Best practice for number of FIM management agents
-
Wednesday, December 05, 2012 10:44 PM
I anticipate that we may use FIM to provision accounts into 4 or 5 directories in our environment.
Right now I'm working through setting up an MA for AD and one for FIM to provision users into one instance of AD, call it AD1. So, for provisioning into AD1, I'll have a pair AD1_MA and FIM_MA.
Should I expect to create another (new) FIM MA for another AD instance, call it AD2, where I'd have AD2_MA and then FIM_MA2? Or should I plan on using the same FIM_MA for all connections to FIM? It seems likely its the latter, but not sure if that causes issues when automating via scripts down the road.
Thanks.
All Replies
-
Thursday, December 06, 2012 12:25 AM
You should only use one FIM MA. If you need to separate the objects into different sets, you can add an attribute flow on the inbound sync rule to flag which AD instance they came from.
What issues do you foresee with automation scripts?
- Edited by Cameron Zivkovic Thursday, December 06, 2012 1:39 AM
-
Thursday, December 06, 2012 12:42 AM
In any single FIM Instance you can only have 1 x FIM MA, in addition, you would not gain any real benefit from implementing a secondary FIM MA.
In your scenario all you need to do is to add the 2nd and subsequent AD MA's and define the appropriate synchronisation rules etc for those MA's.
- Marked As Answer by Osho27 Thursday, December 06, 2012 2:18 PM
-
Thursday, December 06, 2012 2:38 PMThanks, I had thought if two sync's were occuring simultaneously, each calling on the FIM MA, there would be the potential for a resource conflict. Seems that is not the case given the advise.
.png)
