Microsoft Office SharePoint® Server 2007 |
Log on to FIM as a user from the Contoso.com forest. |
|
- Ensure that Office SharePoint Server 2007 is configured for multi-forest browsing.
|
Office SharePoint Server 2007 |
Log on to FIM as a user from the Fabrikam.com forest. |
|
- Ensure that Office SharePoint Server 2007 is configured for multi-forest browsing.
|
Users |
Create a user in the Fabrikam domain. |
|
- Permissions: Ensure that you have the rights to create a user.
- Domain not present in combox: Ensure that you have created the Fabrikam.com domain and forest correctly.
|
Users |
Create a user in the Contoso domain. |
|
- Permissions: Ensure that you have the rights to create a user.
- Domain not present in combox: Ensure that you have created the Fabrikam domain and forest correctly.
|
Security groups |
Create a security group in the Fabrikam domain. |
|
- Permissions: Ensure that you have the rights to create a security group.
- Domain not present in combox: Ensure that you have created the Fabrikam domain and forest correctly.
|
Security groups |
Create a security group in the Contoso domain. |
|
- Permissions: Ensure that you have the rights to create a security group.
- Domain not present in combox: Ensure that you have created the Fabrikam domain and forest correctly.
|
Distribution lists |
Create a distribution list in the Fabrikam domain. |
|
- Permissions: Ensure that you have the rights to create a distribution list.
- Domain not present in combox: Ensure that you have created the Fabrikam domain and forest correctly.
|
Distribution lists |
Create a distribution list in the Contoso domain. |
|
- Permissions: Ensure that you have the rights to create a distribution list.
- Domain not present in combox: Ensure that you have created the Fabrikam domain and forest correctly.
|
Sets |
Verify that the Fabrikam AD DS Users set is populated with the Fabrikam User. |
|
- Sets: Ensure that the AD DS User provisioning set is created correctly.
|
Sets |
Verify that the Contoso AD DS Users set is populated with the Contoso User. |
|
- Sets: Ensure that the AD DS User provisioning set is created correctly.
|
Sets |
Verify that the Fabrikam AD DS Security Group set is populated with the Fabrikam Security Group. |
|
- Sets: Ensure that AD DS Security Group provisioning set is created correctly.
|
Sets |
Verify that the Contoso AD DS Security Group set is populated with the Contoso Security Group. |
|
- Set: Ensure that AD DS Security Group provisioning set is created correctly.
|
Sets |
Verify that the Fabrikam AD DS Distribution List set is populated with the Fabrikam distribution list. |
|
- Sets: Ensure that the AD DS Distribution List provisioning set is created correctly.
|
Sets |
Verify that the Contoso AD DS Distribution List set is populated with the Contoso distribution list. |
|
- Sets: Ensure that the AD DS Distribution List provisioning set is created correctly.
|
Requests |
Verify that the request to create the Fabrikam User triggered the AD DS User provisioning workflow. |
|
- Workflow: Ensure that the AD DS User provisioning workflow is created correctly.
- Management policy rule (MPR): Ensure that the AD DS User provisioning MPR is created correctly.
|
Requests |
Verify that the request to create the Contoso User triggered the AD DS User provisioning workflow. |
|
- Workflow: Ensure that the AD DS User provisioning workflow is created correctly.
- MPR: Ensure that the AD DS User provisioning MPR is created correctly.
|
Requests |
Verify that the request to create the Fabrikam Security Group triggered the AD DS Security Group provisioning workflow. |
|
- Workflow: Ensure that the AD DS Security Group provisioning workflow is created correctly.
- MPR: Ensure that the AD DS Security Group provisioning MPR is created correctly.
|
Requests |
Verify that the request to create the Contoso Security Group triggered the AD DS Security Group provisioning workflow. |
|
- Workflow: Ensure that the AD DS Security Group provisioning workflow is created correctly.
- MPR: Ensure that the AD DS Security Group provisioning MPR is created correctly.
|
Requests |
Verify that the request to create the Fabrikam distribution list triggered the AD DS Distribution List provisioning workflow. |
|
- Workflow: Ensure that the AD DS Distribution List provisioning workflow is created correctly.
- MPR: Ensure that the AD DS Distribution List provisioning MPR is created correctly.
|
Requests |
Verify that the request to create the Contoso distribution list triggered the AD DS Distribution List provisioning workflow. |
|
- Workflow: Ensure that the AD DS Distribution List provisioning workflow is created correctly.
- MPR: Ensure that the AD DS Distribution List provisioning MPR is created correctly.
|
Synchronization |
Run Import and Sync on the FIM management agent (MA). This should result in all users and groups being provisioned to Active Directory® Domain Services(AD DS). |
|
- Users and Groups not imported: Import again 60 seconds after creation of users and groups.
- Users not provisioned to AD: Ensure that AD DS User synchronization rules are created correctly.
- Security groups are not provisioned to AD DS: Ensure that AD DS Security Group synchronization rules are created correctly.
- Distribution lists are not provisioned to AD DS: Ensure that AD DS Distribution List synchronization rules are created correctly.
|
Synchronization |
Run Export on the AD DS MA. This should result in all users and groups being created in AD DS. |
|
- Permissions: Ensure that the AD MA credentials have Write access.
|
Synchronization |
Run Import and Sync on the AD MA. This should result in all users and groups in FIM being updated with e-mail messages and security identifiers (SIDs). |
|
- Permissions: Ensure that the AD MA credential have directory replicate privileges.
|
Synchronization |
Run Export on the FIM MA. This should result in all users and groups in FIM being populated with e-mail messages and SIDs. |
|
- Permissions: Ensure that the FIM MA credentials are configured correctly.
|
Sets |
Verify that the Fabrikam AD DS Contacts for User set is populated with the Contoso User. |
|
- Sets: Ensure that AD DS Contacts for User provisioning set is created correctly.
- Ensure that the Domain Synchronization workflow and MPR are created correctly.
- Ensure that the Domain Configuration objects correctly reference the Forest Configuration objects.
|
Sets |
Verify that the Contoso AD DS Contacts for Users set is populated with the Fabrikam User. |
|
- Ensure that AD DS Contacts for User provisioning set is created correctly.
- Ensure that the Domain Synchronization workflow and MPR are created correctly.
- Ensure that the Domain Configuration objects correctly reference the Forest Configuration objects.
|
Sets |
Verify that the Fabrikam AD DS Contacts for Mail-enabled Security Group set is populated with the Contoso Security Group. |
|
- Ensure that AD DS Contacts for Mail Enabled Security Group provisioning set is created correctly.
- Ensure that the Domain Configuration objects correctly reference the Forest Configuration objects.
|
Sets |
Verify that the Contoso AD DS Contacts for Mail Enabled Security Group set is populated with the Fabrikam Security Group. |
|
- Ensure that AD DS Contacts for Mail Enabled Security Group provisioning set is created correctly.
- Ensure that the Domain Synchronization workflow and MPR are created correctly.
- Ensure that the Domain Configuration objects correctly reference the Forest Configuration objects.
|
Sets |
Verify that the Fabrikam AD DS Contacts for Distribution List set is populated with the Contoso distribution list. |
|
- Ensure that the AD DS Contacts for Distribution List provisioning set is created correctly.
- Ensure that the Domain Synchronization workflow and MPR are created correctly.
- Ensure that the Domain Configuration objects correctly reference the Forest Configuration objects.
|
Sets |
Verify that the Contoso AD DS Contacts for Distribution List set is populated with the Fabrikam distribution list. |
|
- Ensure that the AD DS Contacts for Distribution List provisioning set is created correctly.
- Ensure that the Domain Synchronization workflow and MPR are created correctly.
- Ensure that the Domain Configuration objects correctly reference the Forest Configuration objects.
|
Synchronization |
Run Import and Sync on the FIM MA. This should result in all contacts being provisioned to AD DS. |
|
- Users and Groups not updated: Import again 60 seconds after creation of users and groups.
- User Contacts not provisioned to AD DS: Ensure that AD DS Contacts for User synchronization rules are created correctly.
- Mail-Enabled Security Group Contacts are not provisioned to AD: Ensure that AD DS Contacts for Mail-enabled Security Group synchronization rules are created correctly.
- Contacts for Distribution Lists are not provisioned to AD DS: Ensure that AD DS Contacts for Distribution List synchronization rules are created correctly.
|
Synchronization |
Run Export on the AD MA. This should result in all contacts being created in AD DS. |
|
- Ensure that the AD MA credentials have Write access to AD DS.
|
Synchronization |
Run Import and Sync on the AD DS MA. This should result in no updates to FIM. |
|
- It is possible that some detail in AD DS may have changed. If the update to FIM occurs, ensure that it makes sense given the state of AD DS.
|
Groups |
Add the Contoso User to the Fabrikam distribution list. |
|
- Permissions: Ensure that you have the rights to update a distribution list.
|
Groups |
Add the Fabrikam User to the Contoso distribution list. |
|
- Permissions: Ensure that you have the rights to update a distribution list.
|
Groups |
Add the Contoso distribution list to the Fabrikam distribution list. |
|
- Permissions: Ensure that you have the rights to update a distribution list.
|
Groups |
Add the Fabrikam distribution list to the Contoso distribution list. |
|
- Permissions: Ensure that you have the rights to update a distribution list.
|
Synchronization |
Run Import and Sync on the FIM MA. This should result in distribution list membership updates to AD DS. |
|
- Users and Groups are not updated: Import again 60 seconds after creation of users and groups.
