Greetings from the field!
I’ve posted a PowerShell script you can run on the FIM Synchronization server to display the names of the FIM security groups:
The script will come in handy if the default FIM security group names were not used and nobody remembers the names of the groups. FYI – The only supported method to modify these groups is to re-run the setup. This is because we set permissions in DCOM, the registry and folders.