svc-fimma managed by FIM RRS feed

  • Question

  • I have a couple of questions

    a)Can we have FIM managing all the FIM service accounts in AD (like how it manages the regular user account)? If not, what are the service accounts we shouldnot have in the portal?

    b)I had the service accounts managed by FIM. When FIMMA FS ran, svc-fimma is throwing error saying the accounts already exists in AD management agent. Can someone tell me why this is occurring?

    • Edited by fim_sc Monday, December 9, 2013 1:21 PM
    Monday, December 9, 2013 1:15 PM

All replies

  • Hello,

    For the first question, it's possible to manage FIM Service Account, but i don't recommand it. Service accounts are not regular user accounts (they are not managed on the same way, for exemple: password management, deletion rules, OU, naming convention,...). Note that FIM is normally used for user management (or groups, roles,...), not for an entire AD console delegation. I think it's not good to manage service account in FIM, but it's just my opinion :)

    For the second question, I think you have first created the service account in AD, and then in FIM Portal. But you don't have any join rule in AD Management Agent. You have to add a join rule (for exemple based on the accountname) in order to join CS Object to MV Object. Then this error will never occurred.

    Monday, December 9, 2013 5:13 PM
  • Thanks. a) The service accounts set up of our AD is same as regular accounts.

    b)For the second question, I already have AD join rule. All the other service accounts are joined except svc-fimma.

    Monday, December 9, 2013 6:15 PM
  • For A - yes I have many customers that do this through FIM to varying degrees.

    For B - a screenshot of the error and any related details would be a helpful start.

    Thanks, Brian

    Monday, December 9, 2013 7:13 PM
  • Brian,

    I have attached a screenshot. In FIMMA - I  have built-in sync account as dis-connector and in AD MA, I have svc-fimma service account as disconnector. Recently when svc-fimma was loaded to FIM, this error started appearing in FIMMA DS.

    • Edited by fim_sc Monday, December 9, 2013 7:27 PM
    Monday, December 9, 2013 7:26 PM
  • Yeah so sync rules are provisioning rather than joining. Try turning off sync rule provisioning, doing a delta sync, and then turning them back on. You should see a join.

    Thanks, Brian

    Monday, December 9, 2013 7:56 PM
  • It helped. The error disappeared on a delta sync. I am running a FS on FIMMA to see if I am getting the error again. Thank you very much.
    Monday, December 9, 2013 8:41 PM
  • Brian, The error appeared again at FIMMA FS. What I did was

    a) turn off the syn rule prov

    b) ran ds for a couple of times

    c)turn on the sync rule prov

    d) ran FIMMA  FS

    Monday, December 9, 2013 10:55 PM
  • I don't know of an easy way around this with sync rules. This is really easy to do with a traditional metaverse rules extension.

    Thanks, Brian

    Monday, December 9, 2013 11:10 PM
  • what is it I can do in MV rules extension?
    Monday, December 9, 2013 11:34 PM
  • Try :

    a) turn off the syn rule prov

    b) ran FS on AD MA (you have to see the join here), then E+DI+FS on FIM MA

    c)turn on the sync rule prov

    d) ran FIMMA  FS

    Tuesday, December 10, 2013 3:28 PM