Share via

Optional: Create an OU and Security Group for FIM CM Users

  • Article

Applies To: Forefront Identity Manager Certificate Management

The following procedure is not required for FIM CM installation.

The following optional procedure covers the creation of a dedicated OU to be used for FIM CM users. The procedure also covers the creation of a security group specifically for FIM CM users. Then, a test user is created in the OU and assigned membership in the security group. Such a configuration could be used to perform a limited pilot roll-out of FIM CM.

To create an OU, security group, and test user account

  1. In the Active Directory Users and Computers console tree, right-click the your_domain, click New, and then click Organizational Unit.

  2. In the New Object - Organizational Unit dialog box, type FIM_CM_Users and then click OK.

    Note

    The actual name of the group (FIM_CM_Users) can be whatever is appropriate for your organization.

  3. In the console tree, right-click the FIM_CM_Users OU, click New, and then click Group.

  4. In the New Object - Group dialog box, in Group name, type FIM_CM_Subscribers. Ensure that the Group scope is set to Global and the Group type is set to Security. Click OK.

    Note

    The actual name of the group (FIM_CM_Subscribers can be whatever is appropriate for your organization.

  5. In the console tree, right-click the FIM Users OU, click New, and then click User.

  6. In the New Object – User dialog box, enter names that are appropriate for a test account. The account you create will be used for testing the installation. Click Next.

  7. Enter and confirm the user password. Consider clearing the User must change password at next logon option, since you will be using this account for testing. Click Next and then click Finish.

  8. In the details pane, right click FIM_Subscribers and then click Properties.

  9. In the FIM_Subscribers  Properties dialog box, in the Members tab, click Add.

  10. In the Select users, Contacts, Computers, Service Accounts, or Groups dialog box, under Enter the object names to select, enter the test user account you created in the steps above and then click Check Names.

  11. After user account name is resolved to the account name you created earlier, click OK.

  12. On the FIM_Subscribers Properties dialog box, click OK.

  13. After testing out your production installation, you may decide to add a small group of test users to the FIM_Subscribers group and to the FIM Users OU to being a pilot deployment.

Previous topic

Optional: Create an OU and User Accounts for FIM CM Agents

Next topic

Prepare IIS 7 for FIM CM

See Also

Concepts

Installing and Configuring FIM CM Infrastructure