로그인
 
라이브러리학습다운로드지원커뮤니티포럼
Resources for IT Professionals >
How do I setup AD sync for FIM just to use the password reset portal? Active Directory Forefront Identity Manager

답변됨 How do I setup AD sync for FIM just to use the password reset portal? Active Directory Forefront Identity Manager

  • 2012년 4월 25일 수요일 오후 10:32
     
     
    로그인하여 투표
    0
    I am new to FIM 2010.  We are just wanting to use it for SSPR - password reset at this point.  We do not need to provision accounts; that will be another phase.  We have everything setup except the key part which is AD syncing.  Can anyone explain how to set up the FIM MA and AD MA for just the basics so we can reset passwords (again not concerned about provisioning accounts yet).  All the documents I read are just labs and examples.  We have all the work flows set up and the proper service accounts added where they belong - I'm just stuck on the syncing.  Any help would be much appreciated!
     

모든 응답

  • 2012년 4월 26일 목요일 오전 12:27
     
     답변됨
    로그인하여 투표
    1

    You need to have the AD MA setup, the FIM MA setup and then configure an inbound sync rule on the AD MA for the user object type.  Ensure that the FilterSynchronization object allows the sync engine to create and modify users in the FIM Service.

    Then create the following run profiles on the AD MA

    Full Import

    Delta Import

    Delta Sync

    Full Sync

    Then create the following run profiles on the FIM MA:

    Full Import

    Delta Import

    Delta Sync

    Full Import

    Export

    Then run the the full import on AD, then the full sync, then run the export on the FIM MA

    Then a full import on the FIM MA.

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    • 답변으로 표시됨 Danny206 2012년 4월 26일 목요일 오후 10:26
    •  
     
  • 2012년 4월 26일 목요일 오후 10:31
     
     
    로그인하여 투표
    0
    Thanks David - that is really helpful!  I am still unclear when setting up the FIM MA and AD MA what attributes to select (do I select them all) and what to configure with the attribute flow (keeping in mind we only want to reset password, not provision accounts).  Thanks in advance!  The run profiles were a huge help!
     
  • 2012년 4월 27일 금요일 오후 1:24
     
     
    로그인하여 투표
    0

    Danny,

    You are welcome. At a minimum you need to flow samAccountName, domain name, and SID. I also recommend flowing DisplayName, givenName, sn, jobtitle, and department, so that way when you look at the users in the Portal you have a bit more identifying information. Of these extras I strongly recommend DisplayName since so many times you will want to have that.

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html