First published on MSDN on Mar 01, 2015
Building on the concepts that we have previously discussed for Synchronization Rules Introducing Synchronization Rules - Part 1 and Introducing Synchronization Rules - Part 2 lets create an Inbound Synchronization Rule for User objects. In this example we will use Active Directory as the Data source for the User objects. Prior to Creating any Synchronization Rules you need the following pieces configured in the Synchronization Service.
Additionally you will need to verify all necessary MPR's are enabled in the FIM Portal to allow the Synchronization Service to Synchronize the object type that is being synchronized into the FIM Service / Portal
Once you have all the required configuration in place you can proceed to Creating the Inbound Users Synchronization Rule.
To begin, navigate to the Portal home screen:
In the right-hand menu, select “Synchronization Rules”
This will open the Synchronization Rules menu.
In the top menu, click “New”
On the “General” tab, enter the following Information
Configure the General Page with the necessary information, Notice the apply rule section is greyed out this option is used specifically for outbound synchronization.
On the Scope Tab, configure the object types and the Connected MA that this Sycnrule will be synchronizing with.
Now notice the Inbound Scoping Filter option, This could be used to filter out all objects that don't meet the defined criteria. This filter is INCLUSIVE which means only objects that match the defined criteria will be synchronized (Managed) via this sync rule. for example if the filter was set to displayName starts with DEV_ than only user objects that have a displayName that starts with DEV_ will be Synchronized with this sync rule.
On the Relationship Tab you need to define the Relationship which is also know as the Join Logic for objects in the Connector Space of the Connected MA to be synchronized with the objects that already exist in the Metaverse. This is a crucial step to avoid duplicate objects.
Create Resource in FIM is used to project the object in the Metaverse, maybe you only want this synch rule to be applied to existing objects in that case you would leave this section unchecked.
Attribute Flows, The first thing you should know about attribute flows is all attribute flows will be applied of course the result still depends of attribute precedence, there is no initial flow for inbound synchronization.
Basic Attribute flow
Notice for domain there is a static value that is being defined for each object that this sync rule applies to. You may want to consider Using PowerShell To Generate The Custom Expression For The Domain Attribute Flow (Single or Multipl... which will produce a custom expression which you could use instead of setting the domain with a single static value. This is extremely useful when syncing objects from a Forest with multiple domains.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.