
anonymous 2 years ago

Added ability to have logs emailed to multiple addresses. Will be included in the next release.

+1
Completed

Incorporate progress bar on executing operations

Bob Bradley 3 years ago • updated by anonymous 1 year ago 3

With the release of Ryan Newington's latest Lithnet miis-powershell module it occurred to me that it may be possible in some scenarios (e.g. full imports vs. delta imports) to leverage the progress bar idea for the Event Broker console.

Answer
anonymous 1 year ago

To be investigated during UI rewrite.

+1
Completed

Preferred DC list for AD agents

Bob Bradley 3 years ago • updated by anonymous 2 years ago 10

The native AD MA for the FIM Sync service has long had an optional configuration section for preferred DCs, so that administrators can nominate an ordered list of preferred DCs to connect to for imports/exports. When this is used with Event Broker, especially in forests where there are delays in AD replication between DCs, the result can be that Event Broker detects a change before it is replicated to the DC from which FIM is connecting. This generally results in a missed change.


A feature to configure the AD agent exactly in line with that in the corresponding AD MA is suggested here.

0
Answered

Will an operation list which doesn't run due to not meeting "check changes" generate any log data?

Tom Parker 1 week ago • updated by Adam van Vliet (Chief Information Security Officer) 1 week ago 4

V3.2.0 Rev 1

I was doing a test with this and it doesn't appear to be the case. If not, this might be a good idea to implement as it can lead to some confusion.

Answer
It does, but under Verbose. It was far too noisy otherwise, with a lot of implementation running the check every few seconds, which really adds up over a number of operations lists. Do you have any thoughts on the right balance of logging vs noise? Thanks.
0
Not a bug

Operation lists running simultaneously despite being declared in exclusion groups

Sean Little 1 week ago • updated by Adam van Vliet (Chief Information Security Officer) 1 week ago 1

We are seeing evidence at a client site that operations that should be blocked by an exclusion group are being run at the same time. For client privacy reasons, will provide screenshots via private comment describing the group and showing the clash.

We've done an analysis of the UNIFYNow (Version 3.2.0) schedule and don't see other operation lists that could be triggering the runs we're seeing in MIM but we can make the config file available on request.

Answer
This operation list is a member of this group. If there are no priority members, it will block all other members from executing while it is running. If there are prioritymembers, the operation list will not block other members of the group while it is running.
0
Not a bug

UNIFYNow doesn't handle changed MIM Run Profile names

Adrian Corston 1 month ago • updated by Adam van Vliet (Chief Information Security Officer) 1 month ago 5

In UNIFYNow, I had an operation which invoked an existing MIM Run Profile.  In MIM, I renamed that Run Profile.  Back in UNIFYNow, the old Run Profile name remained and the new name did not appear.  I tried Refresh MA on the MIM Sync agent, no luck.  I tried restarting UNIFYNow followed by another Refresh MA on the MIM Sync agent, no luck.  I ran iisreset on the server running UNIFYNow Web, no luck.

The Operation Lists which invoked the renamed MIM Run Profile is now failing, with the following error in the logs:

Please note that the Run Profile GUID is unchanged - the only thing I did was change the name of the Run Profile in MIM.

How can I get UNIFYNow to acknowledge and use the changed Run Profile name?

Answer

Hi Adrian,

Please upgrade to the latest version of UNIFYNow, v4.0.4. There were some issues surrounding MA update tracking that were resolved in that release.

0
Under review

Queue on Blocked didn't run the blocked operation in a timely fashion

Adrian Corston 2 months ago • updated by Adam van Vliet (Chief Information Security Officer) 2 months ago 8

I have two Operation Lists configured as shown:

Operation List "Incoming":
- Run Profile operation (a delta import)
- Calls Operation List "Sync"

Operation List "Sync":
- Run Profile operation (a delta sync)

Operation List "Sync" is in an exclusion group with various other operation lists that perform Sync run profiles.

When one of the other Sync operation lists are running and Operation List "Incoming" is run, the first operation (Run Profile operation (a delta import)) completes, but since Operation List "Sync" is in an exclusion group, it does not run (which is as expected).

However, I have configured Operation List "Sync" with the "Queue on Blocked" flag, so I'm expecting that it should run soon after the other Sync operation list completes.  However, it does not appear to do so in a timely manner, if at all (I only waited a few minutes).

The desired outcome here is that I can avoid having to put all my "Incoming" operation lists in an exclusion group.  I only want to exclude parallel sync operations - it's fine if delta import operations run in parallel.

Can you please advise how I can get the desired outcome to work?