none
Import Active Directory DG's into FIM 2010 / 2010 R2 portal RRS feed

  • Question

  • We have about 1,000 distribution groups that have been created in AD over the last 10 years.  We have only been using FIM for about 2 years and only have about 100 FIM managed DG's.

    Does anybody know if it is possible to import these 1,000 legacy distribution groups into FIM so that they can be managed from within the FIM portal?

    Friday, August 3, 2012 12:47 AM

Answers

  • How complex or straight forward it all is really depends on what the configuration of your environment is in terms of the criteria for provisioning groups into AD, permissions for modifying groups etc

    It sounds like it could be as simple as creating the legacy DGs in the FIM Portal. To do this there are basically two options

    1. create them in the Portal using Powershell (by modifying a script like this one http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/107bc4af-26be-46fe-aca7-5c875a0bcfc5/) or
    2. creating temporary policies within FIM to load the groups into the Portal directly from Active Directory.

    Depending on your comfort level in Powershell/changing FIM provisioning logic I'd recommend getting a partner in to assist.

    • Marked as answer by MRMO Friday, December 28, 2012 1:31 PM
    Monday, August 6, 2012 12:52 AM

All replies

  • You certainly can - it sounds your FIM managed groups are in a different AD container to the legacy 1000? 

    Basically you would need to do a migration to load them in to the Portal initially and then do some additional configuration within FIM to allow it manage them within AD moving forward.

    Andrew.

    Friday, August 3, 2012 1:25 AM
  • No, actually the legacy DG's are in the same OU as the FIM managed DG's.

    How do you get them into the FIM portal, and what is the additional configuration you mentioned?

    This would be cool if it works because we have migrated to Office 365 and now users cannot manage their own DG's via Outlook and FIM could possibly present a solution to this problem if you are correct...

    Friday, August 3, 2012 9:01 PM
  • How complex or straight forward it all is really depends on what the configuration of your environment is in terms of the criteria for provisioning groups into AD, permissions for modifying groups etc

    It sounds like it could be as simple as creating the legacy DGs in the FIM Portal. To do this there are basically two options

    1. create them in the Portal using Powershell (by modifying a script like this one http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/107bc4af-26be-46fe-aca7-5c875a0bcfc5/) or
    2. creating temporary policies within FIM to load the groups into the Portal directly from Active Directory.

    Depending on your comfort level in Powershell/changing FIM provisioning logic I'd recommend getting a partner in to assist.

    • Marked as answer by MRMO Friday, December 28, 2012 1:31 PM
    Monday, August 6, 2012 12:52 AM
  • I'll attempt your option 2 appraoch first.  I don't think I need to get any partners / consultants.

    Thanks

    Thursday, August 9, 2012 2:10 AM