AD Groups Management

Hi all,
Is there any way to store AD Groups as resource objects provisioned to a OIM Organization ?
We would like to have the following functionality:
- store all AD Groups information in a database table
- create a Resource Object which will have - Create AD Group on the provisioning process
- Delete AD Group when Revoke
- create a schedule task that will parse the table , and for each record to provision the AD Group R.O. to a Organization
Can this be implemented , or any other method that will have the same effect ?
In the end we would like to sincronize the groups definition from a db table with the Groups from Active Directory.
Any other workarounds would be more than welcome.
Regards,
Ionut

Sure.
I more or less built this for a client last fall.
It is not very complex if you know some JNDI.
Is there anything specific you are looking for that I can help you with?
Best regards
/Martin

Similar Messages

  • Info Package Group Management? and Triggering of Event Chains ?

    Hi GURU's
    Info Package Group Management? and Triggering of Event Chains ?
    Thanks
    Bhima Chandra Sekhar G

    Hi Bhima!
    IP GROUP:
    http://help.sap.com/saphelp_nw04/helpdata/en/80/1a65b5e07211d2acb80000e829fbfe/content.htm
    About chains and triggering events:
    http://help.sap.com/saphelp_nw04/helpdata/en/41/243d3828135856e10000009b38f842/content.htm
    Hope it helps!
    Bye,
    Roberto

  • Are Group Managed Service Accounts supported by BizTalk?

    Hi all,
    I saw that there is already a discussion about the Managed Service Accounts support in BizTalk (http://social.msdn.microsoft.com/Forums/en-US/ffcea33b-652b-4866-8bb2-21ffc7d8bffa/are-managed-service-accounts-supported-in-biztalk?forum=biztalkgeneral) with
    a clear response to NO.
    But Windows 2012 R2 introduced the "Group Managed Service Accounts" which seems to be a better way to workaround the MSA limitations.
    Are the gMSA supported in BizTalk?
    Thanks.

    While the documentation mentions that gMSA are managed by the Domain Controller and is introduced in Windows Server 2012. I interpret this to imply that this functionality would be AVAILABLE ONLY if you're running your DOMAIN CONTROLLERS on a Windows Server
    2012 or higher DOMAIN.
    If you just setup BizTalk on a Windows Server 2012 machine but in a domain which is running on Windows Server 2003 or 2008 compatibility mode because of other things such as Exchange, etc. then you WOULD NOT be able to leverage the gMSA functionality.
    If on the other hand, your domain controllers are running Windows Server 2012 and Domain Level is Windows Server 2012 then you should be able to leverage gMSA accounts for BizTalk/SQL/IIS Service accounts.
    Regards.
    NOTE: The effect of a gMSA account on the Enterprise SSO service which has a serious dependency on the service account password and encryption however would still need to be evaluated.

  • Not receiving mails directed towards my group manager's mailing list

    Hi,
    I joined recently and used to receive mails directed towards all team members who report to my group manager(i.e. mails sent to [email protected]). But since last 2 weeks I am not receiving those emails. Can any of you help me to resolve this issue or please provide me with the pointers to whom I shall contact ? Thanks.
    Regards,
    Yadvendar

    You're not part of 'pambale_org_ww', it could be a bug or there were some org changes. Moreover this is the Beehive Online forum, please raise a service request or post this in the ST Beehive forum to fix it.
    Thanks,
    Jereen

  • Work Group Manager Reports and Logs

    Mac Manager maintains logs and display current activity information somewhat different that Work Group Manager. With Mac Manager we are able to quickly report for Activity Log, Disk Usage, Connected Machines, Printer Quotas, Workgroup by User, Computers, Checked Out Computers and user activity.
    How can we duplicate such a report with Work Group Manager?
    We are a school district that is 88% Macintosh and miss the reports and logs feature in Mac Manager (10.3.9).
    Hope to hear and find a solution to this challenge.
    Marco Baeza, Director of Technology

    Hello,
    Possibly some ideas here. http://www.macintouch.com/macmanager.html
    Carolyn

