none
FIM 2010 R2 exporting from different forests to different OUs RRS feed

  • Question

  • hello everyone, 

    i'm wondering if there is a default way to export users that are coming from different MAs to a single forest in separate active directory OUs,

    i tried to do it through Sync rule Workflows and MPRs but the attribute precedence is a hassle

    thanks!!


    Hitch Bardawil

    Tuesday, February 19, 2013 6:58 PM

Answers

  • Hi

    do you have the information in the Metaverse, that determines which domain the user was projected from?

    I would recommend a custom attribute (e.g PrjectionDomain) in the Materverse,

    In, your inbound SyncRule for domain 1 pass the value "DomainOne" to the Materverse Attribute

    In, your inbound SyncRule for domain 2 pass the value "DomainTwo" to the Materverse Attribute (You can Skip this)

    In your Outbound SyncRule for Domain 3 configure an initial flow for the dn attribute through the following Custom Expression

    "CN="+displayName+IIF(Eq(ProjectTionDomain,"DomainOne"),",OU=DomainOne",",OU=DomainTwo")+",DC=contoso,DC=com"

    Use ONE MPR and workflow for your Provisioning.

    You also do not need to bother about attribute precedence.


    Regards Furqan Asghar

    • Marked as answer by HitchB52 Saturday, February 23, 2013 1:52 AM
    Thursday, February 21, 2013 1:09 PM

All replies

  • You can definetely do this but there is no "default" way of doing things in FIM. You will need to do provisioning either through Sync Rule / EREs or classic provisioning (code) and you do need to figure out your attribute flow. How you set this up, depends on exactly what you want to do. There is no shortcut, I'm afraid.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, February 19, 2013 7:27 PM
  • thank you soren,

    i'm importing now from 2 different domains, (domain 1 and domain 2) and exporting to a single domaine (domain 3) 

    i created 2 OUs i domain 3 (OU 1 OU 2)

    i'd like users from domain 1 to go into OU 1 and users from domain 2 to go into OU 2

    i configured to different Sync rules each pushing the users into their respective DN, i have a set for each domain and an MPR and Workflow for each OU

    i also enabled equal precedence on all attributes,

    however now something is wrong and its not pushing the users from domain 2 into OU 2... just users from domain 1 to OU 1 i feel it has something to do with precedence but how to fix that issue ? 

    thanks!


    Hitch Bardawil

    Wednesday, February 20, 2013 9:33 AM
  • Hi

    do you have the information in the Metaverse, that determines which domain the user was projected from?

    I would recommend a custom attribute (e.g PrjectionDomain) in the Materverse,

    In, your inbound SyncRule for domain 1 pass the value "DomainOne" to the Materverse Attribute

    In, your inbound SyncRule for domain 2 pass the value "DomainTwo" to the Materverse Attribute (You can Skip this)

    In your Outbound SyncRule for Domain 3 configure an initial flow for the dn attribute through the following Custom Expression

    "CN="+displayName+IIF(Eq(ProjectTionDomain,"DomainOne"),",OU=DomainOne",",OU=DomainTwo")+",DC=contoso,DC=com"

    Use ONE MPR and workflow for your Provisioning.

    You also do not need to bother about attribute precedence.


    Regards Furqan Asghar

    • Marked as answer by HitchB52 Saturday, February 23, 2013 1:52 AM
    Thursday, February 21, 2013 1:09 PM