FIM 2010 R2 Portal: Add Computers to Security group Membership

In this scenario, I have seperate MAs for SG, user and Computers in the Sync Engine. I have already brought the Computers into the Metaverse and into the Portal. Now I want to be able to add Computers to SGs. So I want to bring the Computer objects into the SG Connecter Space and configure the Portal to allow Computers to be selected for group membership. I have already created a Search scope for computers called “All Computers”.

  • Step One: FIM Sync

Edit the SG MA and add the Computer as one of the Object types

  • Step Two: FIM Portal

Add new Inbound Sync rule for the SG MA

Name & Description: Inbound rule for computers in SG AD MA

Type: Inbound

Scope: MV Object : Computer

External System: SG MA

External System Resource Type: Computer

Relationship: Samaccountname to Samaccountname

Click Submit, Finish

Edit the Outbound Sync for the SG MA, for Membership attribute flow select 3 or more resource and type “user,group,computer”

Click submit, Finish.

Search scope

  • Add “Security” to Usage Keyword for All Computers search scope

RCDC

  • Add “Computer” to the ObjectType option of the MembersToAdd control in the RCDC for Create and Edit Group.

Do IISRESET

  • Step Three: FIM Sync

Run in this order

Run Delta Import Delta Sync on the FIM MA to bring in the new and updated sync rules.

Run Full Import on the SG MA to bring in the Computer objects

Run Delta Sync on the SG MA to join the objects to Computer objects in the MV.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s