  • REP-1510 Group manager unable to compute column

    Hai all,
    I am using oracle 6i report builder.I have created a matrix report with different type of grouping and i tried to add a slno in the matrix report.I used summary column for showing the Serial Number but the serial number is showing on the report  when user has  select only one item (fromitem=01 and toitem=01).when user has  select more than one item (from item=01,toitem=10)it showing the error
    'REP-1510 Group manager unable to compute column'.
    How to solve this issue,how can create serial number in my matrix report

    try this one
       SELECT ROW_NUMBER() OVER (ORDER BY COLUMN_NAME) SLNO FROM TABLE_NAME;

  • Cisco Prime 4.2, Inventory group management and reports group

    Hi
    I have created some groups under Inventory > Group Management > Device.  This works fine.
    Then I want to create a monthly report for Reports > Performance > Device > Availability.  Here I guessed I would find my groups created under inventory.
    But I can se the groups, one group is duplicated, but all groups are empty.  Under all devices, I can only see 6 og th devices but it should have been 122. Under the different subnet groups, there's no devices.
    Should'nt I've seen the groups created under inventory when I want to make a report? Under the device list for quick report.
    Br
    Geir

    Hm.... strange  I've been looking around under Report, and looked at Inventory and Performance reports.
    Inventory > Detailed Device shows all the devices and my groups.
    Performance > Device > Availability show just 6 out of my 122 devices.
    Under Inventory > Group Managment > Device I have a group called Datasenter.
    Under Performance > Device > Availability I can see 2 of these groups, but their both empty.
    When i delete this group, one of them dissapeer from Under performance.  WHen I create it again, it comes back but empty.
    Something must be corrupt.
    Geir

  • WLCS USer/Group Management

    Hi,
    I am having a problem with the WLCS3.1 UserManagement part.
    The application we are buildin basically consists of two pieces, Internet
    and extranet( site
    accessible to our customers/partners by logging in).
    The internet part has couple of forms that our prospect customers submit and
    this user profile information gets stored in Oracle.
    The second piece isour extranet, which works in sync with our Customer
    Relationship Management appliction. The users information is put into
    Netscape DirectoryServer(NDS) by our CRM application ans we just use it for
    authentication and single sign on into both the application.
    Since the User Management system works in conjunction with the WebLogic
    Server's security realm (which happens to be LDAP for us), we cannot store
    user/groupes anymore into oracle by using JSP taglibraries.
    My question is, if we can store just the user (and password) in NDS LDAP and
    the
    GROUP and profile in WebLogic and personalize the content based on this
    info.?
    If so, what is the best workaround for this..
    Any help is greatly appreciated.
    Thanks
    -sarath

    Hi Tracy,
    Are you trying to create property sets?
    If you are trying to create a user/group property set, then you do that with the EBCC tool. See the "Site Infrastructure" tab and
    use
    File --> New --> Site Infrastructure --> User Profile to create a new one. See "Creating a Property Set Definition" at
    http://edocs.bea.com/wlp/docs70/dev/usrgrp.htm#998997 .
    Tracy Ward wrote:
    How do you assign Property sets in the user group management - the set shows in users and groups - but not in the management window--
    Ture Hoefner
    BEA Systems, Inc.
    4001 Discovery Drive
    Suite 340
    Boulder, CO 80303
    www.bea.com

