I've been messing with FIM all week trying to get a POC working and got stuck where I didn't think I'd have a problem. I'm trying to use FIM to provision users from a bunch of different AD DS MA's into the portal, and then provision the users to a different AD DS from the portal. I've gotten most of it setup and working where I have all my MA's on the same server as my Portal, but I'm wanting to have each domain run its own Synchronization Service with an MA that just exports users to the one common Portal, and then let the portal provision from there. Essentially how the Office 365 DirSync tool works. It's how to get multiple external MA's to connect to my portal that I'm having trouble. Should each external MA connect to FIM using the built-in FIM connector, or should they be using some custom method with an ECMA like Office 365 uses? It seems strange and insecure to have them directly connect to the SQL database and it doesn't seem to even let me do it once another Synchronization Service is connected anyway.
Essentially my intended flow is: AD DS->Metaverse->FIM Portal <--WAN Link--> FIM Portal->AD DS
Doing this all on one server has worked fine, where I'm essentially pulling LDAP over the WAN link, but I want to be able to do this via a "push" method from the source into the portal as opposed to the portal side "pulling" it.