- Membership is not updated to AD DS. Ensure that AD DS distribution list synchronization rules are created correctly.
|
Synchronization |
Run Export on the AD MA. This should result in membership updates exported to AD DS. |
|
- Ensure that the AD MA credentials have Write access to AD DS.
|
Synchronization |
Run Import and Sync on the AD MA. This should result in no updates to FIM. |
|
- It is possible that some detail in AD DS may have changed. If the update to FIM occurs, ensure that it makes sense given the state of AD DS.
|
Active Directory Users and Computers |
Ensure that the Fabrikam distribution list contains the Contoso User and Contoso distribution list. |
|
- User is not a member: Ensure that the Contact for the Contoso User has been created.
- Distribution List is not a member: Ensure that the Contact for the Contoso distribution list has been created.
|
Active Directory Users and Computers |
Ensure that the Contoso distribution list contains the Fabrikam distribution list. |
|
- User is not a member: Ensure that the Contact for the Fabrikam User has been created.
- Distribution List is not a member: Ensure that the Contact for the Fabrikam distribution list has been created.
|
Groups |
Add the Contoso User to the Fabrikam Security Group. |
|
- Permissions: Ensure that you have the rights to update a Security Group.
|
Groups |
Add the Fabrikam User to the Contoso Security Group. |
|
- Permissions: Ensure that you have the rights to update a Security Group.
|
Requests |
Verify that the request to update the Fabrikam Security Group triggered the Group Membership Validation workflow. |
|
- Workflow: Ensure that the Group Membership Validation workflow is created correctly.
- MPR: Ensure that the Group Membership Validation MPR is created correctly.
|
Requests |
Verify that the request to update the Contoso Security Group triggered the Group Membership Validation workflow. |
|
- Workflow: Ensure that the Group Membership Validation workflow is created correctly.
- MPR: Ensure that the Group Membership Validation MPR is created correctly.
|
Sets |
Verify that the Fabrikam AD DS Foreign Security Principals (FSPs) for User set is populated with the Contoso User. |
|
- Sets: Ensure that AD DS FSPs for User provisioning set is created correctly.
|
Sets |
Verify that the Contoso AD DS FSP for Users set is populated with the Fabrikam User. |
|
- Sets: Ensure that AD DS FSPs for User provisioning set is created correctly.
|
Groups |
Add the Contoso Security Group to the Fabrikam Security Group. |
|
- Permissions: Ensure that you have the rights to update a Security Group.
|
Groups |
Add the Fabrikam Security Group to the Contoso Security Group. |
|
- Permissions: Ensure that you have the rights to update a Security Group.
|
Requests |
Verify that the request to update the Fabrikam Security Group triggered the Group Membership Validation workflow. |
|
- Workflow: Ensure that the Group Membership Validation workflow is created correctly.
- MPR: Ensure that the Group Membership Validation MPR is created correctly.
|
Requests |
Verify that the request to update the Contoso Security Group triggered the Group Membership Validation workflow. |
|
- Workflow: Ensure that the Group Membership Validation workflow is created correctly.
- MPR: Ensure that the Group Membership Validation MPR is created correctly.
|
Sets |
Verify that the Fabrikam AD DS FSPs for Security Group set is populated with the Contoso Security Group. |
|
- Ensure that AD DS FSPs for Mail-enabled Security Group provisioning set is created correctly.
|
Sets |
Verify that the Contoso AD DS FSPs for Security Group set is populated with the Fabrikam Security Group. |
|
- Ensure that AD DS FSPs for Mail-enabled Security Group provisioning set is created correctly.
|
Synchronization |
Run Import and Sync on the FIM MA. This should result in Security Group membership updates to AD DS. |
|
- Users and Groups are not updated: Import again 60 seconds after creation of users and groups.
- Membership is not updated to AD DS: Ensure that AD DS Security Groups synchronization rules are created correctly.
|
Synchronization |
Run Export on the AD MA. This should result in membership updates to AD DS. |
|
- Ensure that the AD MA credentials have Write access to AD DS.
|
Synchronization |
Run Import and Sync on the AD MA. This should result in no updates to FIM. |
|
- It is possible that some detail in AD DS may have changed. If the update to FIM occurs, ensure that it makes sense given the state of AD DS.
|
Active Directory Users and Computers |
Ensure that the Fabrikam Security group contains the Contoso User and Contoso Security Group. |
|
- User is not a member: Ensure that the FSP for the Contoso User has been created.
- Security Group is not a member: Ensure that the FSP for the Contoso Security Group has been created.
|
Active Directory Users and Computers |
Ensure that the Contoso Security Group contains the Fabrikam User and Fabrikam Security Group. |
|
- User is not a member: Ensure that the FSP for the Fabrikam User has been created.
- Security Group is not a member: Ensure that the FSP for the Fabrikam distribution list has been created.
|