Import AD accounts using MA does not add Domain
-
Friday, February 24, 2012 9:32 PMI am able to import AD accounts from AD to FIM. The only issue I have is that I have to manually select the domain the account is in. I go into the FIM account, select my domain, and submit the changes. It's ok with a couple of people but I can't do this for thousands of AD accounts that come into FIM.
All Replies
-
Friday, February 24, 2012 9:58 PM
Here is one option on the inbound synch rule:
Alternatively, I assume you've been using the documentation? It details how to calculate the domain from the CN you pull in. This is helpful if you are dealing with multiple domains which FIM will be controlling. If you only have one, as I do, the string to domain synch will work fine.
-
Sunday, February 26, 2012 9:17 AMUnless you have multiple domains per MA, this simple method is all you need. Otherwise you need to either inspect the DN or objectSID to figure out the source domain
Frank C. Drewes III - Senior Consultant: Oxford Computer Group
-
Tuesday, February 28, 2012 1:42 PMOwner
You can find a discussion on how to calculate the domain attribute in How Do I Synchronize Users from Active Directory Domain Services to FIM.
Cheers,
MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
- Marked As Answer by Miguel E Gonzalez Thursday, March 08, 2012 9:49 PM
-
Thursday, March 08, 2012 6:13 PM
Ok I did not have a domain filed orginally set in the FIM active directory inbound sync section. I set the string to be the name of our domain and restarted the server but that didn't work. I am now testing using the custome expression with the SID approach to see if this works.
-
Thursday, March 08, 2012 9:51 PMThanks Markus! Your link helped me find out exactly what I needed to do. I had to use the custom expresson with my SID even though I only use 1 domain. What I wonder though is since we have multiple domains, if FIM automatically thought that I might use multiple domains even though I'm not.
.png)
