none
Help creating a custom management agent

    Question

  • Hi,

    I am looking for some straight forward steps on how I create a custom management agent with FIM 2010 R2.

    I need to create disabled copies of users from one forest to the other. This is all for Lync 2010 in a Resource topology.

    I have two separate forests connected by a 2-way domain trust.

    ABC.com is my user forest, which is Windows 2003. 

    XYZ.local is my Resource forest, which is Windows 2008 R2. Lync is in this forest.

    I found some PowerShell that will do this for me, however, I need to install ADGWS for PowerShell to connect to my 2003 DCs. I'd rather not touch the DC at all. I want my user forest to be untouched and only make changes in my Resource forest. My plan is to have FIM deployed in my Resource forest, calling the users from the user forest.

    Can anyone help me with step by step instructions? I have zero experience with in programming... 

    Saturday, October 26, 2013 8:38 PM

Answers

All replies

  • Hello,

    since you dont have code experience it will be not that easy to develop en ECMA2 for that approach.

    I would do the following:

    - Create a AD MA for the local forest, to read and maybe update the users there

    - Use the Powershell Management Agent in resource forest to to create users and do the lync stuff with powershell.

    or

    - Instead of the Powershell MA, you can use the Codeless Provisioning Framework from Soeren, which is also written in Powershell.

    In both cases you have only to deal with Powershell as the coding language, this should help coming to faster results and even you dont have to mix programming languages.

    Regards
    Peter


    Peter Stapf - Doeres AG - My blog: JustIDM.wordpress.com

    Sunday, October 27, 2013 7:49 AM
  • Hi Peter,

    Thanks, but I have come across both of these, and still I am lost. Admittedly, the first link I downloaded yesterday, and was totally lost. Like, I saw that I was able to pick the PowerShell option in FIM, but now what? I was expecting something like a wizard, like "connect to forestA, copy the users to forestB..." but it wasn't like that.

    I remember seeing the Codeless Provisioning Framework a few weeks ago, but didn't have a FIM install. I'll try that again. I am not concerned about enabling users to Lync in bulk, I can do that with PS myself, but where I struggle is copying the users from one forest to the other. So far I found a PS method, but I am also struggling with getting ADWSG on 2003 because of .NET versions. If interested, please see my post here

    Regards,
    Christian

    Sunday, October 27, 2013 2:27 PM
  • Hello Christian,

    there is no Click,Click,Next documentation for that, as almost with FIM. You should get familiar with the product and first have a look at the Walkthru's.

    Writing complete steps is to much to archive in this forum, but we can give you some useful hints if you struggle into problems.

    You can start with the following to articles:

    https://social.technet.microsoft.com/wiki/contents/articles/648.how-do-i-synchronize-users-from-active-directory-domain-services-to-fim.aspx

    http://technet.microsoft.com/en-us/library/ff686263%28v=ws.10%29.aspx

    Then create to AD MAs, one for each forest, to sync users from forest A to B.

    then use Powershell MA or Codeless Provision Framework from Soren to do the Lync Part.

    I see no need to install ADWSG in that scenario, as the AD MA can read the 2003 forest and even create users in them, and you already have powerShell in your resource forest.

    Start by Syncing the users from one forest to the other, if you archive this goal implement lync enabling.

    Regards
    Peter


    Peter Stapf - Doeres AG - My blog: JustIDM.wordpress.com

    Sunday, October 27, 2013 2:45 PM
  • Thanks, Peter. This helps me as I struggled to get even this far. I think I'll be safe with the walk through.
    Monday, October 28, 2013 8:40 AM