Allowing FIM Service to set passwords

The FIM Service account will be the account that calls FIM Synchronization Service, and tells it to reset the password in AD. But in order for the FIM Service account to be able to do that, we need to assign it some permissions with the following steps:

We need to add the account to a couple of groups created during installation (see Chapter 3, Installation) of FIM Synchronization Service.
Add the FIM Service account to the FIMSyncBrowse group:
By default, this is a local group on the FIM Synchronization server; but you might have chosen to use groups in Active Directory instead. This will give FIM Service the ...

Get Microsoft Forefront Identity Manager 2010 R2 Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Forefront Identity Manager 2010 R2 Handbook by Kent Nordstrom

Allowing FIM Service to set passwords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly