hi I want to synchronize groups between Lotus Notes and FIM. But I don't know the correct configuration of FIM MA ,synchronization rules and workflows. I've already searched for related information but got nothing useful. Thanks sincerely .

hi I want to synchronize groups between Lotus Notes and FIM. But I don't know the correct configuration of FIM MA ,synchronization rules and workflows. I've already searched for related information but got nothing useful. Thanks sincerely .

This might be a good starting point: How to synchronization groups between AD and FIM: http://technet.microsoft.com/en-us/library/ff686936(WS.10).aspx How to synchronization groups between FIM and AD: http://technet.microsoft.com/en-us/library/ff686261(WS.10).aspx I know it's for AD and not for Notes, but the concept should be the same.http://setspn.blogspot.com

As Thomas say the concept is exactly the same for Notes as it is for AD. Just a couple of pointers: - you have to import both the groups and its member objects through the same MA, - the members must be proper Person or Group objects within Notes. If you have Notes groups with lists of email addresses as members then you're not goingt o be able to import them http://www.wapshere.com/missmiis

- the members must be proper Person or Group objects within Notes. If you have Notes groups with lists of email addresses as members then you're not goingt o be able to import them Carol, I have huge amount of 'contacts' objects from AD which are members of AD distribution groups. I have an MV object class 'contact' and all contacts from AD are projected to MV as 'contact' class. it works fine even when exported to an external SQL for membership. can't see any reason why Notes groups containing not only persons can't have other object types as members :) - in a case when group membership is returned as references of cause.

The Notes MA can only see objects of type "Person", "Group", "Address Book" ... a couple of others I can't remember, but not "Contact". Actually I don't think "Contact" as such exists in Notes - it is just a "Person" with its parameters populated differently. I am importing objects that the Notes admins referred to as "Contacts" but to FIM they are just "Persons". The point was you can't import non-reference members - ie members that are just text-string email addresses. Well actually you can import them, but only as a multi-value string attribute, and not as group members.http://www.wapshere.com/missmiis

I meant this: if you're importing groups with members from Notes to MV then Notes MA should have 'members' attribute declared as multi-value reference DN, correct? if stated above is true, then how email addresses are visible in group membership in Notes MA connector space? or Notes MA ignores it and pretends that there're no such members? just curious to know.

Evgeniy - Carol is 100% correct, in that there are certain objects (such as "mail in database" objects) which can be legitimate members of distribution groups in Notes ... these objects are not recognized by the Notes MA, and so when groups with these objects as members are imported into the Notes CS they are removed from the group membership ... this is very bad if you then sync back out to Notes, as it will remove all these unrecognized memberships. It turns out that this is a major headache for one of my clients, who have been lobbying Microsoft hard to remedy this shortcoming. I understand this problem was a recent topic of discussion with the PG, and the priority of a fix to this issue is likely to be raised. In the meantime my company is considering the viability of writing our own Notes MA. Time will tell who comes up with something first ... but in the meantime there is no OOTB mechanism to reliably sync Notes group membership (where such group memberships exist) with AD/FIM.Bob Bradley, www.unifysolutions.net (FIMBob?)

Hm... I didn't expect that Notes MA has such a limited functionality. as a workaround an external SQL-table (yep, I love them :) ) with a data pump SQL task will do the job, or simple self-written service. its faster than writing an XMA agent for Notes I guess...

- the members must be proper Person or Group objects within Notes. If you have Notes groups with lists of email addresses as members then you're not goingt o be able to import them Carol, I have huge amount of 'contacts' objects from AD which are members of AD distribution groups. I have an MV object class 'contact' and all contacts from AD are projected to MV as 'contact' class. it works fine even when exported to an external SQL for membership. can't see any reason why Notes groups containing not only persons can't have other object types as members :) - in a case when group membership is returned as references of cause.

I meant this: if you're importing groups with members from Notes to MV then Notes MA should have 'members' attribute declared as multi-value reference DN, correct? if stated above is true, then how email addresses are visible in group membership in Notes MA connector space? or Notes MA ignores it and pretends that there're no such members? just curious to know.

Hm... I didn't expect that Notes MA has such a limited functionality. as a workaround an external SQL-table (yep, I love them :) ) with a data pump SQL task will do the job, or simple self-written service. its faster than writing an XMA agent for Notes I guess...

Thank you! I tried it,but I can't solve it,there must be something wrong. The grouptypes in the notes are different from AD and portal,so there are some questions I should solve. Am I right? Thanks again!

hi Can anyone help me?

Yes possibly, but I don't understand your most recent question. The key points are this: 1. You must import the groups and all their members through the one Notes MA, 2. You must either project or join ever group and member object to metaverse objects After that it's all pretty straight forward. You can pretty much follow the AD Groups walkthrough that Thomas already pointed you towards. The theory is the same.http://www.wapshere.com/missmiis

carolw, Thank you for your answers. I will try it.

find00..... do you already done this now? Can you tell me, how did you sync the notes user to the AD?