Export (0) Print
Expand All

Step 6: Configure the Environment

In this section we will configure the environment so that we are able to synchronize Active Directory Users with the FIM Portal.

Create Active Directory Organizational Unit

In this step you will be creating an organizational unit in Active Directory. This OU will be used to contain your FIM objects.

To create Active Directory organizational units

  1. Log on to DC1 as corp\Administrator.

  2. Click Start, select Administrative Tools, and then click Active Directory Users and Computers. This will open the Active Directory Users and Computers MMC.

  3. In the Active Directory Users and Computers MMC, from the tree-view on the left, right-click corp.contoso.com, select New, and then select Organizational Unit.

  4. In the Name text box, type the following text, and then click OK:
    FIMObjects

Move users to our new OU

In this step we will move Britta and Lola into our FIMObjects OU.

To Move users to our new OU

  1. In the Active Directory Users and Computers MMC, select the Users OU.

  2. On the right, select Britta Simon and Lola Jacobson using the CTRL key and drag them to the new FIMObjects OU.

  3. On the pop-up window that says moving objects can prevent your existing system from working, click Yes.

Set additional Attributes on our Users

In this step we will set employee ID and employee type on our users.

To Set additional Attributes on our Users

  1. In the Active Directory Users and Computers MMC, select the FIMObjects OU.

  2. Select Britta Simon, right-click and select Properties.

  3. Click the Attribute Editor tab. Ensure that Advanced Features is enabled.

  4. Scroll down to employeeID, click edit, enter 10 for the value and click OK.

    Attribute Editor

  5. Scroll down to employeeType, click edit, enter Full Time Employee for the value and click OK.

  6. Click Apply. Click OK.

  7. Select Lola Jacobson, right-click and select Properties.

  8. Click the Attribute Editor tab. Ensure that Advanced Features is enabled.

  9. Scroll down to employeeID, click edit, enter 11 for the value and click OK.

  10. Scroll down to employeeType, click edit, enter Full Time Employee for the value and click OK.

  11. Click Apply. Click OK.

Assigning group membership

This task is necessary to grant your sample users the right to interactively log on to FIM1.

To assign group membership

  1. In the Active Directory Users and Computers MMC, select the Builtin OU.

  2. In the list of objects, double-click the Server Operators security group.

  3. Select the Members tab, and then click Add.

  4. In the Object Names text box, type Britta Simon;Lola Jacobson . Click Check Names. Ensure they resolve with an underline.

  5. Click OK. Click Apply. Click OK.

Create a Distribution Group

In this step we will create one distribution group in our AD environment

To Create a Distribution Group

  1. Log on to the EX1.corp.contoso.com server as Administrator.

  2. Click Start, click All Programs, click Microsoft Exchange Server 2010, and then click Exchange Management Console.

  3. In the Exchange Management Console, click Microsoft Exchange On-Premises.

    WarningWarning
    This may bring up a Microsoft Exchange box that says The following servers in your organization running Exchange Server 2010 are unlicensed. It will list EX1. If you plan to use this test lab for more than 120 days you will need to enter a product key. For now, just hit OK.

  4. In the Exchange Management Console, expand Microsoft Exchange On-Premises (ex1.corp.contoso.com), expand Recipient Configuration, right-click Distribution Group, and then select New Distribution Group. This will bring up the New Distribution Group wizard.

  5. On the Introduction, click Next.

  6. Place a check in Specify an Organizational Unit rather than using a default one: and Browse for the FIMObjects OU. Click OK.

  7. In the Name text box, type IT Discussion.

  8. In the Alias text box, enter ITD. Click Next.

  9. Click New. Once it is done, click Finish.

    distribution group

  10. Leave Exchange Management Console open as it will be used for the next procedure.

Add a member to our Distribution Group

In this step we will add a member to our distribution group.

To add a member to our Distribution Group

  1. In Exchange Management Console, double-click on the IT Discussion group we just created.

  2. At the top, click the Members tab and then click Add.

  3. Select Britta Simon and click OK.

  4. Click Apply. Click OK.

  5. Close Exchange Management Console.

Enable Synchronization Rule Provisioning

Next you will enable Synchronization Rule Provisioning. This will enable the configured synchronization rules during a synchronization run. This setting is specifically for the declarative provisioning feature which we’ll be using in this lab.

