My goal is to manage group memberships between 2 AD forests. The same groups and users appear in each forest. If one user is added to or removed from a group in AD1, I need it removed from AD2. Just a simple one way sync. Is this as simple as syncing users? Thank youMori7

It depends on how complex your requirements are... How do you want to manage the groups? Do you want to manage members manually, or use conditions/criteria? (dynamically managed) Do you want to use the FIM portal or a kind of group management MA? (cfr licensing) Which will be the master source(s)? (FIM, in 1 AD, in both AD...) Kind regards, Peter Peter Geelen (Traxion) - Sr. Consultant IDA (http://www.fim2010.be) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster.]

Peter, AD1 will be the master source. I just want to make sure that the memberships are in sync between the 2 AD. I want it as simple as possible. If a dude is added/removed to and from one group in AD1, FIM automagically replicates the changes in AD2. Thank you for your time.Mori7

So, you just want it really really basic: - groups and their members replicated 1-on-1 from source (AD1) to target (AD2)? - AD1 master / AD2 slave - no advanced data flows, no complexity Also meaning: - changes not allowed in AD2 for objects managed by source AD1 - changes in AD2 will be reverted by FIM if they contradict with the source AD. Correct? In that case you just need FIM Sync with 2 AD MAs, an import flow from the source AD and an export flow to the target AD MA. Assuming proper MA configuration, like object types, attributes (including Members), join/projection, deprovisioning, attribute flow precedence set... For this scenario you don't need the portal/web functionality of FIM... Kind regards, PeterPeter Geelen (Traxion) - Sr. Consultant IDA (http://www.fim2010.be) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster.]

Peter, right on as far as the scenario is concerned. Works great, I was trying o be too fancy with the portal when I did not need to, Thank youMori7