Share via


Connect to an Active Directory Forest

For this procedure, in Management Agent Designer, on the Connect to an Active Directory Forest page, you connect to an Active Directory forest on a local or remote server. You must provide a server name, a user name and password with administrator rights, and a logon domain. Each time the management agent is run, it uses this information to log on to Active Directory to read or write to the directory that you specify. You can synchronize one Active Directory forest per management agent. To complete this procedure, you must be logged on as a member of the FIMSyncAdmins security group.

To connect to an Active Directory forest

  1. In Management Agent Designer, on the Connect to an Active Directory forest page, in Forest name, type the complete name of the forest, and then, type a user account, password and logon domain.

  2. In Configure Connection Options, click Options. Select one of the following:

    • To digitally sign and encrypt all communication with the server, click Sign and encrypt LDAP traffic.

    • To enable all communication with the server using Secure Sockets Layer, click Enable Secure Sockets Layer (SSL) for communications.

    • If Enable SSL for the Connection is selected, optionally select Enable Certificate Revocation List Checking.

Note

In Forest name, you must type the complete fully qualified forest name. For example, the complete fully qualified forest name for the Microsoft West coast sales forest is sales.westcoast.microsoft.com.

Note

The default port used for connection is 389. If Enable SSL for the Connection is selected, then the port will be changed to 636.

Note

You are not required to install FIM on the server running Active Directory. You can install FIM and Active Directory on different servers.

See Also

Concepts

Using the Management Agent for Active Directory
Using the Management Agent for Active Directory Global Address List (GAL)