To enable Synchronization Rule Provisioning

  1. In the Synchronization Service Manager, at the top of the portal page, click Tools, and then select Options.

  2. Select Enable Synchronization Rule Provisioning.

  3. Click OK.

    Enable synch rule prov

Create the AD Management Agent

In this procedure, you will create the AD DS management agent.

To create the AD DS management agent

  1. Log on to FIM1 as CORP\Administrator.

  2. Click Start, select All Programs, select Forefront Identity Manager, and click Synchronization Service. This will bring up the FIM 2010 R2 Synchronization Service.

  3. At the top, click Management Agents.

  4. On the right, click Create. This will begin the Create Management Agent wizard.

  5. Under Management Agent for, use the drop-down list and select Active Directory Domain Services.

  6. In the text box under Name, enter the following text, and then click Next:
    AD

  7. In the text box next to Forest name, enter corp.contoso.com.

  8. In the text box next to User name, enter Administrator.

  9. In the text box next to Password, enter the Administrators password.

  10. In the text box next to Domain, enter CORP.

    Create AD MA

  11. Click Next.

  12. In the Select directory partitions list, click DC=corp,DC=contoso,DC=com.

  13. Click the Containers button. This will bring up the Select Containers window.

  14. To deselect all selected nodes, click the check next to the DC=corp, DC-contoso,DC=com node.

  15. Select the FIMObjectsnode.

  16. Click OK, and then click Next.

  17. On the Configure Provisioning Hierarchy page, click Next.

  18. On the Select Object Types page, under Object Types, select user and group.

  19. Click Next.

  20. On the Select Attributes page, at the top, click Show all.

  21. Select all of the following attributes:

    • displayname

    • employeeID

    • employeeType

    • givenName

    • groupType

    • mail

    • mailNickname

    • managedBy

    • member

    • objectSid

    • sAMAccountName

    • sn

  22. Click Next.

  23. On the Configure Connector Filter page, click Next.

  24. On the Configure Join and Projection Rules page, click Next.

  25. On the Configure Attribute Flow page, click Next.

  26. On the Configure Deprovisioning page, select Stage a delete on the object for the next export run, and then click Next.

  27. On the Configure Extensions page, in the drop-down next to Provisioning for: select Exchange 2010.

  28. In the box next to Exchange 2010 RPS URI: enter http://ex1.corp.contoso.com/powershell. Click Finish.

Create the FIM Management Agent

Now it is time to create the FIM management agent.

To create the FIM Management Agent

  1. At the top of the Synchronization Service, click Management Agents.

  2. On the right, click Create. This will begin the Create Management Agent wizard.

  3. Under Management Agent for, use the drop-down list and select FIM Service Management Agent.

  4. In the text box under Name, enter FIM.

  5. Click Next.

  6. On the Connect to Database page, in the Server text box, enter APP1.

  7. In the text box next to Database, type FIMService.

  8. In the text box next to FIM Service base address, enter http://FIM1:5725.

  9. In the box, next to Authentication mode box, click Windows integrated authentication.

  10. In the text box next to User name, type FIMMA.

  11. In the Password text box, enter Pass1word$.

  12. In the Domain text box, enter CORP.

    Create FIM MA 1

  13. Click Next.

  14. On the Select Object Types page, place a check in the box next to Person and Group, then click Next.

  15. On the Select Attributes page, check the box at the top next to Show All, verify that all of the attributes are selected, and then click Next.

  16. On the Configure Connector Filter page, click Next.

  17. On the Configure Object Type Mappings page, click Person, and then click Add Mapping. This will bring up a mapping window.

  18. On the mapping window, make sure person is selected for Metaverse object type, and then click OK. This will close the mapping window.

    Create FIM MA 2

  19. On the Configure Object Type Mappings page, click Group, and then click Add Mapping. This will bring up a mapping window.

  20. On the mapping window, make sure group is selected for Metaverse object type, and then click OK. This will close the mapping window. Click Next.

