none
AD Replication via FIM RRS feed

  • General discussion

  • There is a requirement for synchronizing a fresh new AD with an old AD taking the old AD as the source for all the objects. The requirement is to have all the information & data to be pulled from one AD and provisioned to the new AD but with FIM. Can anyone help me in this in the optimised way possible.

    Regards,
    Manuj Khurana

    Wednesday, March 9, 2016 4:53 AM

All replies

  • Hello Manuj,

    What is the purpose of using FIM/MIM here? Active Directory Migration Tool seems to be more suitable.

    Of course you can use FIM/MIM, but you'd need metaverse extensions for provisionig objects in new AD.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.


    Wednesday, March 9, 2016 7:43 AM
  • Well Dominik,

    Thanks for the response, but this is what we have to clarify with the customer but as of now can you please elaborate more on optimised way of achieving this via FIM only.


    Regards,
    Manuj Khurana

    Wednesday, March 9, 2016 7:56 AM
  • So via FIM only you'd need Sync engine - connected to both ADs.

    One management agent responsible for importing data from "old" AD and projection of objects into Metaverse,

    Second MA responsible for exporting attributes to "new" AD (and here you would have to have provisioning).

    But still - even if it is possible to be done by FIM, ADMT would be easier.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Wednesday, March 9, 2016 8:14 AM
  • You're going to need to push back and get more business requirements from the customer. Copying object names from one forest to a brand new forest is trivial, but I would struggle at understanding how this would help any organization since SIDs would be different, and AD permissions or delegations wouldn't copy over. If you are looking to do SID History and copy permissions, you should be using ADMT --- not FIM.  With FIM you can synchronize the users, groups, contacts, and passwords for the users (after password sync is enabled and the password is changed, it would sync), but all the other important things that I have mentioned are not going to sync over.

    Best,

    Jeff Ingalls

    Thursday, March 10, 2016 1:12 AM