locked
Configure MIM 2016 Sync for multiple forests RRS feed

回答

  • Hi,

    I suppose that you already have 1 ADMA and 1 SPMA in the MIM.

    To synchronize user profiles with multi-forests using MIM 2016 for SharePoint, check the following steps:

    1. Configure 1-way or 2-way forest trust between current domain and the remaining domains.

    2. Open MIM and click Management Agents tab.

    3. Highlight ADMA and then click Export Management Agent on the right window.

    4. Save exported file with .xml extension.

    5. Then click Import Management Agent and import the .xml exported previously.

    6. On the step Create Management Agent, change the Name and click Next.

    7. On the Connect to Active Directory Forest step, change the forest name to the trusted forest and then input the credential.

    8. Configuration on the Partition Matching window.

    9. Click Ok.

    10. On the Configure Directory Partitions step, highlight your forest node and click Containers.

    11. Select the OUs that contains the users you want import into SharePoint.

    12. Click OK.

    13. Click Next.

    14. For the remaining steps, no need to change anything and just click Next and then ends up with the Finish button.

    15. Open PowerShell command prompt.

    16. Run following command to sync users from both forests:

    Start-ManagementAgent -Name ADMA -RunProfile FULLIMPORT
    
    Start-ManagementAgent -Name ADMA -RunProfile FULLSYNC
    
    Start-ManagementAgent -Name ADMA2 -RunProfile FULLIMPORT
    
    Start-ManagementAgent -Name ADMA2 -RunProfile FULLSYNC
    
    Start-ManagementAgent -Name SPMA -RunProfile FULLIMPORT
    
    Start-ManagementAgent -Name SPMA -RunProfile FULLSYNC
    
    Start-ManagementAgent -Name SPMA -RunProfile EXPORT
    
    Start-ManagementAgent -Name SPMA -RunProfile DELTAIMPORT
    
    Start-ManagementAgent -Name SPMA -RunProfile DELTASYNC


    If there are more forests, follow above steps and change the sync script accordingly.

    Best Regards,

    Linda Zhang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2017年10月27日 7:12

すべての返信

  • Hi,

    I suppose that you already have 1 ADMA and 1 SPMA in the MIM.

    To synchronize user profiles with multi-forests using MIM 2016 for SharePoint, check the following steps:

    1. Configure 1-way or 2-way forest trust between current domain and the remaining domains.

    2. Open MIM and click Management Agents tab.

    3. Highlight ADMA and then click Export Management Agent on the right window.

    4. Save exported file with .xml extension.

    5. Then click Import Management Agent and import the .xml exported previously.

    6. On the step Create Management Agent, change the Name and click Next.

    7. On the Connect to Active Directory Forest step, change the forest name to the trusted forest and then input the credential.

    8. Configuration on the Partition Matching window.

    9. Click Ok.

    10. On the Configure Directory Partitions step, highlight your forest node and click Containers.

    11. Select the OUs that contains the users you want import into SharePoint.

    12. Click OK.

    13. Click Next.

    14. For the remaining steps, no need to change anything and just click Next and then ends up with the Finish button.

    15. Open PowerShell command prompt.

    16. Run following command to sync users from both forests:

    Start-ManagementAgent -Name ADMA -RunProfile FULLIMPORT
    
    Start-ManagementAgent -Name ADMA -RunProfile FULLSYNC
    
    Start-ManagementAgent -Name ADMA2 -RunProfile FULLIMPORT
    
    Start-ManagementAgent -Name ADMA2 -RunProfile FULLSYNC
    
    Start-ManagementAgent -Name SPMA -RunProfile FULLIMPORT
    
    Start-ManagementAgent -Name SPMA -RunProfile FULLSYNC
    
    Start-ManagementAgent -Name SPMA -RunProfile EXPORT
    
    Start-ManagementAgent -Name SPMA -RunProfile DELTAIMPORT
    
    Start-ManagementAgent -Name SPMA -RunProfile DELTASYNC


    If there are more forests, follow above steps and change the sync script accordingly.

    Best Regards,

    Linda Zhang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2017年10月27日 7:12
  • That worked! Thanks a lot!

    After #14 I configured the 'Run Profiles' for the new management agent.

    I am using the below scripts for delta sync.

    Start-ManagementAgent -Name ADMA -RunProfile DELTAIMPORT

    Start-ManagementAgent -Name ADMA -RunProfile DELTASYNC

    Start-ManagementAgent -Name ADMA2 -RunProfile DELTAIMPORT

    Start-ManagementAgent -Name ADMA2 -RunProfile DELTASYNC

    Start-ManagementAgent -Name SPMA -RunProfile DELTAIMPORT

    Start-ManagementAgent -Name SPMA -RunProfile DELTASYNC

    Start-ManagementAgent -Name SPMA -RunProfile EXPORT

    Start-ManagementAgent -Name SPMA -RunProfile DELTAIMPORT

    Start-ManagementAgent -Name SPMA -RunProfile DELTASYNC


    2017年10月31日 5:29
  • #8. Configuration on the Partition Matching window. 

    Partition Matching window doesn't allow me to click OK, OK button is disabled

    


    If my contribution helps you, please click Mark As Answer on that post and Vote as Helpful

    Thanks, ShankarSingh(MCP)

    2018年3月14日 8:14
  • Please ignore my last question, I have managed to go through 'Partition Matching'.

    If my contribution helps you, please click Mark As Answer on that post and Vote as Helpful

    Thanks, ShankarSingh(MCP)

    2018年3月14日 9:17
  • Hi Nikhil,

    How did you get past the partition matching window? I can't seem to find a way. Please advise!

    Regards,

    Waseem

    2018年6月13日 9:17