  21. On the Configure Attribute Flow page, from the drop-down list under Data source object type, select Person.

  22. From the drop-down list under Metaverse object type list, select person.

  23. For Mapping Type, select Direct.

  24. From the list below Data source attribute, select AccountName.

  25. From the list below Metaverse attribute, select accountName.

  26. For Flow Direction,select Export. Ensure that Allow Nulls is not selected. Click New.

  27. Repeat the above steps for each of the attribute entries in the following table.

     

    Data source attribute Flow direction Metaverse attribute

    AccountName

    Export

    accountName

    DisplayName

    Export

    displayName

    Domain

    Export

    domain

    EmployeeID

    Export

    employeeID

    EmployeeType

    Export

    employeeType

    Email

    Export

    mail

    FirstName

    Export

    firstName

    LastName

    Export

    lastName

    ObjectSID

    Export

    objectSid

  28. On the Configure Attribute Flow page, from the drop-down list under Data source object type, select Group.

  29. From the drop-down list under Metaverse object type list, select group.

  30. For Mapping Type, select Direct.

  31. From the list below Data source attribute, select AccountName.

  32. From the list below Metaverse attribute, select accountName.

  33. For Flow Direction,select Export. Ensure that Allow Nulls is not selected. Click New.

  34. Repeat the above steps for each of the attribute entries in the following table.

     

    Data source attribute Flow direction Metaverse attribute

    AccountName

    Export

    accountName

    DisplayName

    Export

    displayName

    Domain

    Export

    domain

    Email

    Export

    mail

    MailNickName

    Export

    mailNickName

    Member

    Export

    member

    ObjectSID

    Export

    objectSid

    Scope

    Export

    scope

    Type

    Export

    type

    MembershipAddWorkflow

    Export

    membershipAddWorkflow

    MembershipLocked

    Export

    membershipLocked

    DisplayName

    Import

    displayName

    Scope

    Import

    scope

    Type

    Import

    type

    Member

    Import

    member

    AccountName

    Import

    accountName

    DisplayedOwner

    Import

    dsiplayedOwner

    MailNickname

    Import

    mailNickname

  35. Once all the attribute flows have been added, click Next.

  36. On the Configure Deprovisioning page, select Stage a delete on the object for the next export run, and then click Next.

  37. On the Configure Extensions page, click Finish.

Create the Run Profiles for the AD MA

Now that the AD MA has been created, you will create run profiles for the management agent.

To create the run profiles for the AD MA

  1. Click the AD Management Agent so it is highlighted.

  2. On the right, under Actions menu, click Configure Run Profiles. This opens the Configure Run Profiles window.

  3. Click New Profile. This will begin the Configure Run Profile wizard.

  4. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Full Import

  5. On the Configure Step page, from the drop-down list under Type, select Full Import (Stage Only), and then click Next.

  6. On the Management Agent Configuration page, click Finish.

  7. Click New Profile.

  8. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Full Synchronization

  9. On the Configure Step page, from the drop-down list under Type, select Full Synchronization, and then click Next.

  10. On the Management Agent Configuration page, click Finish.

  11. Click New Profile.

  12. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Delta Import

  13. On the Configure Step page, from the drop-down list under Type, select Delta Import (Stage Only), and then click Next.

  14. On the Management Agent Configuration page, click Finish.

  15. Click New Profile.

  16. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Delta Synchronization

  17. On the Configure Step page, from the drop-down list under Type, select Delta Synchronization, and then click Next.

  18. On the Management Agent Configuration page, click Finish. Click New Profile.

  19. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Export

  20. On the Configure Step page, from the drop-down list under Type, select Export, and then click Next.

  21. On the Management Agent Configuration page, click Finish.

  22. Click Apply, and then click OK.

AD Run Profile

Create the Run Profiles for the FIM MA

Now that the FIM MA has been created, you will need to create run profiles for the management agent.

To create the run profiles for the FIM MA

  1. Click the FIM Management Agent so it is highlighted.

  2. On the right, under Actions menu, click Configure Run Profiles. This opens the Configure Run Profiles window.

  3. Click New Profile. This will begin the Configure Run Profile wizard.

  4. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Full Import

  5. On the Configure Step page, from the drop-down list under Type, select Full Import (Stage Only), and then click Next.

  6. On the Management Agent Configuration page, click Finish.

  7. Click New Profile.

  8. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Full Synchronization

  9. On the Configure Step page, from the drop-down list under Type, select Full Synchronization, and then click Next.

  10. On the Management Agent Configuration page, click Finish.

  11. Click New Profile.

  12. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Delta Import

  13. On the Configure Step page, from the drop-down list under Type, select Delta Import (Stage Only), and then click Next.

