Hi all,

I would like to use an SQL statement to modify the DialogUserPassword, something like :

UPDATE person SET DialogUserPassword = '<my encrypted password>' where personnelNumber = '12345'

Does anyone of you know how to generate <my encrypted password>  ??? I think that I should use the Dialog User Salt attribute but I don't knowhow.

Thank you for your help and best regards,

Steph.

I am looking for a quick an easy way to understand what happened to a user with D1IM ADE edition.

For example:

A user gets removed from a group because the attestor denied the attestion. How can I retrace what happened? What should the administrator look at when the user actuallly come and ask "Hey! Why am I not in the group anymore?"

Thanks,

Hi All,

        I have observed that CentralPassword is not encrypted by default.  We can see clear text from object browser.  Designer--> Database Schema --> Person--> CentralAccount column says encrypted but value not encrypted.

I am using version 6.1.  Is it a defect or am I missing any?

thanks in advance.

Hello,

In the standard webfrontend, you are able to manage the system entitlements you are responsible for.

In my case i´m currently implementing the management of created AD groups.

I´m using the module VI_Roles_RolesAndEntitlements (I have customized it but not for this case) and in the "Owners" tab you are able to manage the owners of the product for the AD group.

The problem in this module is that you are able to choose dummy- and inactive person objects - for me (and of course the customer) this does not make sense at all.

Unfortunately this module is so huge and complex so I wanted to ask here if anybody knows a simple or even a standard way to filter dummy and inactive persons out of the candidate collection.

Has anyone a clue? Or should I create a DELL SR?

Regards,

Joachim

Hello all,

I have been attempting to export a newly created attestation framework for a single product from our developement environment to our production instance.  I have enabled export mode, located the change management area and added all of the appropriate selections (that I know of) however upon attempting to use the database transporter to create a transport file, I recieve the below error:

Object reference not set to an instance of an object.

          at DBTransporter.frmTransportWizard.workerExport_DoWork(Object sender, DoWorkEventArgs e)

          at VI.Transport.Transport.SaveToFile(String strFileName)

          at VI.Transport.TagTransport.Export(Transport sender, TransportTaskArguments args)

          at VI.Transport.TagTransport._ExportTag(IColElem eTag, TransportTaskArguments args)

          at VI.Transport.TagTransport._GetExportData(IColElem eTag, ObjectContainer ctnTag, DbObjectDataCollection colCommon, DbObjectDataCollection colPayload)

          at VI.Transport.Transport.HandleException(ITransportTask sender, Exception ex, ISingleDbObject dbObject)

Object reference not set to an instance of an object.

          at VI.Transport.TagTransport._GetExportData(IColElem eTag, ObjectContainer ctnTag, DbObjectDataCollection colCommon, DbObjectDataCollection colPayload)

          at VI.DB.DbObjectDataCollection.GetTransportDefaultRelationNames(TableDef table)

          at VI.DB.DbObjectDataCollection._GetRelations(TableDef tableDef, HashSet`1 tables, HashSet`1 relations)

The items include in this change label are:

Approval policies > Product XYZ Approval Policy

Approval workflows > Product XYZ Workflow

Attestation policies > Product XYZ Policy

Attestation procedures > Product XYZ Procedure

Attestation procedures: approval policy assignments > Product XYZ Procedure Product XYZ Approval Policy

Attestation types > Product XYZ Attestation

I am unclear were I should be looking to try and resolve the issue or if it

Hi All,

I have configured an attestation policy than on revoke the business role is removed/unsubscribed from the user, to bypass all the steps in the unsubscribe workflow I added at the beginning a query that checks if there is an attestation case that was denied/revoked for the combination of user and role, and with the UID_PersonWantsOrg in the same entry.

Is there another cleaner way to do it? Since the UID_PersonWantsOrg is inside the field ReportContent I prefer to change this approach, even if it's working at the moment.

Thanks

JM

Hi,

I try to use the "CP - Calculated group of approvers" procedure.

First I try to select the manager of the "UID_PersonOrdered" person with the condition below:

select *

from Person

where UID_Person in

(

          select UID_PersonHead

          from Person

          where UID_Person = '@UID_PersonOrdered'

)

But the request was aborted with the following reason: "Approval decided by the system, no approver available."

This is why I suppose my condition is not correct.

Does anyone see the error?

Regards,

Serge

Hi all,

Does anybody know if its possible to change the New user certification attestation policy to be able to use custom workflow instead of only "New user certifiation" approval polilcy? Thanks in advance!

Kenny

Hi community.

I've got a problem while creating ADS Account. I have two domains connected to Q1IM and for one domain creating users works fine. But for the second domain not. I have checked attributes mapping and it seems OK. I have also checked permissions on AD. I don't see any differences in configuration. So, where/what else should I check?

The connection mode of the provider was set to Default.

    The access to RAS attributes was set with the value True.

    The access to terminal properties was set with the value True.

    [854003] Processing task ADSAccount Insert failed.