  • FIM 2010 R2: Security group management by non-administrators

    Hi All,
    We have a small set of users (belonging to a particular department) who should be able to login to the portal and manage a select set of groups - the users should be able to add and remove members from these said groups. In most of the cases, the groups
    already exist in Active Directory and we bring them into FIM Portal.
    I have done the following so far:
    a) Created a set of users based on their departments - works fine
    b) Created a set of groups that the users in (a) should be managing - works fine
    c) Created 3 MPRs (resembling the MPRs that already exist for Group Management by administrators). 1 of these MPRs allows the set of users to read the attributes of the groups in the set in (b). The second allows the set of users to create and delete groups
    in the set. The third allows the set of users to "add a value to a multi-valued attribute", "remove a value from a multi-valued attribute", and "modify a single-valued attribute". In the list of attributes, I have included most
    of the attributes including "Manually-managed membership". All these 3 MPRs have the grant permission box checked.
    I (as a member of the set of users in (a)), can login to the portal, view the groups in set (b), modify the description, add an owner, remove an owner etc. When I try to add or remove a member from a group where I am one of the owners, everything is fine.
    BUT, when I try to add or remove a member from a group where I am not listed as an owner, it gives me an "Access denied" error with these details: "The request included members which the requestor is not authorized to add and/or remove from
    this group"
    I am a member of the set in (a) and can remove/add members from the groups that I am the owner of. My questions are:
    A) What else do I need to do to add/remove members from a group that I am not the owner of but this group still belongs to the set (b).
    B) Why does the Portal force me to add an owner to every group that of set (b) that I click to view/edit. Isn't there a way around that i.e. not having to put any owner and still be able to add/remove members. For all the groups in set (b), the Join Instruction
    is set to "None" (i.e. any user can become a member of the group).
    I hope someone can shed some light on this. I have seen similar questions on the forum from a few years ago but they hadn't been answered (completely).
    Thanks

    Hello,
    this is because there are to MPRs which Trigger a Group Validation Workflow (Requestor Validation).
    These 2 MPRs are responsible:
    - Group management workflow: Validate requestor on add member to open group
    - Group management workflow: Validate requestor on remove member
    The MPR Triggers this workflow for "All Non-Administrators".
    So you should edit the All Non-Administrators" Set and add the following to it:
    ResourceID not in (your set in a).
    So the Requestor Validation workflow will no longer be triggerd for your users in Set (A)
    Regards
    Peter
    Peter Stapf - ExpertCircle GmbH - My blog:
    JustIDM.wordpress.com

  • Group managed service accounts for SQL Server

    Hey guys,
    Unfortunately I missed that (g/s)MSAs aren't supported yet for SQL Servers but I'm using them without any worries since ages.
    As i digged a bit deeper I could find different informations due to the related TechNet entrys. So it seems Microsofts Informations about (s)MSAs and gMSAs aren't consistent.
    I'm not a SQL Server guy and use SQL only for System Center testing stuff so i would like to get a real world exps of SQL Server guys.
    Should I continue using gMSAs or are there any worries I should know?
    some sources I found so far:
    Not supported:
    "Hi Adam,
    Thank you for your feedback. Windows Server 2012 Group Managed Service Account is not currently supported as SQL 2012 released earlier than Windows Server 2012. We will consider to support gMSA in future SQL Server release.
    Regards,
    Min He, Program Manager, SQL Server"
    11.2012 -
    https://connect.microsoft.com/SQLServer/feedback/details/767211/gmsa-for-sql-server-failover-Clusters
    gMSA are not yet available, are not yet supported for SQL Server.  gMSA exist and are available and supported in Windows Server 2012 and higher.  SQL does not support them , but
    from an OS perspective, they exist and are supported.    
    http://blogs.msdn.com/b/sqlosteam/archive/2014/02/19/msa-accounts-used-with-sql.aspx
    Within the FAQ Task Scheduler isn't supported as well ...
    http://technet.microsoft.com/en-us/library/ff641729%28WS.10%29.aspx
    ... but also PFEs using them for Tasks... this is confusin... 0o
    http://blogs.msdn.com/b/arvindsh/archive/2014/02/03/managed-service-accounts-msa-and-sql-2012-practical-tips.aspx
    supported?:
    Configure Windows Service Accounts and Permissions
    ... New Account Types Available with Windows 7 and Windows Server 2008 R2
    http://technet.microsoft.com/en-us/library/ms143504(v=sql.110).aspx#Default_Accts
    The MSA must be created in the Active Directory by the domain administrator before SQL Server setup can use it for SQL Server services.
    others sources won't mentioning s/gMSAs...
    I couldn't find clear informations about using gMSA for SQL Server 2014. 
    only the same page which also Looks like the page for 2008 R2 and SQL 2012.
    Configure Windows Service Accounts and Permissions
                SQL Server 2014        
    http://msdn.microsoft.com/en-us/library/ms143504.aspx
    annoying topic so far... ;) 

