Active Directory Management Agent (AD MA)
Active Directory Management Agent (AD MA), often referred to in the context of Identity Lifecycle Manager (ILM) or Forefront Identity Manager (FIM) (now evolved into Microsoft Identity Manager – MIM), is a Microsoft-provided Management Agent (MA) used to connect identity management platforms to Active Directory Domain Services (AD DS).
Key Features of the AD MA:
- Connectivity: Allows synchronization between MIM/FIM/ILM and AD DS.
- Bidirectional Sync: Can import data from and export data to Active Directory.
- User Lifecycle Management: Supports provisioning, deprovisioning, and updating of user accounts and security groups in AD.
- Password Synchronization: Enables synchronization of password changes between AD and other connected directories.
- Security: Integrates with Windows security to ensure safe and compliant data exchanges.
- Delta Import: Supports delta imports to detect only changes rather than doing full imports each time.
Common Use Cases:
- Automating account provisioning for new employees.
- Updating user details (e.g., job title, department) from an HR system to AD.
- Disabling or deleting accounts for terminated employees.
- Synchronizing group memberships based on organizational roles or departments.
Related Technologies:
- MIM/FIM/ILM: Microsoft’s identity management platforms that use the AD MA.
- Metaverse: Central data store in MIM/FIM where all connected identity data is normalized and correlated.
- Connector Space: Staging area for data flowing between the AD and the Metaverse.