none
Synchronizing nested active directory groups

    Question

  • Hello dears..

    is there any way to sync groups between active directory and MIM 2016 without expanding nested groups and convert it to a group that contains members only ?

    I have some cases that I need to manage membership of nested groups without the members expanding, please help.

    thank you :)

    Thursday, July 12, 2018 9:38 AM

All replies

  • Hello,

    sure you can do that. It is one of the main features of FIM/MIM to transport and keep the referential integrity intact between all systems.

    For that to work, all referenced objects needs to be present in MIM MV and the CS's of the Coneectors.

    See also: https://social.technet.microsoft.com/wiki/contents/articles/331.understanding-reference-attributes-processing-in-fim.aspx

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Thursday, July 12, 2018 10:58 AM
  • thank you dear Peter,

    I know about reference object, I usually use it for user's manager and assistant, but I really appreciate it if you explain more about how I can use reference objects to keep an active directory group contains users and groups with out expanding, noting that I manage groups membership with BHOLD and I think that's why I can't keep the nested groups...

    Thank you again


    • Edited by rasa.92 Thursday, July 12, 2018 1:00 PM
    Thursday, July 12, 2018 12:59 PM
  • Hi

    I never used the Bhold part of MIM so I'm not very familiar with that.

    From the default MIM Sync and Portal side you need to do nothing to keep nested group references beside tha fact that all referenced objects need to be in the MV and both (all) connector spaces you what to have the nested group references.

    So maybe someone with more experience in bhold can help out here if maybe Bhold breaks the nesting.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Thursday, July 12, 2018 1:20 PM