O'Reilly logo

Microsoft Forefront Identity Manager 2010 R2 Handbook by Kent Nordstrom

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Managing groups in AD

We now have some groups in FIM. Both the ones created in FIM and those that come from the HR system.

We now need to configure FIM to export these groups to AD.

As discussed earlier, we now need to consider the groupType attribute in AD.

We also need to consider if we have different needs depending on group type.

At The Company, they have decided that FIM should not delete security groups once created in AD. This is a common approach, since deleting a security group—and thereby its SID (Security ID)—might cause dramatic events, if the group is used for some kind of permission. Recreating a group with the same name will not recreate the SID and will not fix the permissions.

On the other hand, when talking about distribution groups, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required