    [997030] Cannot publish object LDAP://MYSERVER:389/CN=My Commonname,OU=Users,OU=MyOU,OU=myOU,DC=mySubDomain,DC=mydomain,DC=mydomain (Message : Cannot save RAS settings of object LDAP://MYSERVER:389/CN=My Commonname,OU=Users,OU=MyOU,OU=myOU,DC=mySubDomain,DC=mydomain,DC=mydomain.).

    [997021] Cannot save RAS settings of object LDAP://MYSERVER:389/CN=My Commonname,OU=Users,OU=MyOU,OU=myOU,DC=mySubDomain,DC=mydomain,DC=mydomain.

    [System.Exception] RAS properties not written (Error reading RAS properties of account my.commonname using server MYSERVER

       at StdioProcessor.StdioProcessor._Execute(Job job)

       at VI.JobService.JobComponents.ADSComponent.Activate(String Task)

       ---- Start of Inner Exception ----

       at VI.JobService.JobComponents.ADSComponent.Activate(String Task)

       at VI.JobService.JobComponents.ADSComponent._ADSACCOUNT_INSERT()

       at VI.JobService.NSProvider.ADSProvider.PutObject()

       ---- Start of Inner Exception ----

       at VI.JobService.NSProvider.ADSProvider.PutObject()

       ---- Start of Inner Exception ----

       at VI.JobService.NSProvider.ADSProvider.PutObject()

       at VI.JobService.NSProvider.RAS.SET(String ServerName, String UserName)

Thanks for help.

Best regards,

Evgen

Can any one guide me to import the Historical data in to the Quest Identity Mananger

We are running into an issue trying to automatically create service items to be requested via the IT Shop.  The customer has an application that is controlled by AD groups, and any time a new group shows up in a particular OU, they want that to be automatically requestable.  The process we built does the following:

1. When seeing the new group appear in ADSGroup, an entry is created in UNSGroupB

2. When the UNSGroupB entitlement is created for this particular target, a process is triggered to create a Business Role

3. Once the Business Role is created, a process is triggered to create an AccProduct

4. Once the AccProduct is created, a process is triggered to create a Requestable Resource

5. Once hte Requestable Resource is created, a process is triggered to create the ITShopOrg and ITShopOrgHasRessource records

Everything seems to be working great until the end when we see the following tasks show up:

The update step fails due to having duplicate alternate keys.  If we execute the Delete processes, then kick off the update, the update runs fine.  If you notice, the Delete jobs are dated ahead of the update by 5 minutes, so they fail consistently.  We also have an issue that our original ITShopOrg record gets deleted, and it has a unique identifier in a custom field so that we can track it back to the objectGuid of the ADGroup.

Any thoughts on what we can do to resolve this?  Should we take a different approach, or is there something we can tweak?

Hello,

I try all day to send a mail notification for approval in a IT Shop workflow, without success.

The approval step is correct because there is a task for the manager on the portal, but he does not receive mail.

I have checked he has the correct email address and culture in his employee account.

I have enabled and modified a lot of configuration parameters :

• Common\MailNotification
• Common\MailNotification\DefaultAddress
• Common\MailNotification\DefaultCulture
• Common\MailNotification\DefaultLanguage
• Common\MailNotification\DefaultSender
• Common\MailNotification\Signature
• Common\MailNotification\SMTPAccount
• Common\MailNotification\SMTPDomain
• Common\MailNotification\SMTPPassword
• Common\MailNotification\SMTPPort
• Common\MailNotification\SMTPRelay
• Common\MailNotification\SMTPUseDefaultCredentials
• QER\ITShop\DefaultSenderAddress
• QER\ITShop\MailApproval
• QER\ITShop\MailApproval\Account
• QER\ITShop\MailApproval\Domain
• QER\ITShop\MailApproval\ExchangeURI
• QER\ITShop\MailApproval\Inbox
• QER\ITShop\MailApproval\Password

Strangely, I don't have any error in job server or windows event viewer...

Serge

Hello Everyone,

When using the Identity Manager IT-Shop web portal the website fails with the error “Server Error in ‘/IdentityManager’ Application.” when clicking “Yes” after clicking the “Check & Submit to shopping cart” button.

Note: This error will only occur if loading the website on the Server hosting the website; loading the website from any other system in the domain will work perfectly as expected.

Plain IT-Shop with no customizations

Q1IM 6.1.1 install

When checking the Application Log of the Event Viewer on the IIS Server I see the following Event:

Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 12/18/2013 11:44:30 AM

Event time (UTC): 12/18/2013 3:44:30 PM

Event ID: e700669f10af4ebdaa126681bdde1511

Event sequence: 240

Event occurrence: 1

Event detail code: 0

Application information:

    Application domain: /LM/W3SVC/1/ROOT/IdentityManager-1-130318549405710935

    Trust level: Full

    Application Virtual Path: /IdentityManager

    Application Path: C:\inetpub\wwwroot\IdentityManager\

    Machine name: Q1IMIIS

Process information:

    Process ID: 1452

    Process name: w3wp.exe

    Account name: DEMOCORP\administrator

Exception information:

    Exception type: HttpException

    Exception message: Multiple controls with the same ID 'Y____Cctl63___X' were found. FindControl requires that controls have unique IDs.