    Hi Enrico
    aside from what Dan says about the risk for support, on which I agree, the following thread may clear it up a bit:
    http://social.msdn.microsoft.com/Forums/sqlserver/en-US/acb2048c-ffce-4d44-b882-6aafc7eb689d/managed-service-accounts-to-run-sql-server-service?forum=sqlsecurity
    Andreas Wolter (Blog |
    Twitter)
    MCM - Microsoft Certified Master SQL Server 2008
    MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
    www.andreas-wolter.com |
    www.SarpedonQualityLab.com

  • Command line equivalent of Work Group Manager's export feature

    Hello everyone,
    I am have a hard time upgrading from Lion Server to Mountain Lion Server, especially with Open Directory. What I wish to do, is to import the existing users and groups of an existing server running Lion Server into a new (fresh) Open Directory master created on another server that is running Mountain Lion Server.
    I have tried several options. Those that did *not* work for me include:
    Trying to make create a replica of the Lion Open Directory on the Mountain Lion Server
    Trying to backup the OD of the Lion Server using slapconfig
    What seems to work (for the moment), is to use the export feature of Work Group manager on Lion and to import the users/groups using the import feature of Mountain Lion Server app.
    My question is: is there a command line way to do the export ? Since Work Group manager seems to be kind of deprecated in ML, I assume there must be some other way (i.e., from the command line) to do the user/group import and export.
    Thanks for your help !

    Notice that the old Archive and Restore options are gone. To run a backup, run the slapconfig command along with the -backupdb option followed by a path to a folder to back the data up to: 
    sudo slapconfig -backupdb /odbackups
    To restore a database (such as from a previous version of the operating system where such an important option was actually present) use the following command (which just swaps backupdb with -restoredb) 
    sudo slapconfig -restoredb /odbackups
    /usr/sbin/ServerBackup -cmd backup -source /

