none
FIM CM AD User query... RRS feed

Answers

  • No, you cannot restrict. The search is performed against the global catalog and is performed by the clmAuthAgent (part of the Pre-Windows 2000 Compatible access group).

    What are you trying to limit? For example, if you want to limit a manager group to only managing a specific set of users, you can use permissions to only assign the FIM CM management permissions on the subset of users (or global/universal groups containing the users).

    Brian

     
    • Marked as answer by Narcoticoo Thursday, October 23, 2014 3:15 PM
    Wednesday, October 22, 2014 11:37 AM

All replies

  • Any ideas?

    Sunday, October 19, 2014 8:20 AM
  • No, you cannot restrict. The search is performed against the global catalog and is performed by the clmAuthAgent (part of the Pre-Windows 2000 Compatible access group).

    What are you trying to limit? For example, if you want to limit a manager group to only managing a specific set of users, you can use permissions to only assign the FIM CM management permissions on the subset of users (or global/universal groups containing the users).

    Brian

     
    • Marked as answer by Narcoticoo Thursday, October 23, 2014 3:15 PM
    Wednesday, October 22, 2014 11:37 AM
  • The main reason for this requirement is that the FIM CM manager's wouldn't even get to see the user accounts that they cannot manage, but based on the comments provided by you Brian, I think I'll just give up and get used on how the product works.

    Although, I could add deny permissions for CLMAuth agent on certain OUs, it'll break things up... Thanks for the input!

    Thursday, October 23, 2014 3:15 PM