I have installed FIM IdM by following the guide "Installing the FIM 2010 Server Components" using the local administrator user. I am able to access to FIM Portal as Local Administrator but when I try to create a New User (or a New Group), in the "General Tab" section I am not able to select my corporate AD domain. From the dropdown menu in the "Domain" row I can only select the hostname of the machine where I have installed the FIM IdM. How does the FIM IdM populates the domains list? I have also tried to to add my domain in "Domain Configuration" section but it fails because the forest name is not validated by FIM CM. What could be the issue? Can you please hel me?

You need to configure an ADMA. The How Do I Guides are a good reference. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

I have already configured an ADMA by following the MS guide "Introduction to User and Group Management". In this way I am currently able: to import data from a file and provision it on AD to create a new user on portal and provision it on AD During AD provisioning I get back SID and Domain Name from AD, so that users can also access the FIM portal. The problem is that, when I create a new user on FIM portal, the only value that I have in the dropdown menu for the "Domain" field is my server hostname. But on the ""Introduction to User and Group Management" I see that the new users are created on FIM portal by selecting the (well known :-) FABRIKAM domain. It seems that the FIM portal "cannot see" the domain despite of my ADMA is able to interface with my DC. Where Am I wrong?

Hi You need to configure/add the domain, do this under Administration-Domain Configuration. And add a new one, the one you need to be able to select when you crete a new user. /Mikael M

Hi Mikael! I think the problem is exactly there because when I try to add a domain in Administration->Domain Configuration it doesn't validate my Forest Name: I get the error "Please correct, remove or resolve unresolved names" and I cannot go on. I have the same problem when I try to add a forest in Administration->All Resources->Forest Configurations. Also consider that: If i ping my forest name from FIM Portal server it responds correctly I have also tried to access the FIM portal using a domain user (member of "Domain Admin" and "Enterprise Admin" groups) and perform "Domain Configuration" in this way but I got the same error. It seems like the FIM portal cannot "see" my domain/forest. Please help me!

One more information: I have installed FIM using local admin privileges. Could it be the cause of my issue?

Dear Melissa, I think you must install using user object Active Directory. if you using local administrator, the users in local are not able to read directory changes on the AD. you need user for running FIM service, FIM Synchronize, and to import/export user, you need a user agent. And that user should be object in you Active Directory. Regards, Endrik

I installed the FIM by using the local administrator because the first sentence of the Technet Guide "Installing the FIM 2010 Server Components" is: "You must use an account with local administrator privileges to install the Microsoft® Forefront® Identity Manager (FIM) 2010 server components". Of course FIM Service and FIM Sync Service are running with domain account users. Is there an error on that guide ? Do you think I should re-install everything by using the Domain Admin? Also consider that I'll have a multi-forest environment: I have one forest where I have servers and one trusted forest where I have all the accounts. So probably I'll have to install FIM by using the account forest's domain admin. In this way I'll be able to select my account domain from dropdown menu when I create a new user. Do you think it is the right solution?

Dearl Mellisa, Are you using account from server forest or account forest when you install FIMService and FIM Sync,?If you using account on the server forest and have permission to access account forest, its fine. On the ADMA>Connect to Active Directory Forest, are you can select the directory partition on your account forest? Also give permission for Replicate Directory Changes All for the user ADMA agent on your account forest Regards, Endrik