Migrating from OpenLDAP to Active Directory With FIM
HY friends! I have a directory services based on OPENLDAP and i need to migrate to a new Active Directory Forest. I Wonna know if with the FIM 2010 is this possible natively? And About the client computers and users profiles? I Heard that on this version of the product is possible... can someone help me, telling if is possible and some link about the case.
April 13th, 2010 8:40pm

Hi Flavio! There is an Open Source OpenLDAP Management agent that unfortunately hasn't been updated for FIM but there's a workaround for making it work described here: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/210b9cd2-193e-404c-a9e9-a1edc2b54050 . AD is of course natively supported when you install FIM. About computers and profiles it depends what you wish to do but if you would like to manage computer resources within FIM it's doable and there's a guide that explains how this could be done here: http://technet.microsoft.com/en-us/library/ee534912(WS.10).aspx I don't think there's a good guide yet on how to manage user profiles but the recommended way to do it is by using custom workflows triggered after a user exists within the target AD but I assure it's possible even thought it requires some coding. //HenrikHenrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2010 9:08pm

It seems that the fix in the link Henrik provided is either not complete, or doesn't work. Does anyone have a known, complete, working solution that doesn't involve "a little coding"? One that doesn't have "it should work" anywhere in the description, but includes "it WILL work"? :) As always, THANK YOU all for the help!
April 15th, 2010 12:31pm

Hi Robert!As with most products from Microsoft, FIM requires some coding for special cases that is not considered standard by the product team therefore they've added extensibility points for workflows, custom MA's etc. for implementers to use but in order to utilize them you'll often have to know a little coding. If the product would have had functionality for all different cases available we wouldn't have had a release of FIM ready for the next couple of years.The extensibility points is excellent because it makes almost everything possible even thought it could be more or less complicated and the workflow functionality could be considered less complicated for actions against the FIM Service since there's functionality (activities) in the box for that but will of course be more complicated if you wish it to talk to the file system or make burgers for you - for that you'll have to add your own solution on top but the good news is thatit should work !With FIM Microsoft have enabled declarative provision, earlier you had to do a little coding for that and if you still aren't happy I recommend you to pick up a book that will learn you a little coding or hire someone that can do it for you.For profiles there's an MA on the market that you could use for managing profiles with FIM but an MA for this is not the recommended way to solve the problem. FIM is recently released and even thought we are a whole bunch of people (product team, documentation team and partners) that have been working with this product for quite some time now we haven't been able to describe all possible scenarios in detail therefore it's up to implementers to learn what the product should or could be used for and build a solution with that in mind. If anyone who works with the product and gets into some kind of problem around it they're free to drop a question on this forum and there's plenty helpers out there for answering questions but we won't solve the problem for you, just try to help you in the right direction.//HenrikHenrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2010 1:17pm

Thank you for the fast reply! I hope I didn't offend with my reply. I was thinking the workaround link was a solution. As a pointer, it's great, and I see I'm headed in that direction. I just didn't want to reinvent the wheel, then find a "boxed" solution afterwards. :) With ILM 2007 standard support ending next year, I can see the benefit of going with FIM 2010 now, but I'm still not sure if it wouldn't be better to go with a working ILM 2007 now and upgrade later - maybe then a working solution would be there. Then again, there is probably going to be some tweaking of ILM 2007 if I go that route, too. I know enough to know I don't know enough, and that more information is needed. Ain't it always the way? :)Thank you for the great posts and help! It sure is needed.
April 15th, 2010 1:33pm

I'm not offended! :-)Sorry for posting the link to the old OpenLDAP MA open source project. The correct link to the latest project OpenLDAP XMA ishttp://sourceforge.net/projects/openldap-xma/ but still won't work on FIM since there are changes in the FIM API's as explained in this thread:http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/210b9cd2-193e-404c-a9e9-a1edc2b54050//Henrik Henrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2010 1:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics