I know this has been discussed in MANY other threads. But, I need some definitive YES/NO answers on the following questions. Some additional detail would be helpful too:
1. Should the Forefront Identity Manager Service (on the server [Administrative Tools > Services]) be running under the farm account?
2. Should the Forefront Identity Manager Synchronization Service (on the server [Administrative Tools > Services]) be running under the farm account?
3. Does the farm account need to be in the local Administrators group in order to START the services on the server?
4. If the farm account is used for these services, what is the need for the AD import account?
5. How come when I view the import/export process, using the Synchronization Service Manager (FIM), it shows that each process was executed using the farm account? Shouldn't it be using the AD import account?
6. Why did M$FT make this so hard? Do they hate me?
View Complete Post