Users can't access the Portal?
So annoying! Why is it my users can't access the portal?
You need to check 3 things:
- Correct attributes are flowed from the AD account to the MIM Portal/Service
- Users are given the correct permissions at the SharePoint Site
- The correct MPR's are not disabled.
Correct Attributes flowed
You need to flow the following 3 attributes to the MIM portal for the users:
- AccountName
- Domain
- ObiectSID
Permissions on SharePoint Site
Forgot to check the box with 'Grant Authenticated Users access to the FIM Portal Site'? You can use the below script to check and set.
PARAM
(
[String]$portalFullUrl # like https://portal.mim.local/identitymanagement
)
(
[String]$portalFullUrl # like https://portal.mim.local/identitymanagement
)
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
$myMIM = Get-SPWeb -Identity $portalFullUrl
$permissionsAssigned = $myMIM.Users
$notAssigned = $true
foreach($perm in $permissionsAssigned)
{
if($perm.UserLogin -eq "NT AUTHORITY\authenticated users")
{
Write-Host "Permissions are already set for authenticated users"
$notAssigned = $false
}
}
if($notAssigned)
{
Write-Host "Permissions not set - Setting"
$account = $myMIM.EnsureUser(“NT AUTHORITY\authenticated users”)
$role = $myMIM.RoleDefinitions[“Read”]
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
$assignment.RoleDefinitionBindings.Add($role)
$myMIM.RoleAssignments.Add($assignment)
$myMIM.Dispose()
}
$myMIM = Get-SPWeb -Identity $portalFullUrl
$permissionsAssigned = $myMIM.Users
$notAssigned = $true
foreach($perm in $permissionsAssigned)
{
if($perm.UserLogin -eq "NT AUTHORITY\authenticated users")
{
Write-Host "Permissions are already set for authenticated users"
$notAssigned = $false
}
}
if($notAssigned)
{
Write-Host "Permissions not set - Setting"
$account = $myMIM.EnsureUser(“NT AUTHORITY\authenticated users”)
$role = $myMIM.RoleDefinitions[“Read”]
$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
$assignment.RoleDefinitionBindings.Add($role)
$myMIM.RoleAssignments.Add($assignment)
$myMIM.Dispose()
}
Enable MPR's
The below scripts checks if the correct MPR's are enabled. The script uses Ryan Newingtons Lithnet PowerShelll Module for MIM ResourceManagement. Don't have it? Get it today.
$mprs = @("General: Users can read non-administrative configuration resources","User management: Users can read attributes of their own")
foreach($mprStr in $mprs)
{
$mpr = Get-Resource -ObjectType ManagementPolicyRule -AttributeName DisplayName -AttributeValue $mprStr
if($mpr.Disabled)
{
Write-Host ("MPR:'" + $mprStr + "' is disabled - enabling")
$mpr.Disabled = $false
Save-Resource $mpr
}
}
Write-Host "Done!"
foreach($mprStr in $mprs)
{
$mpr = Get-Resource -ObjectType ManagementPolicyRule -AttributeName DisplayName -AttributeValue $mprStr
if($mpr.Disabled)
{
Write-Host ("MPR:'" + $mprStr + "' is disabled - enabling")
$mpr.Disabled = $false
Save-Resource $mpr
}
}
Write-Host "Done!"
Kommentarer
Send en kommentar