I am finalizing a cross forest migration. The End client needs an extended period of time with both domains up and running. I have been working with an advisory engineer and we are having a hard time.
We started by setting up GAL sync and that works as expected. Then we tried to setup group provisioning, and I have that working. I can create a groups and add members, as long as those users are in FIM and the Target forest the membership information is preserved. During the process we removed the GAL sync agents for ease of troubleshooting. Now when I run the GAL sync agents and I search the connector space I am showing connector false on both sides. I am not sure how to correct that. The other objects were created by the DS agents and FIM. If I sync a new object it will create a contact cross forest.
What I want it to do is run the GAL sync without group contacts. Synchronize the GAL on both sides. (Groups have been created on both sides of the domain and ADMT has moved the group membership with the user) After the GAL is synchronized I need FIM to synchronize the group membership adding the contacts from the missing users that have moved. I am not sure how to get that logic in the system.
I am not sure I am going about this the right way. It may be easier to use the FIM and AD DS agents to provision users cross forest as contacts and the group membership would be preserved. If that is the case, I am not sure how to pull that off.
Does anyone have recommendations?
Thank You
- Edited by Intelibyte Thursday, December 08, 2011 2:30 AM