During the installation of FIM, you are required to specify a FIM management agent account.
There is no need to make this account an administrator on your FIM server.
In other words, it is sufficient to use a regular user account.
The FIM setup process grants all rights that are necessary to access the FIM service to this account.
When you configure your FIM management agent, you need to specify this account in the "connect to Database" section:
The account must be the same as the one you have specified during the installation of FIM:
During the installation, FIM stores next to name also the account's SID.
When you delete this account and create a new one with the same name, it is technically not the same account because the new account has a different SID.
PowerShell to do a FIM MA account configuration quick test, you can:
If you are running into issues in conjunction with your FIM MA account after you have already configured your FIM management agent, you can test your configuration by
using PowerShell to test the FIM management agent account.
This script reads the account configuration specified during setup and compares it with the configuration of your FIM management agent.
If your FIM service is running on a domain controller, the FIM MA account must be granted the right to logon locally.
When running this script, you are asked to specify the password of the account.
This is necessary because the script also verifies whether logon locally has been granted to your FIM MA account:
If the current MA account is not the same as the one you have currently configured, the script indicates this with the following error message:
The error indicates that your FIM MA account is not the same as the account you have specified during the installation of FIM.
If you are running into a FIM management agent account related issue, please do not try to solve this issue by tweaking security settings or making the account an administrator on your FIM computer.
The most efficient way to solve this is issue is usually to create a new user account and to configure your FIM system to use this account.
You can update your FIM account configuration by running setup in "Change" mode.
To do so, select the "Forefront Identity Manager Service and Portal" from "Control Panel\Programs and Features", and then click "Change" to start setup:
When you click the link "using PowerShell to test the FIM management agent account" you get "Not authorized"
I think that moved here? social.technet.microsoft.com/.../how-to-use-powershell-to-test-the-fim-management-agent-account.aspx