none
What is necessary for FIM to connect to an AD in another forest? RRS feed

  • Question

  • Hello

    I have FIM 2010 R2 installed on fim1.fim1.local working happily provisioning users into fim1.local domain.

    Now due to merger we have a second forest    additional.local  

    What is necessary for the existing FIM install to manage users on the additional.local forest as I cannot connect without error?

    I can access the additional.local DC from the FIM Server and read the directory. Port 389 is open. I have a domain account on additional.local.

    When I try to make an AD MA. I get the error message:

    "Failed to search on DN cn=Aggregate,cn=Schema,cn=Configuration,dc=additional,dc=local"

    and error code is 0x34.

    I tried these values:

    Forest:   addDC.additional.local

    User Name: Administrator

    Password: ***

    Domain: additional

    Where am I going wrong?

    Friday, July 11, 2014 11:21 AM

Answers

  • Can you telnet from the FIM Sync server to the additional forest?  Sounds like it might be a firewall problem.  Please check the following ports to make sure they are open.  Also,try connecting to the additional domain from ADUC on your local FIM server to confirm connectivity.

    If this post has been useful please click the green arrow to the left or click Propose as answer

    • Marked as answer by HaroldHare Tuesday, July 29, 2014 6:59 AM
    Friday, July 11, 2014 2:52 PM

All replies

  • Can you telnet from the FIM Sync server to the additional forest?  Sounds like it might be a firewall problem.  Please check the following ports to make sure they are open.  Also,try connecting to the additional domain from ADUC on your local FIM server to confirm connectivity.

    If this post has been useful please click the green arrow to the left or click Propose as answer

    • Marked as answer by HaroldHare Tuesday, July 29, 2014 6:59 AM
    Friday, July 11, 2014 2:52 PM
  • Yes I can connect to the external forrest when the DCs have ports 389 88 53 and 464 listening.

    However, just one oddity in this FIM. When I push the "Containers" button to select the containers. I must first  configure and Add the preferred domain controller  (as given on previous dialog form) before I get the list of OUs.

    After configuring I can switch it off and all is Ok.

    just a comment,just wondering why.

    *HH

    Tuesday, July 29, 2014 7:41 AM