PRODUCTS / SOLUTIONS / FEATURES INVOLVED
- Microsoft Identity Manager 2016 Service Pack 1
- Group Management
PROBLEM SCENARIO DESCRIPTION
- This issue centered around Group Management. We were not seeing Security and/or Distribution Groups be synchronized correctly through the Synchronization Engine.
From Portal to Active Directory
- We noticed that the Provisioning Synchronization Rules for Security Groups were not being applied.
- In review of the Outbound Synchronization Rule, the Scope was set to “GroupType” instead of “Type”
From Active Directory to Portal
- FIM Service Management Agent was missing Export Attribute Flow (EAF) for member
RESOLUTION – FROM PORTAL TO ACTIVE DIRECTORY
- Update the Scope on the Group Outbound Synchronization Rule
- Set the Scope to reference the Metaverse Attribute “Type”
- Updated the DN on the Outbound Attribute Flow tab to ensure that it referenced an OU that exists in Active Directory and is in Scope for the Active Directory Management Agent.
- Import and Sync the update to the Synchronization Rule into the Synchronization Service Engine (FIM Service Management Agent Connector Space and Metaverse)
- Test the Synchronization Process through the use of the Preview Feature
RESOLUTION – FROM ACTIVE DIRECTORY TO PORTAL
- Added Export Attribute Flow for the attribute Member on the Group to Group branch under Configure Attribute Flow
- How do I provision groups to AD DS: https://docs.microsoft.com/en-us/previous-versions/mim/ff686261(v=ws.10)
- How do I Synchronize groups from AD DS to FIM: https://docs.microsoft.com/en-us/previous-versions/mim/ff686936(v%3dws.10)
- Support Team Blog: https://blogs.technet.microsoft.com/iamsupport/tag/group-management/