none
SSPR in same domain/forest as accounts?

    Question

  • Hi,

    Must the FIM SSPR Portal reside in the same domain or forest as the user accounts?

    In a case of a User Domain/Forest and a Resource Domain/Forest - could the accounts reside in one domain or forest, and FIM & SSPR Portal reside in another Resource domain or forest?

    regards,

    SK

    Monday, November 04, 2013 12:00 AM

Answers

  • End users must be able to authenticate using Kerberos to the FIM Password Registration Portal. So you need a forest trust. additionally you need a fair amount of ports open between FIM sync and the domain controllers holding the users:

    http://technet.microsoft.com/en-us/library/jj134282(v=ws.10).aspx


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    • Marked as answer by Shim Kwan Thursday, November 07, 2013 1:55 AM
    • Unmarked as answer by Shim Kwan Thursday, November 07, 2013 2:15 AM
    • Marked as answer by Shim Kwan Thursday, November 07, 2013 2:46 AM
    Wednesday, November 06, 2013 11:04 PM

All replies

  • End users must be able to authenticate using Kerberos to the FIM Password Registration Portal. So you need a forest trust. additionally you need a fair amount of ports open between FIM sync and the domain controllers holding the users:

    http://technet.microsoft.com/en-us/library/jj134282(v=ws.10).aspx


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    • Marked as answer by Shim Kwan Thursday, November 07, 2013 1:55 AM
    • Unmarked as answer by Shim Kwan Thursday, November 07, 2013 2:15 AM
    • Marked as answer by Shim Kwan Thursday, November 07, 2013 2:46 AM
    Wednesday, November 06, 2013 11:04 PM
  • Thanks David
    Thursday, November 07, 2013 1:55 AM