I have installed RC1 all on a consolidated virtual windows 2008 r2 server in my development domain in order to assess "out of the box" password reset and user provisioning and deprovisioning. Next action is to import just active directory. Same domain that the FIM Server components reside. Do I follow Publishing Active Directory Users from Two Authoritative Data Sources Article even though I am not connecting to an HR database? If you can assist in help me narrow exactly what I need to do to connect to my Directory services in Developement domain that would be helpful.Thanks ahead.

Yes, follow the steps in that article ignoring the HR MA. You still need to configure attribute flow on the FIM MA and you should also utilise declarative synchronisation rules in the portal to define inbound flow rules for the AD connected data source. You will then import (stage) and synchronise the AD MA and export to FIM. And vice-versa. Basically, in your scenario, the AD is your authoritative source of identity objects for the FIM Service.

Club, I would also recommend running through the 'Introduction to Inbound Synchronization' document to familiarise yourself with the architectural model of FIM 2010 and the concepts around Inbound Synchronization, specifically transitioning identity data from a connected data source into FIM. For your AD import scenario.. Within the FIM Synchronization Service, you will need an ADDS MA and a FIM Service MA, configure attribute flow and the relevant run profiles. Within the FIM Portal, you will need an Inbound Synchronization Rule, a Synchronization Rule Action Workflow and a Management Policy Rule to trigger the Workflow. Any problems, post them here.

Thank you for the quick response. Do I still need to create the data file? Also is it best practice to create a separate OU for the newly created FIM objects? Or can I just configure it to point to the appropriate OU for the object to be created. I definitely need to reread the doc again.

I created service accounts as part of the installation for MA and and the service; the ADDS MA and FIM Service MA accounts you mention are additional accounts to be created for for configuration of the synchronization service? Thanks MMS Guru. Keep you posted.

As long as you are in testing mode, you should just use a sample OU.Later, you can add all OUs you need.Cheers,Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

I'm getting "faileded-search" status in the connection log while initializing my ADMA (Full Import).I have confirmed on both domain controllers have the user access control set to 532480. Both Domain controllers are also in the Domain Controllers OU.Anyone experience this issue?The users I have created in the FIM portal are displaying the correct "AD Synchronization Rule" in the Expected Rules list and is still in "Pending" Synchronization Rule Status after running the profiles for FIMMA and ADMA.I am trying to complete the "Publishing active directory users..." document with just AD (my test case does not include an HR data source)Thanks ahead.

Please see "Design Concepts: Configuring the ADMA Account" for more details on this topic.This will help you to get rid of the error.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation