For this procedure, in Management Agent Designer, on the Configure Extensions page, you can specify a management agent rules extension and enable and configure password management. Rules extensions and password management are not required for, and are not applicable to, all management agents. To complete this procedure, you must be logged on as a member of the FIMSyncAdmins security group.
To configure password management and specify rules extensions |
-
In Management Agent Designer, on the Configure Extensions page, in Password Management, click Enable password management.
-
For all file-based management agents, management agents for extensible connectivity, and database management agents, under Password management, in Extension name, type the name of the password extension file (.dll).
-
To specify connection information settings for the password extension, click Settings; in Settings, type the complete name of the server; type a user account and password; and then, in Connection timeout, specify a connection time-out in seconds. The default 0 indicates no time-out.
-
To select a change type operation, under Supported password operations, select Set only, Change only, or Set and change.
-
For those management agents with password management enabled and configured for password synchronization, to configure target password synchronization settings, click Settings. Under Target Settings, in Password operation failure settings, in Maximum retry count, specify the number of times FIM will attempt to push a password set to the connected data source target even if there are password set errors (for example, the server is not available). In Retry Interval, specify the number of seconds between password set retries. To require that all password synchronization operations are secure, click Require secure connection for password synchronization operations. This option requires that the connection between FIM and the connected data source target server be secure during password set operations using Secure Sockets Layer (SSL) or signed and encrypted Lightweight Directory Access Protocol (LDAP). If this option is selected and the management agent is not configured to use a secure connection, an error will be passed to the event log, and the password set operation will not proceed. If this option is not selected, password synchronization will occur regardless of the secured connection configuration. This option does not apply to Windows Management Instrumentation (WMI)–based password operations.
-
For management agents that are configured for password management and for which the partition name is available through Web application WMI queries, to give a partition name a friendly display name, in Configure partition display name(s), click Edit. In the Configure Partition Display Name dialog box, in Partition, select a partition. In Display name, type a name, and then click Edit.
-
If you are provisioning to a Windows Exchange 2007 server, select Enable Exchange 2007 provisioning.
Note | |
Rules extensions and password management extensions must exist in the Extensions folder of the FIM root directory. By default, the root directory is C:\Program Files\Microsoft Forefront Identity Server\2010\Synchronization Service. |
Note | |
If you want a management agent rules extension to run in its own memory space, click Run this rules extension in a separate process. When you run a rules extension out of process and the rules extension fails, it does not cause a disruption in the FIM Synchronization Service. However, running a rules extension out of process can consume more memory and CPU resources, resulting in weaker performance. A password extension runs in the same memory space as its associated management agent. To run a management agent as a separate process in its own memory space, see Run a Management Agent in a Separate Process. |
Note | |
For more information about developing rules extensions for management agents, see the FIM Developer Reference. |
Note | |
For more information about developing password extensions for management agents, see the FIM Developer Reference. |