none
Exchange / Lync resource forest auto provisioning

    Question

  • Hi

    I am a very new to FIM, a week ago i had never heard of it.

    So im doing some research and i cant find an answer so here is my question.

    I am currently looking in to creating a resource forest for Exchange 2010 and Lync due to business demands. (buying and selling other companies).

    This resource forest will serve multiple AD Account Forests.

    Account forest A (existing exchange 2003)

    Account forest B (existing exchane 2007)

    Resource forest C (new Exchange 2010)

    After doing some reading I am not completely convinced FIM is the right product.

    My idea is that FIM will monitor Account forest A and B (Domain users container?) , when a new user is created in the Account forests, FIM will then auto provision a mailbox enabled account in the resource forest, disable it and then link it to the account in the account forests A or B.

    • Does this seem like a logical approach 
    • can this be done out of the box or is this going to require customisation
    • Should i look to outsource this complicated FIM piece of work
    • Should i use a third party tool, i.e Quest for exchange resource forests?

    Many thanks for any help.

    If anyone has any Docs or URL's relating to similar setup, it would be very much appreciated.

    regards

    Snips


    • Edited by snips1973 Thursday, January 03, 2013 10:14 AM
    Thursday, January 03, 2013 10:13 AM

All replies

  • FIM can do that.
     
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "snips1973" wrote in message news:4d323846-35f7-445b-8070-b21ea50fbf41@communitybridge.codeplex.com...

    Hi

    I am a very new to FIM, a week ago i had never heard of it.

    So im doing some research and i cant find an answer so here is my question.

    I am currently looking in to creating a resource forest for Exchange 2010 and Lync due to business demands. (buying and selling other companies).

    This resource forest will serve multiple AD Account Forests.

    Account forest A (existing exchange 2003)

    Account forest B (existing exchane 2007)

    Resource forest C (new Exchange 2010)

    After doing some reading I am not completely convinced FIM is the right product.

    My idea is that FIM will monitor Account forest A and B (Domain users container?) , when a new user is created in the Account forests, FIM will then auto provision a mailbox enabled account in the resource forest, disable it and then link it to the account in the account forests A or B.

    • Does this seem like a logical approach 
    • can this be done out of the box or is this going to require customisation
    • Should i look to outsource this complicated FIM piece of work
    • Should i use a third party tool, i.e Quest for exchange resource forests?

    Many thanks for any help.

    If anyone has any Docs or URL's relating to similar setup, it would be very much appreciated.

    regards

    Snips



    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Thursday, January 03, 2013 9:22 PM
  • Absolutely FIM can do it, however "out of the box" is not really something you get with FIM - customization is always needed, and yes it will seem very difficult to someone who hasn't done it before. What you are asking is a simple task for someone who knows FIM well and I think you will get a better result by seeking expert help.


    http://www.wapshere.com/missmiis

    Friday, January 04, 2013 12:52 AM
  • Hi Jorge and Carol

    thanks for your replies. It doesnt seem a very straightforward product, very clever yes, straight forward no...

    Not coming from a programming background also hinders my knowledge and ability. Initially we were looking to use it for a Gal Sync between various forests, however now the decision has been made to create a resource forest for messaging and collaboration, and consolidate the various email and OCS envronments in to the resource forest. As part of this the auto provisioning / de-provisioning is required.

    From a licensing and installation point of view, would installing just the Sync service be sufficient, or is the portal for management a must in this type of resource forest scenario.

    At present it will only be used for GAL sync and provisioning of users, I do have a suspicion though this may be expanded to password management and self service. I realise this will require the portal install, but how hard will this be to add at a later date as its not a requirement at the moment.

    Im working on a high level design, and requirments are basic and dont require the additinal identity management and workflow at the moment.

    Friday, January 04, 2013 2:03 PM
  • What you want to do can be done with just the sync engine or with the sync engine and the portal.
     
    Password sync can also be done without the portal. However, for self-service of data, and self service pwd reset you do need the portal
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "snips1973" wrote in message news:39d3856d-a416-4434-8e60-c14c38a13e93@communitybridge.codeplex.com...

    Hi Jorge and Carol

    thanks for your replies. It doesnt seem a very straightforward product, very clever yes, straight forward no...

    Not coming from a programming background also hinders my knowledge and ability. Initially we were looking to use it for a Gal Sync between various forests, however now the decision has been made to create a resource forest for messaging and collaboration, and consolidate the various email and OCS envronments in to the resource forest. As part of this the auto provisioning / de-provisioning is required.

    From a licensing and installation point of view, would installing just the Sync service be sufficient, or is the portal for management a must in this type of resource forest scenario.

    At present it will only be used for GAL sync and provisioning of users, I do have a suspicion though this may be expanded to password management and self service. I realise this will require the portal install, but how hard will this be to add at a later date as its not a requirement at the moment.

    Im working on a high level design, and requirments are basic and dont require the additinal identity management and workflow at the moment.


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Monday, January 07, 2013 10:02 AM