none
FIM RRS feed

  • Question

  • Is it possible to take the back up FIM database from different domains ?

    FIM MA only uses classic attribute flow ?

    CAN WE IMPORT THE SET WITH EXPLICIT REFERENCE TO PERSON OR GROUP TO EMPTY ENVIRONMENT?

    ADDING A VALUE TO MULTIVALUED ATTRIBUTE IS A VALID OPERATION UNDER A REQUEST MPR ?

    CORRECT STEP SEQUENCE TO ADD/EXECUTE ORGANIZATIONUNIT IN AD MA ?

    P/W STORED IN RCSW FIELD QUEUES ARE ENCRYPTED UNTIL THEY ARE DELIVERED?

    Thursday, October 13, 2016 9:10 AM

All replies

  • Hello,

    I do not understand your question about taking a backup up FIM database from different domains.  What is it you are trying to do?

    The FIM MA uses classic attribute flow or you can use Synchronization Rules that are in the Portal.

    Not sure what you are trying to do with SETs, but SETs are meant to be a resource in the Portal to be used with MPRs to possibly trigger workflow and handle Portal permissions.  There is nothing stopping you from synchronizing the membership of a SET out to an AD group, assuming you meet AD requirements it would work.  For example, don't expect AD to honor objects that it wouldn't understand. 

    You can grant permission to allow a SET of people to add to a multi-valued attribute.

    To add an OU in the AD MA for provisioning, you would go to the "Configure Provision Hierarchy" tab of the AD MA, click on "ou" in the DN component, organizationalUnit in Directory ObjectClass, and click New.  If you attempted to provision to an OU that does not exist, FIM/MIM will automatically create the OU for you.

    P/W stored in RCSW field queues.  Not following you here.  Are you asking about how password synchronization would handle a new password reset?  The password change notification service (PCNS) encrypts the password and sends it to the FIM/MIM server which then determines, based on your rules, which system(s), if any, should receive the new password.

    Best,

    Jeff Ingalls

    Friday, October 14, 2016 4:17 AM
  • From my experience - there is no issue or nothing hard/unexpected if you would restore backup of FIMSynchronizationService from Domain.com to domaintest.com machine (so to completely other environment). Of course, you will need to configure connectivity of most of MAs you have and probably re-create AD connectors, but the synch engine will be filled up with data from domain.com.

    But I have found that there is no way (that I know) to restore FIMService database in other domain than it was created. I have failed with any idea that came to my mind (including changes of SIDs directly in the database). FIMService just won't accept DB from other domain.

    So, unfortunately, the only way to move configuration from prod to test (or opposite way) is to export XML, take changes and import to destination environment.

    This is only to answer your first question here.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Sunday, October 16, 2016 5:34 PM
  • Thanks a lot for your Response .

     Regarding 1st Question , I want to know whether we can do the backup process for FIM Database from different domain . Example :- Database installed in Asia-pac domain and I am trying to do the backup process from Europe Domain . Is it possible to do ?

    Regarding 3rd Question , I want to know CAN WE IMPORT THE SET WITH EXPLICIT REFERENCE TO PERSON OR GROUP TO EMPTY ENVIRONMENT . I know about set but whether we can create set with Explicit Reference ?

    Regarding 4th Question :- Can you let me know how many types of MPRs are there ?

    Regarding 6th Question :- Yes its PCNS , sorry by mistake I wrote different 

    Monday, October 17, 2016 12:11 PM
  • Hi I Want to Know whether we can do the process of backing up the database from different domain .

    The answer you gave is the thing we do post backup process (Restoring the backup ) .

    Monday, October 17, 2016 12:18 PM
  • Check it with your DBA team, how the database back up is happening in your environment.

    Regards,
    Anirban Singha

    Monday, October 17, 2016 8:20 PM
  • Q1 - This is a question for your backup team.  These are just like any other database from a backup perspective.

    Q3 - Not without resolving those references in the new environment.

    Q4 - Create a new MPR and you will see the two different types and their description.

    Q6 - PCNS encrypts the password and sends it to the FIM/MIM server which determines, based on your configuration, which system(s) the password should be sent to.

    Best,

    Jeff Ingalls

    Wednesday, October 19, 2016 1:40 AM