  14. On the Management Agent Configuration page, click Finish.

  15. Click New Profile.

  16. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Delta Synchronization

  17. On the Configure Step page, from the drop-down list under Type, select Delta Synchronization, and then click Next.

  18. On the Management Agent Configuration page, click Finish. Click New Profile.

  19. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Export

  20. On the Configure Step page, from the drop-down list under Type, select Export, and then click Next.

  21. On the Management Agent Configuration page, click Finish.

  22. Click Apply, and then click OK.

Enable the Required MPRs

By default, FIM has several Management Policy Rules disabled.

To enable the required MPRs

  1. Click Start, click All Programs, and then click Internet Explorer (64-bit). This will open Internet Explorer.

  2. In the Internet Explorer toolbar, enter https://fim1/identitymanagement in the address box, and then hit Enter. This will bring up the Forefront Identity Manager 2010 home page.

  3. On the right, under Administration, click Management Policy Rules.

  4. In the list of MPRs, locate General: Users can read non-administrative configuration resources and click it. This will open the Configuration page.

  5. Clear the check box next to Policy is disabled.

  6. Click OK, and then click Submit.

    Enable MPRs

  7. Repeat the above steps for each of the MPR entries in the following table.

     

    Management policy rule Disabled

    General: Users can read non-administrative configuration resources

    No

    User management: Users can read attributes of their own

    No

    User management: Users can read selected attributes of other users

    No

    Distribution List management: Owners can read attributes of group resources.

    No

    Distribution List management: management: Owners can update and delete groups that they own.

    No

    Distribution List management: Users can add or remove any members of groups subject to owner approval.

    No

    Distribution List management: Users can add or remove any members of groups that don’t require owner approval.

    No

    Distribution List management: Users can read selected attributes of group resources.

    No

    Distribution List management: Users can create Static Distribution Groups.

    No

    Synchronization: Synchronization account can read group resources it synchronizes

    No

    Synchronization: Synchronization account controls group resources it synchronizes

Create the AD Inbound User Synch Rule

Now you will create the codeless inbound user synchronization rule. This provisions and flows the attributes of our users to the FIM Portal.

To create the AD Inbound User Synch Rule

  1. At the bottom, on the left of the page, click Administration. This will bring up the Administration page. Click Synchronization Rules

  2. At the top, click New.

  3. On the General tab, in the text box next to Display Name type AD Inbound User Synch Rule.

  4. Under Data Flow Direction, select Inbound, and then click Next.

  5. On the Scope tab, provide the following information, and then click Next:

    • Metaverse Resource Type: person

    • External System: AD

    • External System Resource Type: user

  6. On the Relationship tab, provide the following information, and then click Next:

    1. Relationship Criteria:

      • MetaverseObject:person(Attribute): employeeID

      • ConnectedSystemObject:person(Attribute): employee ID

  7. Place a check in the box next to Create resource in FIM. Click Next.

  8. On the Inbound Attribute Flow tab, provide the information in the following table, and then click Finish.

     

    Source Destination

    displayName

    displayName

    employeeID

    employeeID

    employeeType

    employeeType

    givenName

    firstName

    objectSid

    objectSid

    sAMAccountName

    accountName

    sn

    lastName

    mail

    mail

    1. For each row in the previous table, complete the following steps:

      1. To open the Flow Definition dialog box, click New Attribute Flow.

      2. On the Source tab, select the attribute shown for that row in the table.

      3. On the Destination tab, select the attribute shown for that row in the table.

      4. To apply the attribute flow configuration, click OK.

        inbound synch

  9. On the Inbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  10. On the Source tab, in the attributes list, select String, and then type CORP in the text box.

  11. On the Destination tab, select domain in the attributes list.

  12. To apply the attribute flow configuration, click OK.

  13. Click Finish, and then click Submit.

Create the Group Synchronization Rule

Now you will create the codeless inbound/outbound synchronization rule for groups. This provisions and flows the attributes of our groups to the FIM Portal and AD.

