I am doing my best to follow the "instructions" in technet for setting up FIM. I have trudged my way through to where I have the server setup, sharepoint, sync service and FIM Manager Service and Portal created and working. I now wish to start the sync with AD DS part but having trouble finding comprehensible, complete , step by step instructions. I have followed the links as follows: Post-Installation and Configuration Guide\Active Directory–to–FIM 2010 Initial Data Load\ How Do I Synchronize Users from Active Directory Domain Services to FIM which is completely useless to me. It seems to be written for someone who already knows everything about FIM as it is devoid of any steps or instructions. For example, the part, "The following table lists the most important scenario specific settings you need to configure" shows me what should be configured but gives zero info about where I enter this info. (RRRRR!) So I click the link in that page - Configuring the ADMA Account which is helpful but at the very outset it specifies to use the ADMA account but fails to explain exactly what account this is. I "assume" they mean the FIM Management Account but I need definitive clarification as I cannot afford to assume. Do they mean create a new, previously unmentioned AD Management account or use the FIM mgmt account(which the instructions refer to as FIM MA not ADMA ) I created in AD per earlier instructions. thx If I sound frustrated then, you are right :>

Too much in here to respond to everything, but I feel your pain as a FIM virgin :). I would expect all the information is on TechNet but not all in the one place ... Firstly, the ADMA account ... it isn't intended to mean the FIM MA account ... every MA has its own credentials, and the service identities of the FIM sync service and FIM service are separate again. So ... what you need to look at for MA service accounts is an old document called ports, rights and settings. Note that this is from the original MIIS doco ... which then got upgraded for ILM2007, and then again for FIM2010. Some doco is still the same, and has just been updated and cross-referenced. Be patient ... and search this forum for more "getting started" guides ... it's all here just might take a bit more persistence than you were expecting.Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

Bob, Thks for the help. Do you know of a site, blog or even somewhere in this forum that has the COMPLETE steps necessary to go from Synchronization process setup to final deployment? I have searched and everything I find is either, scattered, shattered, incomplete, lacking enough information, etc. I came very close in finding this for the sync setup part but as I began to step through it he is working with Sharepoint Server not the scaled down Sharepoint that Microsft has you use with the FIM install. So I started seeing information that could not be found. http://www.jppinto.com/2011/04/configure-active-directory-ad-synchronization-for-sharepoint-2010/ Please understand, I am not looking to be a guru, I just to get this setup and running. Really, if I could just use the password reset\lockout portion without sync I would be a happy camper. thx again.

Bob, Thks for the help. Do you know of a site, blog or even somewhere in this forum that has the COMPLETE steps necessary to go from Synchronization process setup to final deployment? I have searched and everything I find is either, scattered, shattered, incomplete, lacking enough information, etc. I came very close in finding this for the sync setup part but as I began to step through it he is working with Sharepoint Server not the scaled down Sharepoint that Microsft has you use with the FIM install. So I started seeing information that could not be found. http://www.jppinto.com/2011/04/configure-active-directory-ad-synchronization-for-sharepoint-2010/ Please understand, I am not looking to be a guru, I just to get this setup and running. Really, if I could just use the password reset\lockout portion without sync I would be a happy camper. thx again.

Ah - what you stumbled on is actually instructions on how to configure a cut-down version of the FIM sync service that is bundled with MOSS. As it turns out, FIM doesn't use a "scaled down version of SharePoint", but rather both MOSS and FIM are built on TOP of WSS (Windows SharePoint Services) which are now considered a basic extension of the Windows operating system. So ... don't go following that, as it's nothing to do with what you need :). So - the basic process is this: install FIM and FIM Sync services (assume you got this far!) configure FIM Sync server management agents configure FIM Portal sync rules for your MAs create FIM policy to govern those sync rules Synchronise your FIM portal policy with the FIM metaverse in the Sync engine run FIM Sync operations on all MAs to implement the sync rule policy defined in the portal That's very high level obviously - I suggest you do one of the FIM labs (there are several), starting with this one, then hopefully the above wiki article (and others like it) start to make more sense. You can then follow this example to get account sync happening from FIM out to AD, and there's one that appears with it for groups. My colleague Carol Wapshere has invested many hours on her own blog writing material to assist folks like your good self ... I suggest you have a read of the following items: how to create the FIM MA step-by-step codeless provisioning Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

