I am just starting to play around with FIM Synchronization Service Manager. I have created an MA to connect to AD LDS and import user account information that I would like to use to populate AD DS. I have created MA for AD LDS and AD DS, which appear to work for populating the MV. However, the CS appear to be operating independently - the AD LDS accounts do not get synced to AD DS.
AD LDS MA
- Run Profiles - Full Import (Stage Only), Full Sync, Delta Import (Stage Only), Delta Sync
- Join/Projection Rules - container (No/Yes:person), domainDNS (No/No), organizationalUnit (No/No), user (Yes:person[upn-direct-uid], Yes:person)
- Attribute Flow - DS-user (gn/mn/sn/upn) import to MV-person (gn/mn/sn/uid)
- Importing from OU=Users,DC=S2,DC=Mydomain,DC=com
AD DS MA
- Run Profiles - Full Import (Stage Only), Export
- Join/Projection Rules - container (No/Yes:person), domainDNS (No/No), organizationalUnit (No/No), user (No/No)
- Attribute Flow - MV-person (gn/mn/sn/uid) export to DS-user (gn/mn/sn/upn)
- Exporting to OU=ADUsers,DC=S2,DC=Mydomain,DC=com
I tested as follows:
- Create new user in AD LDS (FIM Test User)
- Ran AD LDS MA Full Import (Stage Only) (Staging shows an account in the Add)
- Ran AD LDS MA Full Sync (Inbound Synchronization shows account in both Projections and Connectors with Flow Updates)
- Ran AD DS MA Full Import (Stage Only) (Staging shows accounts in Add from existing ADUsers OU, which does not currently contain my FIM Test User)
- Ran AD DS MA Export (Step 1 and Step 2 show no changes in counter increments)
I was following/modifying one of the Sample Recipes from the book "Active Directory Cookbook". Since the two OU do not match, I am assuming there is a step I am missing where I should be changing the OU on the import from AD LDS. Any help in how to accomplish that step, or correcting missteps made above, would be greatly appreciated.
