FIM 2010 R2 Pushing Accounts from One Domain to Another Untrusted Domain RRS feed

  • Question

  • We plan on using FIM 2010 R2 to push accounts from one domain (that the FIM server is joined to) to another domain off-site and separate from our domain completely.  Just a few questions.

    1.  Will FIM be able to do this out-of-the-box?  I.E. install FIM on server, configure MAs, and let it go or will there be more work on this.

    2.  Is there any more recent documentation on this type of thing?  What we are finding is stuff from 2010 when FIM was ILM.  But nothing with the new release.

    3.  We plan on having the Password Reset change the password in the source domain and then sync to the offsite domain, is this a supported setup?

    4.  Do we need to setup any trusts between the two domains (if so, Why?  Doesn't that defeat the purpose of having FIM if you have a trust?)

    Tuesday, September 4, 2012 6:49 PM


All replies

  • 1. Yes. You'll specify credentials for the domain to connect to when you create an AD MA.

    2. Generally unless you read otherwise, the ILM documentation is wholely applicable.

    3. Yes.

    4. No.

    My Book - Active Directory, 4th Edition
    My Blog -

    Tuesday, September 4, 2012 10:06 PM
  • We are setting this up in our test environment. So far we have two separate forests with active directory Management Agents, MA, setup. We are provisioning accounts from Domain A to Domain B, but the accounts are disabled in domain B. Even after we enable the accounts, the original passwords do not seem to be transferred from the source domain to the destination domain. Any insights on these two issues?
    Thursday, September 20, 2012 10:35 PM
  • FIM won't transfer passwords over. You would need to use a seperate tool like ADMT to do this.

    My Book - Active Directory, 4th Edition
    My Blog -

    Thursday, September 20, 2012 10:36 PM