Ah - what you stumbled on is actually instructions on how to configure a cut-down version of the FIM sync service that is bundled with MOSS. As it turns out, FIM doesn't use a "scaled down version of SharePoint", but rather both MOSS and FIM are built on TOP of WSS (Windows SharePoint Services) which are now considered a basic extension of the Windows operating system. So ... don't go following that, as it's nothing to do with what you need :). So - the basic process is this: install FIM and FIM Sync services (assume you got this far!) configure FIM Sync server management agents configure FIM Portal sync rules for your MAs create FIM policy to govern those sync rules Synchronise your FIM portal policy with the FIM metaverse in the Sync engine run FIM Sync operations on all MAs to implement the sync rule policy defined in the portal That's very high level obviously - I suggest you do one of the FIM labs (there are several), starting with this one, then hopefully the above wiki article (and others like it) start to make more sense. You can then follow this example to get account sync happening from FIM out to AD, and there's one that appears with it for groups. My colleague Carol Wapshere has invested many hours on her own blog writing material to assist folks like your good self ... I suggest you have a read of the following items: how to create the FIM MA step-by-step codeless provisioning Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

Bob's already linked my blog anyway, but here's the list of posts tagged "newbie" http://www.wapshere.com/missmiis/category/ilm/newbie If you just want to get password reset going initially then your main need will be to get minimal info about users sync'd from AD to the Portal. You're lucky as this is inbound sync so you don't need to do any of the set-workflow-mpr stuff - just create the sync rule. The Introduction to Inbound Sync is your best starting point for this. You will need at least the samaccountname, domain and objectSid of each user.http://www.wapshere.com/missmiis

Bob's already linked my blog anyway, but here's the list of posts tagged "newbie" http://www.wapshere.com/missmiis/category/ilm/newbie If you just want to get password reset going initially then your main need will be to get minimal info about users sync'd from AD to the Portal. You're lucky as this is inbound sync so you don't need to do any of the set-workflow-mpr stuff - just create the sync rule. The Introduction to Inbound Sync is your best starting point for this. You will need at least the samaccountname, domain and objectSid of each user.http://www.wapshere.com/missmiis

Bob, Sorry my goof. I could not remember the name at that moment but I am running Sharepoint Services 3.0. But I will check out your info. Very much appreciated. By the way, I ran across "Synchronizing Active Directory Objects to SQL Server" for MIIS 2003 . I don't suppose that would be the same as it has the info I am looking for. thx again

Bob, Sorry my goof. I could not remember the name at that moment but I am running Sharepoint Services 3.0. But I will check out your info. Very much appreciated. By the way, I ran across "Synchronizing Active Directory Objects to SQL Server" for MIIS 2003 . I don't suppose that would be the same as it has the info I am looking for. thx again

If you mean this article, it's for a version of FIM 2 iterations old (MIIS preceded ILM, which preceded FIM). While the sync engine component is essentially the same (just a few more features have evolved, as well as the intro of the FIM MA itself), the methodology has adapted to the idea of "codeless provisioning", i.e. sync rules configured in the portal and implemented by the (slave) sync engine. The characteristics of a codeless model are management agents with no joins or attribute flows defined (these are replaced by rules in the portal) ... however you can still do things the "traditional way" if you want, and lots of people still do. ILM is in fact still supported (unlike MIIS).Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

If you mean this article, it's for a version of FIM 2 iterations old (MIIS preceded ILM, which preceded FIM). While the sync engine component is essentially the same (just a few more features have evolved, as well as the intro of the FIM MA itself), the methodology has adapted to the idea of "codeless provisioning", i.e. sync rules configured in the portal and implemented by the (slave) sync engine. The characteristics of a codeless model are management agents with no joins or attribute flows defined (these are replaced by rules in the portal) ... however you can still do things the "traditional way" if you want, and lots of people still do. ILM is in fact still supported (unlike MIIS).Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

This won't answer all your questions, but a good resource to get started with FIM is the free on-line Ramp-Up training that Microsoft posted awhile ago. Last time I checked, the videos and VMs were still available to complete the course. Chris