Flow Scope in reference attributes configuration
- Configuring the attribute flow for an AD outbound synchronization rule, if you select homeMDB or manager as destination attribute, an extra listbox appears, which allows to configure the "Flow Scope".
The description of this parameter is "The resource type in the external system to scope the flow to, when the metaverse reference to flow is connected to multiple resources. Highest precedence is given to the resource type that appears first in the selected sequence."
I don't understand how could be there an ambiguity, since these expressions are supposed to be DNs.
Could someone help me understand?
Thanks,
Paolo
Paolo Tedesco - http://espace.cern.ch/idm
Answers
The most usable scenario for this dropdown is in a cross-multi-forest scenario. I will explain with a scenario:
Contoso is using FIM to provision groups. They have two trusted forests and need to manage group memberships. They use both security groups and distribution groups in both forests.When Samantha creates a group in FIM, it will be created in both forests. She will then select all members, not really knowing which forest they are located in (she doesn’t even know what a forest is). FIM will synchronize the groups and make sure they work in both forests.
Here is the problem the drop down is solving. There will be two connectors for a user in the forest where they are not the primary user, a contact for Exchange and distribution groups and a FSP (Foreign Security Principal) for security groups.
When we flow member from FIM to AD, we will use this dropdown to determine if we should use the FSP connector or the Contact connector for the member in the group. A SR for a security group will have FSP and a distribution group will have the contact.
This will be further explained in a cross forest whitepaper I still have to complete.
/Andreas
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/copyright.htm- Marked As Answer byPaolo Tedesco Thursday, November 05, 2009 8:23 AM
All Replies
The most usable scenario for this dropdown is in a cross-multi-forest scenario. I will explain with a scenario:
Contoso is using FIM to provision groups. They have two trusted forests and need to manage group memberships. They use both security groups and distribution groups in both forests.When Samantha creates a group in FIM, it will be created in both forests. She will then select all members, not really knowing which forest they are located in (she doesn’t even know what a forest is). FIM will synchronize the groups and make sure they work in both forests.
Here is the problem the drop down is solving. There will be two connectors for a user in the forest where they are not the primary user, a contact for Exchange and distribution groups and a FSP (Foreign Security Principal) for security groups.
When we flow member from FIM to AD, we will use this dropdown to determine if we should use the FSP connector or the Contact connector for the member in the group. A SR for a security group will have FSP and a distribution group will have the contact.
This will be further explained in a cross forest whitepaper I still have to complete.
/Andreas
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/copyright.htm- Marked As Answer byPaolo Tedesco Thursday, November 05, 2009 8:23 AM
