BHOLD FIM Provisioning Installation

  • Article

Applies To: Forefront Identity Manager 2010

The BHOLD FIM Provisioning module consists of the following components:

  • BHOLD FIM Synchronization Service

  • BHOLD FIM Provisioning Connector

These components transfer data between the BHOLD database, used by BHOLD Core and other modules, and the FIM Synchronization Service.  To perform the transfer of data into or out of the FIM Synchronization Service metaverse, they both rely upon SQL Server Management Agents (MAs) that you must create by using the FIM Synchronization Service Manager. The BHOLD FIM Synchronization Service brings records for users and organizational unit data from tables populated by FIM into BHOLD. The BHOLD FIM Provisioning Connector component prepares records of group membership changes to be transferred from BHOLD into FIM.

For more information about how the BHOLD FIM Provisioning module works with the FIM Synchronization Service, see Microsoft BHOLD Suite Concepts Guide.

For more information about general requirements for installing BHOLD Suite, see Microsoft BHOLD Suite Installation Guide.

BHOLD FIM Provisioning installation requirements

Before installing the BHOLD FIM Provisioning module, you must have previously installed the BHOLD Core module on the same server. In addition, the FIM 2010 or FIM 2010 R2 Synchronization Service must be installed on the same or another server in the same domain as the BHOLD server. For information about installing BHOLD Core, see BHOLD Core Installation. For more information about general requirements for installing BHOLD Suite, see Microsoft BHOLD Suite Installation Guide. For information about installing FIM Synchronization Service, see the FIM Installation Guide in the Forefront Technical Library.

Important

Although BHOLD FIM Integration is not an installation prerequisite, BHOLD FIM Provisioning will not function until you install BHOLD FIM Integration on the same server. See Next steps for information about tasks required to enable BHOLD FIM Provisioning to work with FIM Synchronization Service.

Before you begin

When you install the BHOLD FIM Provisioning module, you must be prepared to provide logon credentials during the setup process, and you must add settings to the Windows Registry before installing the BHOLD FIM Provisioning module. This section will help you prepare to meet these requirements.

Registry settings

In order to prepare the BHOLD FIM Provisioning module to work with the FIM Synchronization Service, two registry values must be set in the Windows Registry before the BHOLD FIM Provisioning module is installed. Before installing the BHOLD FIM Provisioning module, create the following values in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\bhold\b1Core:

  • DomainName Specifies the fully qualified domain name of the Active Directory Domain Services (AD DS) domain, in distinguished-name format. For example, if the BHOLD server is a member of the corp.fabrikam.com domain, the value for DomainName would be dc=corp,dc=fabrikam,dc=com.

  • BFSSManageAttributeRoles Specifies the name and role-name prefix of one or more user attributes for which attribute roles are automatically created by BHOLD FIM Provisioning, in the following format

    <attribute_name>,<prefix>[;<attribute_name>,<prefix>]…

    For example, BFSSManageAttributeRoles is set to the value jobtitle,JT-;securityclass;SC-. If the first user has the jobtitle attribute set to Analyst and the securityclass attribute set to Restricted, when the first user is provisioned, BHOLD FIM Provisioning creates the attribute roles JT-Analyst and SC-Restricted and assigns them to the first user.

    Important

    To avoid overlapping role names, do not use the same role-name prefixes in the names of other types of roles.

  • BFSSTimer Specifies the number of seconds between runs of the BFSS service.

  • BFPCTimer Specifies the number of seconds between runs of the BFPC service.

To prepare the Windows Registry for BHOLD FIM Provisioning installation

  1. Click Start, type regedit, and then press the ENTER key twice.

  2. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\bhold.

  3. Right-click b1Core, point to New, and then click String Value

  4. Type DomainName, and then press the ENTER key twice.

  5. Type the distinguished name of the AD DS domain of the BHOLD server, and then click OK.

  6. Right-click b1Core, point to New, and then click String Value

  7. Type BFSSManageAttributeRoles, and then press the ENTER key twice.

  8. Type the name and role-name prefix for one or more attributes, and then click OK.

  9. Right-click b1Core, point to New, and then click String Value

  10. Type BFSSTimer, and then press the ENTER key twice.

  11. Type 300, and then click OK.

  12. Right-click b1Core, point to New, and then click String Value

  13. Type BFPCTimer, and then press the ENTER key twice.

  14. Type 300, and then click OK.

  15. Close Registry Editor.

Warning

Do not set the BFPCTimer or BFSSTimer values to a number lower than 300. Doing so may degrade system performance or result in system instability.

Installation worksheet

When you begin to install the BHOLD FIM Provisioning module, you need to be prepared to provide account settings that the BHOLD FIM Provisioning Setup wizard requires to complete the installation. The following worksheet will help you record that information so you will be ready to supply it when it is needed.

Item Description Value

Use Security Provider on Domain/Machine

When selected, specifies that AD DS security will control access to BHOLD Core.

Select the check box.

Important

The installation will fail if this check box is not selected.

Domain

Specifies the domain that contains the service account that you created when installing BHOLD Core. For more information, see BHOLD Core Installation.

The domain name is supplied automatically by the wizard. Change the name only if it is incorrect.

Important

Specify the domain name by using the NetBIOS (short) name, not the fully qualified domain name (FQDN). For example, if the FQDN of the domain is fabrikam.com, specify the domain name as FABRIKAM.

User

Specifies the logon name of the BHOLD Core service user account.

Write the user account name here:

Password

Specifies the password of the BHOLD Core service user account.

Write the password here:

Important

Be sure to keep this password in a hidden, secure location.

BHOLD FIM Provisioning setup

To install the BHOLD FIM Provisioning module, log on as a member of the Domain Admins group, download the following file and run it as administrator on the server that you intend to install the BHOLD Core module on:

  • BholdFIMProvisioning <Version>_Release.msi

Replace <Version> with the version number of the BHOLD FIM Provisioning release that you are installing.

To run the program file as an administrator, right-click the file and then click Run as administrator.

Next steps

After successfully installing BHOLD FIM Provisioning, you must also install BHOLD FIM Integration on the same server. For more information, see BHOLD FIM Integration Installation.

To begin synchronizing user data between the BHOLD database and the FIM Synchronization Service metaverse, you must create four SQL Server management agents (MAs) to connect the four intermediate database tables used by the BHOLD FIM Provisioning module to the FIM Synchronization Service metaverse. In addition, you must also configure the FIM Synchronization Service with provisioning rules to synchronize user, organizational unit, group, and membership data with these MAs. For more information about how the BHOLD FIM Provisioning module works with the FIM Synchronization Service, see Microsoft BHOLD Suite Concepts Guide, Microsoft BHOLD Suite Technical Reference, and Test Lab Guide: BHOLD FIM Integration.