This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.First published on MSDN on Nov 17, 2016
This is the second post in a series on management agent configuration. In Part 1 , I covered configuration of an Active Directory management agent. In this post, I’d like to step through the FIM Service Management Agent (FIMMA). While you don’t necessarily have to have a FIMMA, you cannot move data between the Portal and Sync service without one.
Before we can manipulate users and/or groups with the FIM Synchronization Engine, it is necessary that we create Management Agents. Here, we will create a Management Agent for connecting the Synchronization Engine with the FIM Service Portal.
Begin by opening the Synchronization Engine
In the menu on the top right-hand corner, select “Create”
This will open the “Create Management Agent” wizard. For “Management agent for:”, select “FIM Service Management Agent”. Enter a name for this MA, then click “Next” to continue
Enter the name of the server, database and FIM Service base address. Next, select “Windows Integrated Authentication” and enter the previously created service account, password and domain, then click “Next” to continue.
In the “Object Types” window, be sure to select “Person” and then click “Next” to continue.
In the “Attributes” window, you may select as many (or as few) attributes as you wish. Please note, however, that only attributes selected here will be available in the FIM Portal.
For “Connector Filter”, you may configure these using the same steps found under this tab on the ADMA, found here . In my environment, I filter two accounts: administrator and the Built-in Synchronization Account . Administrator is the default portal admin account (typically, the account you were logged in as when you installed the service/portal). The Built-in Synchronization Account is a default account (and very important one!) that gets created during the install. This is the account which fires workflows, performs modifications and generally does work for you in FIM; break it and everything goes off the rails.
For “Configure Object Type Mappings”, as a best practice, there are two things we should do. First, select “Group”, click on “Add Mapning” and in the drop-down menu next to “Metaverse object type:”, select “group”. Click “OK”
Next, select “Person”, click on “Add Mapping”, and in the drop-down menu next to “Metaverse object type:”, select “person”. Click “OK”, and then click “Next” to continue.
For “Attribute Flow”, you may leave these default. Please note, if you wish you flow custom attributes, you will need to create an associated flow here. Click “Next” to continue.
For “Deprovisioning”, you may choose the default, choose to make explicit disconnectors or choose to stage a deletion. Click “Next” to continue.
“Extensions” may be left default. To complete configuration and build the Management Agent, click “Finish”
Questions? Comments? Love FIM so much you can’t even stand it?
>WE WANT TO HEAR FROM YOU<