Hi, I have two scenarios to accomplish. I tried to do with scripts, but I am lost. We have FIM license and FIM seems to address these issues. I would like your help if these scenarios are possible.
I have 2 forests. FstA is primary and FstB is another site, they can communicate with each other through firewall. FstB trusts FstA (one way). I have two things to do.
1. I need to synchronize some security groups which are in a special OU from FstA to FstB. When a security group is created, modified or deleted from FstA, it must also happen in FstB.
2. Since FstB trusts FstA, I need to populate the membership of these groups which are in FstB, with the users of FstA. To be more clear:
FstA:
Group: FstA\Group1
Members: FstA\User1, FstA\User2
FstB:
Group: FstB\Group1
Members: FstA\User1, FstA\User2
When the membership changes in FstA, it must be mirrored to FstB.
I would like to learn if these two connected scenarios are doable with FIM 2010? If yes, what components will I need (sync service, fim service, ADMA, portal?) and what ports do I need to open thorugh firewall? Also is it enough to have FIM server in FstA,
or do I need to deploy some server or agent to FstB as well?
Any comment or even links to documentations appreciated.
Thanks,
Cetin