For this procedure, in Management Agent Designer, on the Connect to an Active Directory Forest page, you connect to an Active Directory forest on a local or remote server. You must provide a server name, a user name and password with administrator rights, and a logon domain. Each time the management agent is run, it uses this information to log on to Active Directory to read or write to the directory that you specify. You can synchronize one Active Directory forest per management agent. To complete this procedure, you must be logged on as a member of the FIMSyncAdmins security group.
|To connect to an Active Directory forest|
In Management Agent Designer, on the Connect to an Active Directory forest page, in Forest name, type the complete name of the forest, and then, type a user account, password and logon domain.
In Configure Connection Options, click Options. Select one of the following:
- To digitally sign and encrypt all
communication with the server, click Sign and encrypt LDAP
- To enable all communication with the server
using Secure Sockets Layer, click Enable Secure Sockets Layer
(SSL) for communications.
- If Enable SSL for the Connection is
selected, optionally select Enable Certificate Revocation List
- To digitally sign and encrypt all communication with the server, click Sign and encrypt LDAP traffic.
In Forest name, you must type the complete fully qualified forest name. For example, the complete fully qualified forest name for the Microsoft West coast sales forest is sales.westcoast.microsoft.com.
The default port used for connection is 389. If Enable SSL for the Connection is selected, then the port will be changed to 636.
You are not required to install FIM on the server running Active Directory. You can install FIM and Active Directory on different servers.