Configuring an Active Directory Management Agent

Forefront Identity Manager 2010 Installation & Configuration

Anthony Marsiglia & Kristopher Tackett

Microsoft Premier Field Engineering

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, our provision of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The descriptions of other companies’ products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Prepared by Anthony Marsiglia & Kristopher Tackett
Microsoft Premier Field Engineering

Forefront Identity Manager 2010 Installation & Configuration

Configuring an Active Directory Management Agent

Before we can manipulate users and/or groups with the FIM Synchronization Engine, it is necessary that we create Management Agents. Here, we will create a Management Agent for connecting to Active Directory.

Begin by opening the Synchronization Engine

In the menu on the top right-hand corner, select “Create”

This will open the “Create Management Agent” wizard. For “Management agent for:”, select “Active Directory Domain Services”. Enter a name for this MA, then click “Next” to continue

Enter your Forest name, as well as an administrative user account, its password and domain, then click “Next”

Select the partition you wish to manage. Next, click on “Containers”

This will open a list of available containers. Select the ones you wish to manage with FIM, then click “OK”

This will return you to the previous window. Click “Next” to continue.

For the time being, we will leave this default. Click “Next” to continue.

Under “Object Types”, place a check in the box next to “user” and click “Next”

Select the attributes you wish to manage, then click “Next”

For “Data surce attribute:”, select “displayName”. For “Operator:”, select “Equals”. For “Value:”, enter “Administrator”. Click “Add Condition”, then click “OK”

Next, for “Data surce attribute:”, select “displayName”. For “Operator:”, select “Equals”. For “Value:”, enter “Built-in Synchronization Account”, click “Add Condition” then click “OK”.

When finished, click “Next”

For “Join and Projection Rules”, you may leave this default and click “Next” to continue

For “Attribute Flow”, you may leave this default and click “Next” to continue.

For “Deprovisioning”, you may leave this default and click “Next” to continue.

For “Extensions”, you may leave this default. Now, click “Finish”

Page 12

Prepared by Anthony Marsiglia & Kristopher Tackett
Microsoft Premier Field Engineering