Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
AD Security Groups have no display name in FIM

Answered AD Security Groups have no display name in FIM

  • Thursday, January 17, 2013 4:39 AM
     
     
    Sign In to Vote
    0
    The title says it all. I've successfully imported AD groups into FIM, I think, however I am unable to read the names of the groups, or display names. All security groups appear as (No display name).  And I noticed the groups defined in AD don't have a display name set, nor can I figure out (so far) how to set it.  I recall mention of using the CN, however not sure what that implies.  Suggestions?
     

All Replies

  • Thursday, January 17, 2013 6:43 AM
     
     Answered
    Sign In to Vote
    1

    Hi Osho

    You should check the attribute precedence in Mataverse Designer and make AD MA precede FIM MA if AD. That should do.

    Also you might need to do that for all the attributes you think should come from AD.

    IF both AD and FIM can change the displayName (or anyother attribute) then make them 'Equal Precedence'.

    Hope this helps.

    • Marked As Answer by Osho27 Thursday, January 17, 2013 6:50 PM
    •  
     
  • Thursday, January 17, 2013 6:53 PM
     
     
    Sign In to Vote
    0
    So it turns out that the display name value for groups (in our AD instance) are for the most part empty strings.  So I am now mapping the accountname value to displayname just to have something show up. and I did what you stated above as you might recall that resolved the other scope/type issue I had.  I couldn't figure out how to populate the group Display name within the AD console either...must need some type of lower level attribute editor? Just hitting create group shows only a small number of fields, none of which appear to be Display name.
     
  • Thursday, January 17, 2013 7:42 PM
     
     
    Sign In to Vote
    1
    Yes I have the same issue of DisplayName for groups at almost all implementations. so I usually follow the following custom expression to populate the  DisplayNames in FIM from AD, this is important because when you are flowing them back to AD (for provisioning and updates) they will change the DisplayNames of all the groups. so what I do in inbound sync from AD to FIM is

    IIF(IsPresent(displayName),displayName,sAMAccountName) => DisplayName

    This way I ensure that if the displayname is in AD, it remains, if not then the SAMAccountName is populated in it.
     
  • Monday, February 04, 2013 1:10 PM
     
     
    Sign In to Vote
    1
    in AD when you create a group using ADUC, the displayName has an empty value. You either populated manually after creating it if you are creating groups in AD
     
    OR
     
    configure an attribute from AD to the FIM Portal to populate the DisplayName attribute in the FIM Portal based upon some other attribute (e.g. Name, sAMAccountName, etc) in AD. The method used by Furqan is of course one of the possibilities
    If you also want the DisplayName to reappear in AD, then configure an attribute flow from the FIM Portal To AD to populate the displayName attribute in AD based upon the DisplayName attribute in the FIM Portal
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:     http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:     http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:     http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------    <>

    "Furqan Asghar" wrote in message news:6c8cdfbf-997d-4460-aab0-9e671eb4ec57@communitybridge.codeplex.com...
    Yes I have the same issue of DisplayName for groups at almost all implementations. so I usually follow the following custom expression to populate the  DisplayNames in FIM from AD, this is important because when you are flowing them back to AD (for provisioning and updates) they will change the DisplayNames of all the groups. so what I do in inbound sync from AD to FIM is

    IIF(IsPresent(displayName),displayName,sAMAccountName) => DisplayName

    This way I ensure that if the displayname is in AD, it remains, if not then the SAMAccountName is populated in it.
    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/