FIM 2010 R2: Same Account being used for FIM Synchronization Service and FIM MA
This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Forefront Identity Manager 2010 R2 Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).
Product |
Forefront Identity Manager 2010 R2 |
Feature |
FIM Synchronization Service |
Operating System |
Windows Server 2008 R2 |
Severity |
Error |
Category |
Configuration |
Issue
FIMSync Service – Either the FIM Management Agent is not configured on the server or the FIM management agent account is the same as the FIM Synchronization Service account.
Impact
FIMSync Service – The FIM Synchronization service account has access to the Forefront Identity Manager database.
Resolution
FIMSyncService - If the FIM Management Agent is configured then make sure that the FIM Management Agent account is different from the FIM Synchronization service account
Additional references
For more information, see:
The FIM 2010 R2 Deployment Guide (https://technet.microsoft.com/en-us/library/jj134310(v=ws.10))