• Question

  • So here is our scenario

    We have an old domain, that we are currently using as the source of truth and provisioning and syncing across forests to 4 other domains

    domainA -> DomainB, DomainC, DomainB-Dev, DomainB-QA - Auto every hour

    We have rule extensions in place to modify everything due to OU structure and other attributes.

    Now I have 2 other FIM instances in DEV and QA that have the same rules as prod - the main issue is that we aren't updating

    DomainA-Dev ->DomainB-Dev , rest of MAs disabled - manually run

    DomainA-QA -> DomainB-QA, rest of MAs disabled - manually run

    So We are using quest to update DomainA-DEV &QA

    The main question I have is, would it be better to stand up another instance of FIM to sync and provision to DomainA-DEV &QA or should I use the current instance, even though we massage some of the attributes being projected into the MV.

    I see positives for both.

    Thanks for any help.

    Russell Lema

    Friday, September 25, 2015 5:28 PM

All replies

  • I would not do that. I would use the same instance, simply add  2 more MAs and create the provisioning rules. What can be better then having all the identities in one place.

    Nosh Mernacaj, Identity Management Specialist

    Friday, September 25, 2015 6:02 PM
  • Dev and QA FIM servers should be the same as Prod as much as possible so that you can properly test config changes and migrate them upstream without haveing to remember to make a lot of adjustments. This does often make it difficult when you also want to populate a downstream environment using prod data.

    As the legacy DomainA is the source in Prod - shouldn't it also be the source in Dev and QA? So if you're populating anything directly from the Prod FIM server it should be the copies of DomainA - then let the Dev and QA FIM servers do DomainB, as in Prod.

    Alternatively use something like an LDIF copy to populate the downstream domainA's from prod and keep the FIM servers identical in all 3 domains.

    Thursday, October 1, 2015 9:04 PM