locked
FIM ,Password sync from completely separate forests RRS feed

  • Question

  • Hi

    I got a case where we want to use the same FIM server against  several domain forests(no trusts). The reason for this is that sevaral small municipalities want to collaborate but they don't want to merge their domains or create trusts.

    Since its SPN based authentication i can't think of a way to get this to work from another forest without creating trusts.

    is it possible to get the password sync working from all domains without creating trusts between all them?
    password sync will never go between domains ,only from domain to other systems belonging to the municipalities.

     

    Wednesday, May 12, 2010 9:00 AM

Answers

  • If the source domain is where the FIM Sync server will be and you want to push the passwords from this AD to the other AD's, you will not need a trust.

    The trust is only required if the Sync server is in a different forest.


    Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
    Wednesday, May 12, 2010 11:11 PM

All replies

  • Correct.

    The forests must trust each other.

    Wednesday, May 12, 2010 4:15 PM
  • If the source domain is where the FIM Sync server will be and you want to push the passwords from this AD to the other AD's, you will not need a trust.

    The trust is only required if the Sync server is in a different forest.


    Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
    Wednesday, May 12, 2010 11:11 PM
  • If you cant setup a Trust between the source and resource domain, then couldnt you just setup an MA with the same creds as the FimService account and sync it that way? 

    Or is there an alternative method to doing this with this kind of limitation?

    Friday, June 8, 2012 4:24 AM
  • I want to make sure I understand this, as I have a simliar scenario.

    I have forest A, where my FIM Sync server is hosted and which will be the 'master' for all passwords.  I want to sync passwords from Forest A to additional forests "B,C...X" -- you are saying that this does not require a trust, correct?

    Thanks.


    Ed Bell - Specialist, Network Services, Convergys

    Thursday, April 4, 2013 4:12 PM