CSS Blog |
Recently, while working on a Microsoft Network Device Enrollment Services (NDES) deployment, a client asked a simple-enough question about the thumbprint for the Certificate Authority (CA) certificate that was displayed on the NDES admin enrollment GUI, “What is that hash? And why doesn’t it match any of the CA certificate thumbprint hashes in my chain-of-authority?”
Recently, I have been involved in several client projects that involve the distribution and synchronization of user accounts between multiple organizations. This is a little different than the standard synchronization scenario, which assumes that there is one organization, and data flows from an authoritative source, such as an HR data store. An example of this basic synchronization can be seen in Figure 1; assume that we have three domains in our organization, and domain A is authoritative.
Recently, one of our clients had a scenario that required them to keep track of the proxyAddresses attribute history between two Microsoft Active Directory (AD) domains. Since FIM Sync Service doesn’t retain any history of attribute values (as simply a state-based synchronization engine), this required a bit of thought and planning.
Examining the need to keep track of the history and exploring options, we came down to the solution through a simple one-revision history mechanism with FIM Sync.
Subscribe via RSS »
