none
FIM New User - Domain field population RRS feed

  • Question

  • I currently have FIM integrated with an AD instance DOMAIN_A. The FIM server instance is itself a member server of the DOMAIN_A Domain Services and I have a management agent for provisioning new accounts to DOMAIN_A.  As I would expect, when creating a new user I see DOMAIN_A as the only option in the Domain field of the new user form.

    However, if I create a new management agent for say DOMAIN_B and another for DOMAIN_C, domains of which the FIM server is not a member, will I see B and C appear in the Domain drop down list within the new user form?  Or is it as easy as just configuring that field to show what ever domains I want it to by hardcoding the list?  If so, where do I do that?

    Thanks!


    • Edited by Osho27 Friday, January 4, 2013 5:50 AM
    Friday, January 4, 2013 5:49 AM

Answers

  • You have to go to FIM portal and create additional objects of domain and forest configuration. Just go to FIM portal as administrator, go to Administration -> All resources and you will see "Forest configuration" and  "Domain Configuration" options

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Marked as answer by Osho27 Friday, January 4, 2013 3:15 PM
    Friday, January 4, 2013 7:15 AM
  • during the installation of FIM, FIM will automatically create a domain configuration object for the AD domain it is a member of. For other AD domains within the same AD forest you have to create the domain configuration objects yourself! I would also suggest to create forest configuration object(s) as these are not created by default
     
    In addition, when creating a user in the FIM portal that needs to be provisioned into some AD domain, you can do either one of the following:
    * Adjust the RCDC of the person object to show the drop down list of the AD domains (for which a domain configuration object exists) so that you can select the correct AD domain �??> based upon that info you can provision the object through the correct MA, if using multiple MAs, and when using one MA for some AD forest it will be able to determine the correct DN (after you have created the attribute flow based upon some logic)
    OR
    * determine the correct AD domain automatically based upon the input of some information. The rest of the stuff as mentioned above (MA, DN, etc) still applies
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "Osho27" wrote in message news:f46a447f-8a71-445e-ab53-017c3a5822ae@communitybridge.codeplex.com...

    I currently have FIM integrated with an AD instance DOMAIN_A. The FIM server instance is itself a member server of the DOMAIN_A Domain Services and I have a management agent for provisioning new accounts to DOMAIN_A.  As I would expect, when creating a new user I see DOMAIN_A as the only option in the Domain field of the new user form.

    However, if I create a new management agent for say DOMAIN_B and another for DOMAIN_C, domains of which the FIM server is not a member, will I see B and C appear in the Domain drop down list within the new user form?  Or is it as easy as just configuring that field to show what ever domains I want it to by hardcoding the list?  If so, where do I do that?

    Thanks!



    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    • Marked as answer by Osho27 Friday, January 4, 2013 3:15 PM
    Friday, January 4, 2013 8:17 AM

All replies

  • You have to go to FIM portal and create additional objects of domain and forest configuration. Just go to FIM portal as administrator, go to Administration -> All resources and you will see "Forest configuration" and  "Domain Configuration" options

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Marked as answer by Osho27 Friday, January 4, 2013 3:15 PM
    Friday, January 4, 2013 7:15 AM
  • during the installation of FIM, FIM will automatically create a domain configuration object for the AD domain it is a member of. For other AD domains within the same AD forest you have to create the domain configuration objects yourself! I would also suggest to create forest configuration object(s) as these are not created by default
     
    In addition, when creating a user in the FIM portal that needs to be provisioned into some AD domain, you can do either one of the following:
    * Adjust the RCDC of the person object to show the drop down list of the AD domains (for which a domain configuration object exists) so that you can select the correct AD domain �??> based upon that info you can provision the object through the correct MA, if using multiple MAs, and when using one MA for some AD forest it will be able to determine the correct DN (after you have created the attribute flow based upon some logic)
    OR
    * determine the correct AD domain automatically based upon the input of some information. The rest of the stuff as mentioned above (MA, DN, etc) still applies
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "Osho27" wrote in message news:f46a447f-8a71-445e-ab53-017c3a5822ae@communitybridge.codeplex.com...

    I currently have FIM integrated with an AD instance DOMAIN_A. The FIM server instance is itself a member server of the DOMAIN_A Domain Services and I have a management agent for provisioning new accounts to DOMAIN_A.  As I would expect, when creating a new user I see DOMAIN_A as the only option in the Domain field of the new user form.

    However, if I create a new management agent for say DOMAIN_B and another for DOMAIN_C, domains of which the FIM server is not a member, will I see B and C appear in the Domain drop down list within the new user form?  Or is it as easy as just configuring that field to show what ever domains I want it to by hardcoding the list?  If so, where do I do that?

    Thanks!



    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    • Marked as answer by Osho27 Friday, January 4, 2013 3:15 PM
    Friday, January 4, 2013 8:17 AM