  • COREid 7.0.4 - Group Manager Workflow - Applet Fails to Load

    I am having a problem with a new installation of COREid 7.0.4. All applets in User, Group and Org Manager work fine with the exception of the Group Manager Workflow configuration Applet. The applet fails to load. Has anyone ever experienced this problem before? Any help is appreciated. The system information is:
    Windows 2003 Server
    IIS 6.0
    AD 2003
    Java Plug-in 1.5.0_04
    The Java Console trace information is pasted below.
    Java Plug-in 1.5.0_04
    Using JRE version 1.5.0_04 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\user
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    p: reload proxy configuration
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    basic: Registered modality listener
    liveconnect: Invoking JS method: document
    liveconnect: Invoking JS method: URL
    basic: Referencing classloader: sun.plugin.ClassLoaderInfo@14ce5eb, refcount=1
    basic: Added progress listener: sun.plugin.util.GrayBoxPainter@3e0339
    basic: Loading applet ...
    basic: Initializing applet ...
    basic: Starting applet ...
    network: Connecting http://localhost/identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi?program=addCookie&time=1149264001561 with proxy=DIRECT
    network: Connecting http://localhost/identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi?program=addCookie&time=1149264001561 with cookie "ObTEMC=648DCJKwxHQaRBcRGeOlel6xakVeEZs%2FVoSGqgLCgKemQQqI1qzeb30lOpg6OErpJp2LLzZogAK%2Fsrwtl%2BSREhXMw5g5ba4wUveFKa2oCzwcmfgBcGizP2eKV6gQFkKkXtA%2FsuydnB1KEIQhYdhevWExlcN8yRFE1TYKj%2BJxXdrdf8bP6jVLmPp5MXwHrO0iojKnh1iumldPon8i67uy%2BiurULgOkxsGA4Io%2F363uDc%3D; ObTEMP=%23comp_cookie%3Dfalse%23OblixUserNameCookie%3DUser%20Name%23"
    network: Server http://localhost/identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi?program=addCookie&time=1149264001561 requesting to set-cookie with "ObTEMP=%23comp_cookie%3Dfalse%23OblixUserNameCookie%3DUser%20Name%23; path=/;"
    network: Connecting http://localhost/identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi?program=addCookie&time=1149264001577 with proxy=DIRECT
    network: Connecting http://localhost/identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi?program=addCookie&time=1149264001577 with cookie "ObTEMC=648DCJKwxHQaRBcRGeOlel6xakVeEZs%2FVoSGqgLCgKemQQqI1qzeb30lOpg6OErpJp2LLzZogAK%2Fsrwtl%2BSREhXMw5g5ba4wUveFKa2oCzwcmfgBcGizP2eKV6gQFkKkXtA%2FsuydnB1KEIQhYdhevWExlcN8yRFE1TYKj%2BJxXdrdf8bP6jVLmPp5MXwHrO0iojKnh1iumldPon8i67uy%2BiurULgOkxsGA4Io%2F363uDc%3D; ObTEMP=%23comp_cookie%3Dfalse%23OblixUserNameCookie%3DUser%20Name%23"
    network: Server http://localhost/identity/oblix/apps/groupservcenter/bin/groupservcenter.cgi?program=addCookie&time=1149264001577 requesting to set-cookie with "ObTEMP=%23comp_cookie%3Dfalse%23OblixUserNameCookie%3DUser%20Name%23; path=/;"
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVnew.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVdelete.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVadd.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVsaveworkflow.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVcancelworkflow.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVprevious.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVnext.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVnew.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVnew.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVmodify.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVmodify.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVdelete.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVdelete.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVcopy.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVcopy.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVview.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVview.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVenable.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVenable.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/NAVexportall.gif
    basic: Loaded image: http://localhost/identity/oblix/lang/en-us/style0/2NAVexportall.gif
    java.util.NoSuchElementException
    at java.util.StringTokenizer.nextToken(Unknown Source)
    at com.oblix.workflow.ObWorkFlow.prepareForms(ObWorkFlow.java:3010)
    at com.oblix.workflow.ObWorkFlow.init(ObWorkFlow.java:1109)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    basic: Exception: java.util.NoSuchElementException
    Exception in thread "thread applet-com.oblix.workflow.ObWorkFlow.class" java.lang.NullPointerException
    at sun.plugin.util.GrayBoxPainter.showLoadingError(Unknown Source)
    at sun.plugin.AppletViewer.showAppletException(Unknown Source)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    Yes, I do
    It's working for other things, only problem is usermanager workflow definition
    This is the error:
    Java(TM) Plug-in: Version 1.3.1_07
    Using JRE version 1.3.1_07 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\pwaxa64
    Proxy Configuration: Browser Proxy Configuration
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    q: hide console
    s: dump system properties
    t: dump thread list
    x: clear classloader cache
    0-5: set trace level to <n>
    java.util.NoSuchElementException
         at java.util.StringTokenizer.nextToken(Unknown Source)
         at com.oblix.workflow.ObWorkFlow.setDisplayTypes(ObWorkFlow.java:2085)
         at com.oblix.workflow.ObWorkFlow.init(ObWorkFlow.java:1027)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Thanks

  • Group Managed Service Accounts Error Message access denied

    Hi I am playing around with group managed service accounts in my lab using a 2012 R2 DC on a 2012 r2 forest and domain Level .Net 3.5 installed.
    I am following this tutorial
    http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
    1. I installed the keys
    2. I waited for 10 hours
    3. I created the GMSA
    4. I tried to install the GMSA on the DC logged in as the Domain admin under a administrative powershell prompt
    5. I got the nasty error: access denied message.

    the powershell statement could be wrong...
    -PrincipalsAllowedToRetrieveManagedPassword

  • Do Group Managed Service Accounts require permissions to run service in question?

