Hello, I'd like to manually add users to the FIM Portal with admin rights. These users will never be synchronized through the sync engine. Can someone please outline how I would do this? I'm aware of all the attributes required for a logon and it seems very bizarre that all objects have to populated through the sync engine. Thanks

The problem is the objectSID - you have to get that in somehow. The simplest way is through the sync engine, but there is a Browse button next to that field in the Portal, so perhaps you can load it in from a file? I haven't tried but someone else may have.http://www.wapshere.com/missmiis

You should be able to use this, http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/54cb4f23-df98-4d11-a185-67e6d179a70a, to address your problem. To use this, you must have a user in the portal, this script retrieves the objectSID from AD and puts in the portal in the properies for this person object. This is a way that I have added users to the portal in the past without having to go through the sync engine.

I think as part of this we have to remember to put the users in the FIM MA connector filter so they are disconnectors. As it stands, you can only log in with the "User" object. Therefore, if you don't want the sync engine to ever play with them, you will have to adjust your connector filters in the FIM MA so they don't get pushed out to the metaverse. (Remember, projection is automatic for any managed object types in FIM). Thanks B

I have outlined how to set the required attributes by using a script in "A method to set the required attributes for the FIM Portal access". In addition to Blain's suggestion to configure a connector filter, you can also put the affected objects into a special OU that is outside the partition and container filter of your ADMA. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation