The beta for the new AADSync tool has been released, and I have been playing around with it a little to discover whats in store and what we might expect from Microsoft Identity Manager (FIM vNext) when that comes out. This is a screenshot heave "try it for the first time and screenshot everything"-article. What I am trying is to see what the new rule editor can manage, and to see whether I can actually manage to provision users in a separate AD forest directly from AADSync.
I made it through the regular installation, which you can see documented somewhat here. This yielded a quite usual DirSync setup, but in miisclient.exe you cannot see attribute flows and filters. This is instead move to the "Synchronization Rules Editor".
I started of creating a secondary AD management agent. The first ting i notice here is the amount of management agents available by default. This is in strong contrast to DirSync.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Not much to comment on in these screenshots, except for the fact that you cannot configure filters and attribute flow, everything is still FIM. New MA added:
Image may be NSFW.
Clik here to view.
Having a look at the default configure inbound and outbound rules in the new "Synchronization Rules Editor".
Image may be NSFW.
Clik here to view.
I clicked "Add new rule", and started on my inbound join rule for my "external.goodworkaround.com" AD, which is my second forest. I just want to see if I can provision user account into that forest based on the users in my "gwrnd.goodworkaround.com" primary forest.
Image may be NSFW.
Clik here to view.
Some new filtering possibilities available, that needed an extension before. However, there is no way of extending it yourself it seems.
Image may be NSFW.
Clik here to view.
Joining pager in AD with sourceAnchor in FIM.
Image may be NSFW.
Clik here to view.
I'll just skip adding inbound attribute flow for now.
Image may be NSFW.
Clik here to view.
Added successfully.
Image may be NSFW.
Clik here to view.
The default list of outbound sync rules.
Image may be NSFW.
Clik here to view.
Trying to create a outbound provisioning rule to my "external.goodworkaround.com" forest.
Image may be NSFW.
Clik here to view.
Filtering.
Image may be NSFW.
Clik here to view.
Same join as the inbound rule.
Image may be NSFW.
Clik here to view.
Let's just try some transformation and see if it works on first try!
Image may be NSFW.
Clik here to view.
It did.
Image may be NSFW.
Clik here to view.
Doing a full synchronization on the primary AD yields 71 adds to my second AD.
Image may be NSFW.
Clik here to view.
Looking good.
Image may be NSFW.
Clik here to view.
Seems right (wonder if I am missing some very important attribute?)
Image may be NSFW.
Clik here to view.
Exported successfully
Image may be NSFW.
Clik here to view.
Some changes not reimported (userAccountControl was wrong value)
Image may be NSFW.
Clik here to view.
I forgot the sAMAccountName too.
Image may be NSFW.
Clik here to view.
Just as before.
Image may be NSFW.
Clik here to view.
Some still giving error, due to sAMAccountName being more than 20 characters.
Image may be NSFW.
Clik here to view.
Let's see if "Left" still exists.
Image may be NSFW.
Clik here to view.
Yep.
One more thing. The new way of triggering "DirSync" is like below. Also notice that it is automatically triggering my custom added MA!
Image may be NSFW.
Clik here to view.
Looks good (except that it did not Delta sync on my custom MA, only import and export).
Image may be NSFW.
Clik here to view.
That's it. As I said, just some screenshots to see what's in store. I am starting to look forward to Microsoft Identity Manager / FIM vNext; hopefully this will be a part of it.