After reviewing the Microsoft guide "Syncing Active Directory with FIM", I got to the stage of populating the Synchronization Rules using the FIM Portal. In the guide the following section outlines how you must generate a CustomExpression string.
How to Sync Active Directory with FIM.
The FIM Generate CustomExpression for Domain
Attribute Flow Script (PowerShell) https://social.technet.microsoft.com/Forums/en-US/50088024-d86a-49dc-bb03-3243ebd677eb/using-powershell-to-generate-the-custom-expression-for-the-domain-attribute-flow?forum=ilm2
As the domain I was trying to sync with Active Directory
was Windows Server 2003 based, which does not natively have PowerShell (or the
AD DS PowerShell cmdlets) I used a Windows Server 2012 R2 VM with the AD DS
server role installed.
At first I had to reconfigure the ExecutionPolicy
to allow Unrestricted scripts. I then tried to run the DomainObjectSid_IFFSStatement.ps1
script provided by The FIM Scriptbox. I received the error Error:
Could not find a forest identified by: 'domain'.
To recognize where in the code the script was
failing I opened the script in the PowerShell ISE and selected small
sections of the code and used the Run Selection button to break out
where then the code encounters an error.
In this instance it was on Line 10 $ForestObject
= Get-ADForest that was causing the script to fail. At first I thought
it was a DNS issue that was causing the issues so I did all the usual things
and could not find anything.
The fix in this case was to configure the Active
Directory Web Services service to start Automatically on the system
starting. Once I did this and re-run the script it generated the required
CustomExpression string I needed to continue.
