Security group synchronisation RRS feed

  • Question

  • Hello,

    I have an AD MA, AD LDS MA and FIM MA, I already synchronize group from AD to FIM and AD LDS. 

    Now I want only to export only some groups to FIM ? is that possible to make some filter ? 



    Tuesday, June 9, 2015 9:45 AM

All replies

  • You could create connector filter for groups in the AD MA, or you could put the groups you don't want to sync in an OU that FIM doesn't manage by ensuring the container they are in is unticked on the AD MA under Directory Partitions -> Containers.
    Tuesday, June 9, 2015 10:28 AM
  • Hello,

    I assume with "only Export some groups to FIM" you mean the FIM Portal ?

    You can not filter objects to not being exported to the portal, all mv group objects will always be automaticly privisioned and exported to the portal via webservice.

    The only way is to filter them out from being in the MV.

    Consider maybe setting a attribute on those groups and modifiying the SearchScopes and maybe Sets in Portal to hide those groups from the users.

    I did very similar things by seperating groups in portal by an attribute groupClass, showing different groups to different people an of course hide some groups from all users.


    Peter Stapf - ExpertCircle GmbH - My blog:

    • Proposed as answer by Nosh Mernacaj Tuesday, June 9, 2015 4:03 PM
    Tuesday, June 9, 2015 11:00 AM
  • Actually I can't filter them in the MV because, I have to synchronize them with AD LDS Management Agent. 

    I will use the searchscope for filtering them for users. 

    I have to delete the ERE to exclude some groups in order to not synchronise them


    Thursday, June 11, 2015 8:04 AM
  • I did the searchscope but users can change the Advanced Search !! How can I disable this !!

    Is the only way is to make right MPR for managing some groups ?

    Thursday, June 11, 2015 12:01 PM