FIM 2010 R2. User does not create in AD OU.

Hello!

I have 3 test OU in AD. I have 3 MA (FileMA (for csv file), FIM MA (for FIM Service, AD MA (for AD))). User import from FileMA -> FIM Portal -> AD.

I have 3 Sync Rules.

1) For create user in AD - Test OU

2) For add OU - Konstr OU

3) For add OU - Arch OU

User created in AD correct (In Test OU)

When I want change OU - for Konstr OU - OK

When I want change OU - Arch - I can't

Help!

August 21st, 2015 5:15am

Hello Alex

Please make sure service account has suitable permissions in this OU - not only to create but also to change users' attributes.

In AD you can specify permissions that service account can create a user, but after creation it cannot be changed by this user.

Free Windows Admin Tool Kit Click here and download it now
August 21st, 2015 7:03am

If I send new user to Arch Set in FIM portal, user add to Arch OU.

If I send user to Konstr Set, user move to Konstr OU

If I send user to Arch Set, user does't move to  Arch OU.

August 21st, 2015 7:07am

Ok, to be able to move object, service account has to be able to:

  1. DELETE object in first OU
  2. CREATE object in second (new) OU

maybe you're missing permissions to delete user in previous OU?
Do you have at least pending export that says user should be moved?

Free Windows Admin Tool Kit Click here and download it now
August 21st, 2015 7:32am

Service account is Domain Administrator and have permissions.

Pending export Applied.

 

August 24th, 2015 5:27am

Hello,

It seems that you use Sync Rules based on Set object.

Did you ensure that the previous Sync Rule is deleted? (the one of Konstr Set)

Regards,

Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 4:04am

Hello!

If I will delete Sync Rule for Konstr OU, I can't create user in Konstr OU.

August 31st, 2015 7:22am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics