Synchronization Rule

The strategy of group creation in AD can be defined in Sync Rule, It is very important to know how to customize the DN so the group can be sync to respective OU in AD.

FIM Administrator can customize the DN in Outbound Sync Rule, so the group can be create to respective OU in AD.

For example.

IIF(Eq(groupLocation,"Bangalore"),"CN="+mailNickname+",OU=Groups,OU=Bangalore,DC=XXX,DC=com",IIF(Eq(groupLocation,"Pune"),"CN="+ mailNickname +",OU=Groups,OU=Pune,DC=XXX,DC=com",Null())) àDN

FIM: How to map the AD user UserAccountControl attribute to FIM Metaverse

http://social.technet.microsoft.com/wiki/contents/articles/23579.fim-how-to-map-the-ad-user-useraccountcontrol-attribute-to-fim-metaverse.aspx

@Cognizant Goodbye and Thank you - Till we meet Again !!

Thank you Cognizant,Today is my last day in CTS and take this opportunity to share the experience so far, First time have seen almost all the Microsoft technologies in one floor.

Guys without your help I would not have come so far. Anil and Vinit Thank you so much for all your help and advice whenever i looked upon and faced issues you were always there for me.

Sincere gratitude and thanks to my manager Mangal & Ghouse Sir.

Thanks Change Management team for all the change approved during my tenure, SD team for understanding the things more than me,YOU Rocks.

Special Thanks to first row Wintel for all your sweets - Exchange,Lync.

Thanks Networking team for your Kindness and sharing resources.

All the best to Bike Riders Gangs... We enjoyed lots and hopes the journey will remain continue.....

Best wishes to all your future endeavors and stay in touch.
Dont say WHY ME?
Just say TRY ME!!!!
Let life put you down a 100 times...
Just keep echoing to life, "I will be back"
When Life puts you in tough situations.

Thank You All...All the best FIM Team.

Regards,

Anirban Singha

================================================

FIM Portals: Use PowerShell Showing number of SETs a User Is a Member Of

Microsoft Tech Net Link
http://social.technet.microsoft.com/wiki/contents/articles/22814.fim-portals-use-powershell-showing-number-of-sets-a-user-is-a-member-of.aspx

Use PowerShell to Back Up Group Membership

What i found in one of the Change in Production FIM 2010 to fix something leads to break of group membership of the new user. Always advise to have group membership back up of your environment before implementing change that may break group membership of the user.Thank God Nothing was break for the existing user only then realize how important to keep the back up.

Steps: 

Take a Group Membership back up.

Back-Up Steps: 

Recover the Group Membership from back Up.

Create a backup folder where the entire user in AD will have their Group Membership having its own txt file with samaccountname, In case need to back up -the PowerShell can be point to the each txt to add back the group membership.

How to take Group Membership back-Up.

To search user with all the properties

Get-ADUSer -filter * -properties *

To select attribute we have to pipe it out

Get-ADUSer -filter * -properties * | Select name,samaccountname

OR

Get-ADUSer -filter * -properties * | %{
$x=$_.samaccountname
$x
}

The Output will show the attribute of the user, if you want to make further search you have to capture all the attribute in array.

Function FindGroupmember  {
   [CmdletBinding()]
   Param(
                 [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
                 [string[]] $value    
              )
Begin {}
Process{
     foreach($i in $value) {
      # Write-Host  "=== Finding Group Membership of $i========"
     Write-Output "=== Finding Group Membership of $i========"
     $y=Get-ADUSer -identity $i -properties * 
     $z=($y.memberof -split (",")  | Select-String -SimpleMatch "CN=") -replace "CN=",""
     $z  # To display the output.
     # The below is the path to backup in csv
     $z >>C:\Users\Administrator\Desktop\Backup.csv
     $z >>C:\Users\Administrator\Desktop\Test\$i.txt
                                          }
             }
End {}
 }
Import-Module ActiveDirectory
$a=@( ) # Dynamic array
Get-ADUSer -filter * -properties * | %{
$x=$_.samaccountname
$a+=$x
}
FindGroupmember  -value $a

I have intensely strike Write-Host cmdlet after reading  Jeffrey Snover's blog

I am closing this topic with the line . Make sure you know what you are doing before you start to make changes you do not understand

List of Users in Multiple Domain..

How to find user in multiple domain, PowerShell by default will point to parent domain and will not fetch the result in child domain.When u will get list of users containing both  parent and Child domain,PowerShell will not fetch the result for child domain.
The below is the Script which will point to both domain.

How to Use PowerShell to Find all Users Having no Manager in FIM Portal

Microsoft Tech Net Link
http://social.technet.microsoft.com/wiki/contents/articles/22713.how-to-use-powershell-to-find-all-users-having-no-manager-in-fim-portal.aspx