войти
 
ГлавнаяНовостиБиблиотекаОбучениеСкачатьМероприятияСообществоФорумыПоддержкаО проекте
Ресурсы для ИТ-профессионалов >
Sync Users between domains with Forefront 2010

Отвечено Sync Users between domains with Forefront 2010

  • 21 марта 2012 г. 20:43
     
     
    Нужно войти
    0

    I am currently evaluating FIM 2010 for a large company. I need to sync user accounts from domain A to domain B. However being very new to FIM I have no idea how to setup that type of import and export up if in using the correct wording. I have the Sync server/portal and sync service setup but am kind of lost from there. I followed a video already on how to configure AD to sync with FIM but not with another domain. And even that only went so well. I get this error. But more importantly I need to sync users between domains.

    There is an error executing a web service object creation request.
    Type: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException
    Message: Fault Reason: Policy prohibits the request from completing.
    Fault Details: <RequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="</RequestFailures">http://www.w3.org/2001/XMLSchema"></RequestFailures>
    Stack Trace:    at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
       at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Create createBody)
       at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()
    Inner Exception: Policy prohibits the request from completing.

     

Все ответы

  • 22 марта 2012 г. 11:39
     
     Отвечено
    Нужно войти
    0

    Basicly you need

    1. One inbound synchronization rule from domain A

    2. One outbound synchronization rule to domain B

    3. A set that consist all the users you want  to synchronize

    4. A workflow that adds the outbound synchronization rule

    5. A MPR that binds set and workflow

    These Technet articles might help you

    http://technet.microsoft.com/en-us/library/ff686263%28WS.10%29.aspx

    http://technet.microsoft.com/en-us/library/ff686264%28WS.10%29.aspx

    That error you're seeing is quite generic. You should go to Search Request Page and see what it says. Usually when I've seen this message it's because there is some RegEx validation in the attribute or binding (for example ^(Contractor|Intern|Full Time Employee)?$)

     
  • 22 марта 2012 г. 15:56
     
     
    Нужно войти
    0
    Thanks for the info. I followed those steps to and get this to at least try again to sync to FIM and under Manage My Requests I see create Person: "Request Denied. SO i ran  a powershell script that tells if there are some permissions missing and it reports this:

    FIM MPR Configuration For Synchronization Check
    ===============================================
    PS C:\Users\ttinis> cd .\Desktop
    Missing attributes of Synchronization: Synchronization account controls users it synchronizes:
     -objectSidString

    Caution: Your current MPR configuration requires your attention!

     
  • 22 марта 2012 г. 17:18
     
     
    Нужно войти
    0

    That message is telling you to edit the "Synchronization: Synchronization account controls users it synchronizes" MPR and add the objectSidString to the Target Attributes.

     
  • 23 марта 2012 г. 12:20
     
     
    Нужно войти
    0
    It looks like I was able to do a sync to FIM and see the users accounts. About an hr after the sync was done the portal now stopped working. It goes to service unavailable. Interesting, not sure what would have happened there since no changes had been made to the portal.
     
  • 25 марта 2012 г. 20:54
     
     
    Нужно войти
    0

    Could it be possible that you have updated the SID of your FIM service account?