Hi, Is this a possible scenario: forest 1 with FIM deployed and the password portal configured. forest 2 and 3 - no FIM deployed. Can forests 2 and 3 (where no FIM exists) make use of the FIM portal in forest 1 for password resets? Forest 1 would be connected to forest 2 and 3 via ADMA and would populate the FIM Portal...potentially giving users in forest 2 and 3 password reset functionality in forest 1? thanks

Well, for the users to be able to register their passwords, they should be able to authenticate to the FIM Service/Portal. So I would expect youd also need some trusts in place. More particular the Forest (or domain) with the FIM services in it should trust the other 2 forests (or domains). Without those trusts I don't think you can have self service password reset functionality working. Regards, Thomashttp://setspn.blogspot.com

So essentialy you are saying this is potentially a do-able solution, providing that trusts exist between the forests. so the statement listed on http://technet.microsoft.com/en-us/library/ee534892(WS.10).aspx#step_6 might only be correct for the test lab... "A client computer running the Windows XP Service Pack 2 (SP2), Windows Vista Enterprise, or Windows 7 32-Bit or 64-Bit operating system hosting the FIM Add-in and Extensions in the same domain as the FIM 2010 server components."

Check this out: Password Reset Scenario requirements question If Anthony says it's ok, it's ok! Kind regards, Thomashttp://setspn.blogspot.com

Thank you Thomas, again for your help.

cross-forest SSPR is supported provided there is necessary trust between forests