To create the Inbound/Outbound Group Synchronization Rule

  1. Still on the Synchronization Rules page, at the top, click New.

  2. On the General tab, in the text box next to Display Name type Group Synchronization Rule.

  3. Under Data Flow Direction, select Inbound and Outbound, and then click Next.

  4. On the Scope tab, provide the following information, and then click Next:

    • Metaverse Resource Type: group

    • External System: AD

    • External System Resource Type: group

  5. On the Relationship tab, provide the following information, and then click Next:

    1. Relationship Criteria:

      • MetaverseObject:person(Attribute): accountName

      • ConnectedSystemObject:person(Attribute): sAMAccountName

  6. Place a check in the box next to Create resource in FIM.

  7. Place a check in the box next to Create resource in external system.

  8. Place a check in the box next to Disconnect FIM resource from external system resource when this Syncrhonization Rule is removed. Click Next.

  9. On the Workflow Parameters page, click Next.

  10. On the Outbound Attribute Flow tab, provide the information in the following table, and then click Finish.

     

    Source Destination

    displayName

    displayName

    diplayedOwner

    managedBy

    accountName

    sAMAccountName

    member

    member

    mailNickname

    mailNickname

    1. For each row in the previous table, complete the following steps:

      1. To open the Flow Definition dialog box, click New Attribute Flow.

      2. On the Source tab, select the attribute shown for that row in the table.

      3. On the Destination tab, select the attribute shown for that row in the table.

      4. To apply the attribute flow configuration, click OK.

      5. Click Next.

  11. On the Outbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  12. On the Source tab, in the attributes list, select CustomExpression, and then in the box that appears enter IIF(Eq(type,"Distribution"),IIF(Eq(scope,"Universal"),8,IIF(Eq(scope,"Global"),2,4)),IIF(Eq(scope,"Universal"),-2147483640,IIF(Eq(scope,"Global"),-2147483646,-2147483644))) in the text box.

  13. On the Destination tab, select groupType in the attributes list.

  14. To apply the attribute flow configuration, click OK.

  15. On the Outbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  16. On the Source tab, in the attributes list, select String and then in the box that appears enter CN= then select Concatenate Value and select displayName and click Concatenate Value and select String and then enter ,OU=FIMObjects,DC=corp,DC=contoso,DC=com

    ImportantImportant
    It should look like the following when done: “CN=”+displayName+”,OU=FIMObjects,DC=corp,DC=contoso,DC=com”» dn

  17. On the Destination tab, select dn in the attributes list.

  18. To apply the attribute flow configuration, click OK.

  19. Place a check in Initial Flow Only.

    Group Out

  20. On the Inbound Attribute Flow tab, provide the information in the following table, and then click Finish.

     

    Source Destination

    sAMAccountName

    accountName

    displayName

    displayName

    mailNickName

    mailNickName

    member

    member

    mail

    mail

    objectSid

    objectSid

    1. For each row in the previous table, complete the following steps:

      1. To open the Flow Definition dialog box, click New Attribute Flow.

      2. On the Source tab, select the attribute shown for that row in the table.

      3. On the Destination tab, select the attribute shown for that row in the table.

      4. To apply the attribute flow configuration, click OK.

  21. On the Inbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  22. On the Source tab, in the attributes list, select String, and then type CORP in the text box.

  23. On the Destination tab, select domain in the attributes list.

  24. To apply the attribute flow configuration, click OK.

  25. On the Inbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  26. On the Source tab, in the attributes list, select String, and then type false in the text box.

  27. On the Destination tab, select membershipLocked in the attributes list.

  28. To apply the attribute flow configuration, click OK.

  29. On the Inbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  30. On the Source tab, from the drop-down list select CustomExpression.

  31. In the box that appears, enter IIF(Eq(BitAnd(2,groupType),2),"Global",IIF(Eq(BitAnd(4,groupType),4),"DomainLocal","Universal")).

  32. Click OK.

  33. On the Destination tab, select scope in the attributes list.

  34. To apply the attribute flow configuration, click OK.

  35. On the Inbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  36. On the Source tab, from the drop-down list select CustomExpression.

