none
FIM2010: implementation RRS feed

  • Question

  • Hi,

    I need help about FIM 2010 R2.

    objective:RHhave to be able to populate AD DS by FIM

    I have already make a test platform and I can create my user with FIM and replicate this in my AD. And now i need help ..

    I need information about configuration et best practice.

    Configuration: I create a Outbound to my AD DS.

    Question:

    1/ Can I use only an Outbound configuration or IN and OUtbound configuration is necessary. I think about modifications are realize in AD have to be replicate on FIM in order to be see the modification in FIM. When I think about this exemple, I think that a INbound -Outbound configuration is necessary. This is good?

    2/ What is about specifiy a specific OU for each user. How I can specify the OU for each user to create. For information I have one OU for each site and under this I have a users OU

    3/ What is about specify group member of for each. How I can specify the group that User have to be member.

    4/ What is about Exchange provisionning.

    
    
    
    thanh you by advance for your help. I know they are basic question but I need to have answer by your experience.
    Wednesday, January 30, 2013 4:05 PM

All replies

  • 1) You can absolutely use an In/Out Sync Rule for your purpose.

    2) You could use the Function Evaluator IIF function to do an if/else calculation of the OU. Also, on the AD MA itself you can specify that the OU should be created if it does not exists

    3) Have a lot af using criteria-based group membership where you can specify filters for automatic membership of groups.

    4) For Exchange provisioning, you have to fill out a few Exchange specific attributes on the users and groups (i.e. MailNickName) and then you can enable Exchange provision on the Extensions tab of the AD MA

    Hope this gets you started. There is of course different ways of doings things but hopefully this will push you in the right direction.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Wednesday, January 30, 2013 6:57 PM
  • thank you very much for your precisions. It's clear and I know now how I can do.

    Firstely, I will search about IIF fonction and test it.

    Concerning the IN/out: what is the criteria to choose IN/OUT or only OUT?

    Thursday, January 31, 2013 9:19 AM
  • concerning the OU placement: I have a error.

    1/ I modify my outbound attribute flow in my Synchronisation rule for my DN. Now I have:

    "CN="+displayName+",OU="+CustomExpression(IIF(Eq(physicalDeliveryOfficeName,"OU1"),"OU1,"OU2"))+",DC=JAM,DC=LAB=>dn

    This is for: if I have the attributeofficename as "OU1, the placement are in a OU whose name is "OU1" else the placement is in "OU2".

    Whith this configuration, I have this error:

    Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: The DN must be set before calling CSEntry.CommitNewConnector.

    
    
    
    I have tested to directly insert in "OU1" whitout IIF fonction and it work.
    Thursday, January 31, 2013 1:20 PM
  • the error appear when I want to give a variable for "OU=", when I fixe it I don't have any pb ...

    Thursday, January 31, 2013 2:14 PM
  • I found my arror concerning OU placement: I did'nt flow the attribut "Location" to the metaverse!

    Next step: AD GROUP!

    Thursday, January 31, 2013 2:48 PM