Import AD accounts using MA does not add Domain


  • I am able to import AD accounts from AD to FIM. The only issue I have is that I have to manually select the domain the account is in. I go into the FIM account, select my domain, and submit the changes. It's ok with a couple of people but I can't do this for thousands of AD accounts that come into FIM.
    Friday, February 24, 2012 9:32 PM


All replies

  • Here is one option on the inbound synch rule:

    Alternatively, I assume you've been using the documentation?  It details how to calculate the domain from the CN you pull in.  This is helpful if you are dealing with multiple domains which FIM will be controlling.  If you only have one, as I do, the string to domain synch will work fine.

    Friday, February 24, 2012 9:58 PM
  • Unless you have multiple domains per MA, this simple method is all you need. Otherwise you need to either inspect the DN or objectSID to figure out the source domain

    Frank C. Drewes III - Senior Consultant: Oxford Computer Group

    Sunday, February 26, 2012 9:17 AM
  • You can find a discussion on how to calculate the domain attribute in How Do I Synchronize Users from Active Directory Domain Services to FIM.


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Tuesday, February 28, 2012 1:42 PM
  • Ok I did not have a domain filed orginally set in the FIM active directory inbound sync section. I set the string to be the name of our domain and restarted the server but that didn't work. I am now testing using the custome expression with the SID approach to see if this works.

    Thursday, March 08, 2012 6:13 PM
  • Thanks Markus! Your link helped me find out exactly what I needed to do. I had to use the custom expresson with my SID even though I only use 1 domain. What I wonder though is since we have multiple domains, if FIM automatically thought that I might use multiple domains even though I'm not.
    Thursday, March 08, 2012 9:51 PM