Hi,

In our environment, we have two AD's (Domain A and Domain B) in two different forests. The FIM is located in Domain A. Now, i am trying to sync a user from AD domain B to FIM. I got synced and created at FIM(Domain A). But the domain attribute in FIM is not populating with the external Domain i.e. Domain B, and the user is also unable to access the FIM Portal.

Could you please help me out. Please let me know if any configurations have to be done in FIM portal for an external user to access the FIM portal.

Thanks 

Prasanthi.

If you use separate management agents for separate domains, the best option would be to import "Domain" attribute as a constant flows - in domain A it would be DomainA, for domain B - DomainB.

Then you can simply export this as a domain attribute to FIM Portal and it should

Hi,

Thanks for replying....

But, in FIM potal, the Domain attribute is not populated with "Domain B" initially. I have created domain configuration for "Domain B" and then i am able to see that in "Domain" attribute.

The acctname, ObjectSID, domain are populated at FIM. And the required below MPR's are also enabled.

• General: Users can read non-administrative configuration resources
• User management: Users can read attributes of their own

When i try to access FIM Portal, i am getting an error "Logon Failure: user has not been granted the requested logon type  at this computer"

Please help me out...