Note: this post was written for the RTM version of FIM 2010.
| When you first run the Synchronization Service you will see pretty much exactly the same thing that users of ILM 2007 and MIIS 2003 will be very familiar with. In fact, to learn about this interface the ILM and MIIS documentation will still be accurate. |  |
| One of your first tasks here is to create the FIM Management Agent.On the Management Agent tab click Create and then select the “FIM Service Management Agent” type from the dropdown. |  |
| This was pretty easy for me because everything was on the localhost. Otherwise the “Server” is the SQL server name, and the “FIM Service base address” should reference the sharepoint server.The service account is a regular domain account with no special permissions. |  |
| I’m planning on managing users so I also select the “Person” object type here. You can come back to this screen any time later to select other object types, including new ones you create in the Portal. |  |
| By default all attributes are selected so there’s nothing to do here. Again, you will revisit this page later if you need to synchronize new attributes that you’ve added to the Portal schema. |  |
| Here you can block certain objects from being synchronized by the Sync Service. In this example I am blocking the two built-in Portal accounts. |  |
| On this page you map the Portal object type to an object type in the Metaverse. See the Metaverse Designer tab in the Sync Service GUI for the configuration of the metaverse schema. |  |
| Initially just accept the default attribute flows here. You will be back to this page before long, selecting the attributes you want to appear in the Portal. |  |
| Accept the default for now. |  |
| Again there should be nothing to configure on this page – just click Finish. |  |
| The MA is now created. Your final step is to create Run Profiles, which will actually make the MA do something.My typical list is pictured here – Import, Sync, Full Import and Full Sync, Delta Import and Delta Sync, and Export. Note I also have “Export 1” which is a restricted export that is useful while testing.
For more info about Run Profiles see this post.
|
 |
What next? We need to get some data into the system – and my next post will cover importing HR data into the Portal.
Update 15/06/2011
Recently I had some trouble modifying the FIM MA on version 4.0.3573.2. The error was “Failed to connect to the specified database with the given credentials”. For some reason it was trying to connect to the FIMService database using the Sync service account instead of the FIM MA service account. We gave the Sync service account db_owner rights to the FIMService database and the problem went away.
I also had some problems trying to use a remote portal address in place of localhost. The error was “Failed to retrieve the schema. Failed to connect to the specified database or Forefront Identity Management Service. Please check the specified database location, service host address, and acount information.” This turned out to be due to proxy settings. We had to login to the server using the FIM Sync account (again FIM Sync, not FIM MA) and disable the proxy in IE.
Heads up Carol, your Attribute Flow and Object Type Mapping pages are reversed in the above instructions
So they were – thanks.
Hi ,
thanks about your article ,but I still receive this error “Failed to connect to the specified database with the given credentials†,if u please take some screen shot on where u add permission on SQL server or bright some how u know.
thank u 😉
So you haven’t given the rights yet? Go into SQL Server Manager, find the FIMService database, under it you will see Users, add the FIM Sync service account there and give it the database roles FIM_Service_Write and FIM_SynchronizationService roles. If the account doesn’t already exist on that SQL server as login you will first need to add it under Security/Logins, but if the Sync Service database is on the same server then the account should already be there.