none
SSPR with multiple AD MA's

    Question

  • If you have multiple AD MA's and want to do SSPR with all of them, can the FIM service route the right domain/user combination to the right MA? I don't see there being any link back between FIM service and Sync to make that relationship.

    Before trying this out, I'd figure I would ask here first.

    Friday, September 17, 2010 7:09 PM

Answers

  • FIM's Password Reset Activity (Action Activity) will do the following

    1. find the CS object by matching domain + username
    2. use WMI to make a SetPassword call

     

     

    See http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/cb085b40-f379-4ea2-9645-5bf8370ff634

    WQL from verbose trace is:
    WQL:SELECT * FROM MIIS_CSObject WHERE (Domain='domain' AND Account='fdagg001')
    or (FullyQualifiedDomain='domain' AND Account='fdagg001')
    or (Domain='domain' AND UserPrincipalName='fdagg001')
    or (FullyQualifiedDomain='domain' AND UserPrincipalName='fdagg001')

     


    The FIM Password Reset Blog http://blogs.technet.com/aho/
    • Proposed as answer by nTony Ho Saturday, September 18, 2010 4:08 AM
    • Marked as answer by Frank Drewes Saturday, September 18, 2010 5:42 AM
    Friday, September 17, 2010 8:01 PM

All replies

  • FIM's Password Reset Activity (Action Activity) will do the following

    1. find the CS object by matching domain + username
    2. use WMI to make a SetPassword call

     

     

    See http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/cb085b40-f379-4ea2-9645-5bf8370ff634

    WQL from verbose trace is:
    WQL:SELECT * FROM MIIS_CSObject WHERE (Domain='domain' AND Account='fdagg001')
    or (FullyQualifiedDomain='domain' AND Account='fdagg001')
    or (Domain='domain' AND UserPrincipalName='fdagg001')
    or (FullyQualifiedDomain='domain' AND UserPrincipalName='fdagg001')

     


    The FIM Password Reset Blog http://blogs.technet.com/aho/
    • Proposed as answer by nTony Ho Saturday, September 18, 2010 4:08 AM
    • Marked as answer by Frank Drewes Saturday, September 18, 2010 5:42 AM
    Friday, September 17, 2010 8:01 PM
  • i have to mention though, that's implementation details, and is subjected to change
    Saturday, September 18, 2010 6:08 AM