Hello,
I'm wondering if there's any issue with using an AD account's objectSID as the relationship criteria in my Outbound/Inbound Sync rule? Does anyone have any concerns?
Thanks!
Josh
Technology Tips and News
Hello,
I'm wondering if there's any issue with using an AD account's objectSID as the relationship criteria in my Outbound/Inbound Sync rule? Does anyone have any concerns?
Thanks!
Josh
I don't see any issues. ObjectSID is as unique as it can be in AD. This will also be unique in FIM Portal, as FIM will reject any objects with duplicate objectSID.
Go for it.
The problem is that SID sometimes is changed. To copy and paste: SIDs can sometimes change. The SID for a Group object won't change. The values of other object properties can change, but the Object-GUID never changes. When an object is assigned a GUID, it keeps that value for life.
Sid changes only if you delete the object and create a new one with same name. Sid contains the history of the object's activ
When object moves to another domain, it is a different object (for all intends and purposes). In that case, we need to have a different AD MA, don'
I currently have one AD MA that has a relationship criteria based on accountName -> sAMAccountName. I'm asking this question because I would like to create a AD MA for a child domain where there's a possibility of duplicate usernames. If I were to use accountName -> sAMAccountName for the second domain, FIM would link these accounts. By using the ObjectSID for the second domain, duplicate users accounts will be separated in FIM. Assuming the AD object is never moved to another domain, do you think this approach is works?
Hi
objectsid from AD is stored as binary in fim portal. you may need additional attribute to process it. im using object sid as relAtionship for my home directory ma. other than above no problems.
Regards
Dhaya