PKI Blog

Reference Attributes, Group Membership and Shifting Authoritative Sources

Posted by Sami Van Vliet on May 14, 2012 4:43:32 AM

A recent requirement for a project was to have users and groups provisioned from Domain B to Domain A. Simple enough, but a catch was that, as applications were migrated to Domain A, their groups would be “owned” by Domain A, which would now be the authoritative source for all group attributes (in this case, the authoritative source is determined by the OU the group is in in Domain B. The name of this OU is stored in the rules extension configuration file).

A custom rules extension is used to determine which management agent is authoritative, and to be sure the user objects being added to the member attribute are from the appropriate domain.

Read More

Topics: IT Security, Microsoft Security Partner, FIM, Reference Attributes, Group Membership, Forefront Identity Manager (FIM), Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog

Posts by Topic

see all

Want to Learn more about CSS?