Request information:

    Request URL: http://q1imiis.domain.com/IdentityManager/page.axd

    Request path: /IdentityManager/page.axd

    User host address: ::1

    User: DEMOCORP\batman

    Is authenticated: True

    Authentication Type: NTLM

    Thread account name: DEMOCORP\administrator

Thread information:

    Thread ID: 10

    Thread account name: DEMOCORP\administrator

    Is impersonating: False

    Stack trace:    at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FillNamedControlsTable(Control namingContainer, ControlCollection controls)

   at System.Web.UI.Control.FindControl(String id, Int32 pathOffset)

   at System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Full text from Website:

Server Error in '/IdentityManager' Application.

--------------------------------------------------------------------------------

Runtime Error

Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.

Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".

<!-- Web.Config Configuration File -->

<configuration>

    <system.web>

        <customErrors mode="RemoteOnly"/>

    </system.web>

</configuration>

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

<configuration>

    <system.web>

        <customErrors mode="On" defaultRedirect="mycustompage.htm"/>

    </system.web>

</configuration>

I just wanted to upload this event to the Communities to check and see if anyone has seen this error before or has any ideas.

Thank you all in advance,

Roman Demchenko

Hi Gurus,

I'm receiving the following error when capitalizing the first and last name of an employee, for example from JOE DOE to Joe Doe.

Person: company resource assignments: Error applying dynamic template for Display value on object DOE, JOE - JDOE.

Error executing script 'Tmpl_PersonHasObject_YDisplayValue'.

The Specified ObjectKey was invalid.

Any ideas?  =S

Thanks,

JM

Hi,

I'm few days old with Q1IM and have a question related to Job Queue configurations.

1. When Installing the Server Service on the AD (targetSystem) I have specified the Queue name as "ad_excg" instead of leaving it as the default name "%SERVERNAME%". Now, I went to the designer and changed the queue name for the target as appropriate. Is there any other place that I need to change things relavent to this ?
2. Since the installation on the QIM machine, the server service would start but I never see the log through the browser (http://localhost:1880/log). Finally, I copied the same jobConfig.cfg file from my target (AD) and used the same on QIM system's service as well, now the browser would load things fine but as expected I see there is a clash in the queue name and so any internal jobs within Q1IM would not run. What is the best way to resolve this issue.

Thank you in advance for your help.

Rajesh Seshadri A

Hello,

We want people may ask for department membership trought the ITShop.

For all departments, we have created:

• a couple {shop / shelf} dedicated to department products
• a service catalog dedicated to department service items
• a ressource type dedicated to department assignment ressources

For each department, we have created:

• an associated service item (in the service catalog specified above)
  • IsReusable=true
• an assignment ressource which bind the department with the service item
  • IsForITShop=true
  • IsITShopOnly=true
  • IsAssignmentRessource=true
  • ConnectionTable="department"
  • ConnectionPath="e5b40f7f-d760-4274-b954-b47f339e4a34" (id of the targeted department)
• a product (in the shop/shelf specified above): automatically created when add an ITShopOrgHasResource between the shelf and the assignment ressource.

This way seems to work fine: we can add department service item in cart but we can't submit the request.

We meet the error: "object key is a required field".

So we investiguated on the cart item and we notice that the ObjectKeyAssignment field is emty.

We guess that quest was expected a value like the one below in order create a PersonInDepartment object.

<Key><T>PersonInDepartment</T><P>e5b40f7f-d760-4274-b954-b47f339e4a34</P><P>9d674f3d-984a-4fce-976e-8d92c870c013</P></Key>

For your information we have already applied the same schema for business roles and it works fine, this is why we would like to reproduce it dor department.

Why quest don't have generate a value for the ObjectKeyAssignment field?

Does anyone try to do this in a similar way?

Regards,

Serge

Hi all,

Does anybody knows how to obtain the property's previous value, the value that was stored just before commit?

Actually my purpose is to update PersonInDepartment table while the UID_Department property of the Person table is changed. To do this, I have to know the initial UID_Department value in order to find the needed entry in PersonInDepartment and to update it with the new UID_Department value. I use a process which is called on UPDATE and INSERT events.

I've tried to use the "Old" attribute(exemple $UID_Department[o]$) ,but I noticed that this value is overwritten by the New Value on commit,so it cannot work.

Best regards,

Anton

Is it possible to use a script (for instance PS) to trigger a process within Q1IM ?

If yes could you please provide me some example ?

Hi ,

I was doing a bulk update to managelevel  for Adsaccount in Q1IM using Quick connect but it is changing the managelevel attribute and changes which should happen automaticall  for other attributes are not changing

eg: when i Change managelevel to '1', Addres should flow from person record to AD Account

It is changin when i do modify single adsaccount record manually, but when i use quick connect to update its not happening

So is there a way to change the manage level for bulk records, for which attributes from person to AD record should flow.

Thanks,

Pradeep Pola

Hi all,

I would like to know if it is possible to customize or to create an approval procedure for workflows?

Or may be is there any way to call a VB script from the workflow step  instead of using SQL commands (in CD/CP procedures)?

Regards,

Anton