FIM password reset across different forests
Hi,
Is this a possible scenario:
forest 1 with FIM deployed and the password portal configured.
forest 2 and 3 - no FIM deployed.
Can forests 2 and 3 (where no FIM exists) make use of the FIM portal in forest 1 for password resets?
Forest 1 would be connected to forest 2 and 3 via ADMA and would populate the FIM Portal...potentially giving users in forest 2 and 3 password reset functionality in forest 1?
thanks
March 14th, 2011 6:08pm
Well, for the users to be able to register their passwords, they should be able to authenticate to the FIM Service/Portal. So I would expect youd also need some trusts in place.
More particular the Forest (or domain) with the FIM services in it should trust the other 2 forests (or domains).
Without those trusts I don't think you can have self service password reset functionality working.
Regards,
Thomashttp://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 6:17pm
So essentialy you are saying this is potentially a do-able solution, providing that trusts exist between the forests.
so the statement listed on
http://technet.microsoft.com/en-us/library/ee534892(WS.10).aspx#step_6 might only be correct for the test lab...
"A client computer running the Windows XP Service Pack 2 (SP2), Windows Vista Enterprise, or Windows 7 32-Bit or 64-Bit operating system hosting the FIM Add-in and Extensions in the same domain as the FIM 2010 server components."
March 14th, 2011 6:26pm
Check this out:
Password Reset Scenario requirements question
If Anthony says it's ok, it's ok!
Kind regards,
Thomashttp://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 6:31pm
Thank you Thomas, again for your help.
March 14th, 2011 6:35pm
cross-forest SSPR is supported provided there is necessary trust between forests
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 8:55pm