Hi, one more crazy question: as we know all FIM WF activities run under FIM Service Account which is fine unless you have an MPR set to trigger other actions on an attribute change. so, MPR is not trigged even if requestors are set to 'All People' which seems to exclude FIM Service account from the list of users. switching to custom UpdateAttributeActivity (yes, thanks' to Ensynch for their prototype) which sets ActorId to zeros and acts under user id solves the problem, but I feel that there must be another way to use builting FIM function evaluator and trigger an MPR then... Any ideas on which set to use for requestors or how to do user impersonation?

Hi Evgeniy! You can set whatever resource you like as requestor by setting the ActorID in the parent workflow (in the XOML) and that means any resource, even groups, RCDC's or custom resources. The ActorID is inherited from the parent workflow into the function activity (and any other activity). Setting an ActorID to only zeros will end up being the FIM Service account performing the request. If you wish to have a dynamic impersonation I guess you'll have to use a custom activity that looks up and sets the ActorID to the parent workflow at runtime, this should work (haven't tested) since the ActorID inheritance usually doesn't take place until execution of the following activities. http://msdn.microsoft.com/en-us/library/microsoft.resourcemanagement.workflow.activities.sequentialworkflow.actorid.aspx //Henrik Edit: For activities that expose an ActorID themselves inheritance only works if you haven't explicitly specified it on the activity. Henrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)