    I'm testing out GMSA (Group Managed Service Accounts) in Windows 2012 R2. My domain and forest functional level is 2008 R2 (which I understand is the minimal functional level for GMSA support). 
    Question I have is if I create a new GMSA for a particular service, does the GMSA require permissions to run service? For example, SQL rights, IIS rights, etc...
    Also, can they be used to run scheduled tasks? Thanks.

    a gMSA is like any other service account. when you it you need to prepare for whatever the app/service requires. the you eed to think HOW to implement. the HOW focusses on if you can use gMSA for the app/service or not, because it depends on the app and
    the underlying os
    regarding scheduled task support for gMSA  see
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/42273a38-05dc-4f62-b915-8f55480d59bd/how-do-i-use-a-group-managed-service-account-with-the-task-scheduler?forum=winserver8gen
    https://technet.microsoft.com/en-us/library/hh831782.aspx
    http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
    Cheers,
    Jorge de Almeida Pinto
    Principal Consultant | MVP Directory Services | IAM Technologies
    COMMUNITY...:
    DISCLAIMER: This post is provided "AS IS" with no warranties of any kind, either expressed or implied, and confers no rights! Always evaluate/test yourself before using/implementing this!

  • Error Message when accessing Group Manager

    When I click the "Create Group or Add New Members" button, I get the following message, System error. Please re-try your action. If you continue to get this error, please contact the Administrator." I have tried various browsers, cleared cache, etc. Also, one of my external users reports not being able to access a workspace. I am wondering if the two problems may be related. I cannot access the group manager to see if the user has appropriate permissions.

    We would need to know the group and the user affected to be able to help.
    Are you the manager of the group - when you connect to the userAdmin tool = right hand button on the main https://beehiveonline.oracle.com page you will see who is the manager and can get them to add the user.
    If you are the manager then we need to fix the access.
    If you want to email me directly with the details of the group etc. my email is [email protected]
    Phil

  • Group Management related to different forest

    Can any one please help me to achieve below goal:
    Environment:
    Two Forest: ForestA and ForestB
    Trust: 2 way
    In FIM: 
    Created 2 AD MA(ADMA-A and ADMA-B) and pulled users from both forest in MV and then flown to FIM Portal.
    Created one more AD MA(ADGroupMA-A) which is connected to Forest A. This MA is used for group management in Forest A.
    There is a group in Forest A called GroupA.
    Requirement:
    We have added few forest A users and few Forest B users in GroupA using FIM Portal and then flown back members of this group to MV.
    So in MV we have users from both forest A and B as member of this group.
    Now I have to flow these members(Both Forest A and Forest B) to ADGrooupMA-A management agent. However I am not able to do this because 
    connector space stores these users as reference and we don't have any reference for Forest B users in ADGroupMA-A connector.(ADGroupMA-A is only connected to Forest A)
    How can we resolve this issue so that we will be able to flow users from both forest(A and B) as a member of a group which is existing in Forest A.
    Thanks in advance!!

    Take a look at the Cross Forest Deployment guide:
    http://technet.microsoft.com/en-us/library/ff721965(v=WS.10).aspx
    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

Maybe you are looking for

  • How to integrate the XML data received via email in to MySQL

    Hi, This is JK, my compnay is planning to adopt Adobe Livecycle Barcoded forms technology, We are planning to automate the Weekly report submission of the HR dept of my company, where the various employees from various branches will be submiting thei

  • How do I wrap text in a JLabel?

    Hi All, Doe's anyone out there know how to wrap text in a JLabel? Thanks, Karl

  • Serving webpage with image stored in database

    This may look long, but it's easy to understand--I'm just trying to give all the details you might want: In our servlet/JSP site, a user can generate a report that may or may not contain images. The servlet just sends the user to a regular HTML page.

  • Count Function on Date Field in Discoverer

    Hey folks, How would someone like to educate a novice on how to perform a count function on a date field? I am writing a Discoverer report and have a requirement to display counts of the number of records that have a modified date of > 30 days and >

  • Duplicate Value Restriction in Value Mapping Replication

    Hello Everyone, I was working on Value mapping replication interface which was working fine. But the value mapping replication was allowing duplicate values which are already existing. We are using this value mapping in other interfaces. But because