Note-to-self: AD groupType vs FIM Group scope and type

Source references:
– FIM 2010 Functions Reference: http://aka.ms/fim2010functionsref
How Do I Synchronize Groups from Active Directory Domain Services to FIM
How Do I Provision Groups to Active Directory Domain Services

Overview

IF AND THEN
FIM   group Type =
FIM group Scope = AD   GroupType =
Distribution Global 2
Domain local 4
Universal 8
Security Global -2147483646
Domain local -2147483644
Universal -2147483640

From AD to FIM

Source
Destination (FIM)
CustomExpression(IIF(Eq(BitAnd(2,groupType),2),”Global”,IIF(Eq(BitAnd(4,groupType),4),”DomainLocal”,”Universal”))) scope
CustomExpression(IIF(Eq(BitOr(14,groupType),14),”Distribution”,”Security”)) type

From FIM to AD

Source
Destination (AD)
CustomExpression(IIF(Eq(type,”Distribution”),IIF(Eq(scope,”Universal”),8,IIF(Eq(scope,”Global”),2,4)),IIF(Eq(scope,”Universal”),-2147483640,IIF(Eq(scope,”Global”),-2147483646,-2147483644)))) groupType

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s