  37. In the box that appears, enter IIF(Eq(BitOr(14,groupType),14),"Distribution","Security").

  38. Click OK.

  39. On the Destination tab, select type in the attributes list.

  40. To apply the attribute flow configuration, click OK.

  41. On the Inbound Attribute Flow tab, click New Attribute Flow. This will bring up the Flow Definition page.

  42. On the Source tab, in the attributes list, select String, and then type Owner Approval in the text box.

  43. On the Destination tab, select membershipAddWorkflow in the attributes list.

  44. To apply the attribute flow configuration, click OK.

    Group In

  45. Click Finish, and then click Submit.

Creating the AD Group Outbound Workflow

To configure the AD Group Outbound workflow, you use the related wizard pages.

To create the AD Group Outbound Workflow

  1. On the left of the page, click Workflows. This will bring up the Workflows page. At the top click New.

  2. On the General tab, provide the following information:

    • Workflow Name: AD Group Outbound Workflow

    • Workflow Type: Action

  3. Place a check in Run on Policy Update. Click Next.

  4. On the Activities tab, in the Activity Picker, select Synchronization Rule Activity, and then click Select.

  5. In the Synchronization Rules list, select Group Synch Rule and in the Action Selection options, select Add then click Save.

  6. Click Finish.

  7. On the Summary tab, click Submit.

    AD Workflow

Create the AD Group Outbound MPR

To configure the MPR, you use the related wizard pages.

To create the AD Group Outbound MPR

  1. On the left of the page, click Management Policy Rules. This will bring up the Management Policy page. At the top click New.

  2. On the General tab, in the box next to Display Name enter AD Group Outbound MPR.

  3. On the Type, select Set Transition. Click Next.

  4. On the Transition Definition tab, in the Transition Set box, enter All Groups, click Validate so that it resolves and click Next:

    mpr 1

  5. On the Policy Workflows tab, perform the following steps, and then click Next:

    • In the Action Workflows list, select AD Group Outbound Workflow.

    mpr 2

  6. On the Summary tab, click Submit.

Set Attribute Precedence on Attributes

Now you will need to set the attribute precedence on attributes for the group object. Equal precedence allows multiple management agents to multi-master a metaverse attribute.

To set the attribute precedence on attributes

  1. In the Synchronization Service Manager, at the top, click Metaverse Designer.

  2. From the list of Object types select group.

  3. Down under the list of attributes, select accountName,and on the lower right, click Configure Attribute Flow Precedence.

  4. Place a check in the box that says Use equal precedence and click OK.

  5. Repeat the above steps for each of the entries in the following list:

    • displayName

    • mailNickname

    • member

    • scope

    • type

    Attribute Precedence

Initializing the FIM Management Agent

To initialize the FIM MA, you must run a complete synchronization cycle on this management agent. The complete cycle consists of the run profile runs in the following table.

 

Step Run profile name

1

Full import

2

Full synchronization

3

Export

4

Delta import

ImportantImportant
After running the export run profile on the FIM MA, you should wait a minute or two before running the confirming delta import.

To initialize the FIM MA

  1. Open Synchronization Service Manager, and on the Tools menu, click Management Agents.

  2. In the Management Agents list, select FIM.

  3. To open the Run Management Agent dialog box, on the Actions menu, click Run.

  4. For each row in the table immediately preceding this procedure, complete the following steps:

    1. To open the Run Management Agent dialog box, on the Actions menu, click Run.

    2. In the Run profiles list, select the run profile shown for that row in the table, and then click OK to start it.

  5. To start the run profile, click OK.

    init 1

Initializing the AD Management Agent

To initialize the AD MA, you must run a full import and a full synchronization on it. In this sequence, the sample users are brought into the metaverse and also staged in the connector space of the FIM MA. To complete the initialization of the AD MA, you must also run an export and a confirming import on the FIM MA.

 

Step Management agent Run profile name

1

AD

Full import

2

AD

Full synchronization

3

FIM

Export

4

FIM

Delta import

To initialize the AD MA

  1. Open the Synchronization Service Manager, and on the Tools menu, click Management Agents.

  2. For each row in the previous table, complete the following steps:

    1. In the Management Agents list, select the management agent shown for that row in the table.

    2. To open the Run Management Agent dialog box, on the Action menu, click Run.

    3. In the Run profiles list, select the run profile shown for that row in the table, and then click OK to start it.

init 2

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft