Group Validation failed: Security group is not a recogonized active directory type
security group in FIM portal and I am getting the above error. I can create distibution groupand add members to that group succssfuly. Any ideas?DefaultClient client = new DefaultClient(); client.ClientCredential = Credential.GetAdminCredential(); client.RefreshSchema(); RmReference domainConfigurationReference = null; foreach (RmResource domainConfiguration in client.Enumerate("/DomainConfiguration")) { if (domainConfiguration.DisplayName.ToLowerInvariant().Equals(Credential.GetDomain().ToLowerInvariant())) { domainConfigurationReference = domainConfiguration.ObjectID; } } Assert.IsNotNull(domainConfigurationReference, "Domain Configuration exists"); RmGroup group = new RmGroup(); group.DisplayName = "Test Security Group"; //System.IO.Path.GetRandomFileName(); group.MailNickname = "testsecgroup"; //System.IO.Path.GetRandomFileName(); group.Domain = Credential.GetDomain(); group.Owner = new RmReference(Credential.GetAdminGuid()); group.DisplayedOwner = new RmReference(Credential.GetAdminGuid()); group.MembershipLocked = false; group[RmGroup.AttributeNames.MembershipAddWorkflow] = new RmAttributeValue("Owner Approval"); group.Type = RmGroupType.SecurityGroup; group.Scope = RmGroupScope.Universal; group[RmGroup.AttributeNames.DomainConfiguration] = new RmAttributeValue(domainConfigurationReference); client.Create(group); Sankar Mana
May 15th, 2012 2:39pm

The main problem I can see is you're not setting the required AccountName property, but also where you specify MailNickname you should be using the type "MailEnabledSecurity".Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 4:43pm

Thanks. I tried both below codes with out mail nick name and it didn't work. the resource management client eroor is "policy prohibits the request from completing" and FIM error is the thread subject. is there any seperate MPR needed for security groups? Acutally I enable all the MPR realted security groups. group[RmGroup.AttributeNames.AccountName] = new RmAttributeValue("testsecgroup"); group["AccountName"].value = "testsecgroup"; Sankar Mana
May 15th, 2012 5:47pm

OK - so now your error is really a security type error ... are you sure the user account context you are using to run your PS1 script is covered by a corresponding grants rights (create) MPR for the group object, including all properties in the request? I am thinking that you should be seeing a "Denied" entry in the request history now, and you should be able to compare what's showing in the request against what is allowed in your MPR(s) ...Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2012 10:08am

Thanks again, I can create security group when I am using powershell script supplied by FIM script box, but when I am using FIM 2010 Resource Management Client supplied by codeplex (the code above) still there is issues. The portal environment has no change. the only difference is, I am running the powershell script on sharepoint wss FIM portal server, but the C# code is running FIM Sync Server. For time being I am going to stick with powershell script.Sankar Mana
May 16th, 2012 3:22pm

Now I can create security group thorugh code plex code. I changed the code in RmGroup Class in Microsoft.ResourceManagement.ObjectModel like following: Commented out is the old code public RmGroupScope Scope { get { Object o = null; RmAttributeValue rma = null; base.TryGetValue(AttributeNames.Scope, out rma); if (rma != null) o = rma.Value; switch (o.ToString()) { case "Universal": return RmGroupScope.Universal; case "Global": return RmGroupScope.Global; default: return RmGroupScope.Domain; } } set { base[AttributeNames.Scope].Value = value; } //get //{ // Object o = null; // RmAttributeValue rma = null; // base.TryGetValue(AttributeNames.Scope, out rma); // if (rma != null) // o = rma.Value; // if (o == null) // { // return RmGroupScope.Domain; // } // else // { // return (RmGroupScope)o; // } //} //set //{ // base[AttributeNames.Scope].Value = value; //} } public RmGroupType Type { get { Object o = null; RmAttributeValue rma = null; base.TryGetValue(AttributeNames.Type, out rma); if (rma != null) o = rma.Value; if ((o == null) || (o.ToString() == "Distribution")) return RmGroupType.Distribution; else if (o.ToString() == "MailEnabledSecurity") return RmGroupType.MailEnabledSecurity; else return RmGroupType.Security; } set { base[AttributeNames.Type].Value = value; } //get //{ // Object o = null; // RmAttributeValue rma = null; // base.TryGetValue(AttributeNames.Type, out rma); // if (rma != null) // o = rma.Value; // if (o == null) // { // return RmGroupType.Distribution; // } // else // { // return (RmGroupType)o; // } //} //set //{ // base[AttributeNames.Type].Value = value; //} } public enum RmGroupType { Distribution = 1, Security = 2, MailEnabledSecurity = 3 //Distribution = 1, //SecurityGroup = 2, } Sankar Mana
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2012 11:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics