I have been googling quit a bit about the following topic: Suppose I want to implement the following deprovisioning logic: in the HR system the user gets deleted, in AD the user should get disabled and moved to an other OU. IF I configure the MV object to be deleted, I know I can implement the deprovisioning of the AD MA CS object (like in http://msdn.microsoft.com/en-us/library/ms696021(v=VS.85).aspx) . This would require the the MV object deletion rule to delete the object after the HR MA deletion gets imported. And the in turn that would trigger the AD MA deprovisioning logic Is there a possiblity to create a rules extension, be it for a MA or for the MV, which would "see" the deleted CS object for the HR MA and as such trigger the AD deprovisioning code? And still allow the MV object to exist and be connected to the AD object. All I want is in fact the ability to "translate" the deletion in the HR system to the toggling of the "employeeStatus" attribute in the MV. Then the FIM MA can do it's magic with it's SR's. http://setspn.blogspot.com

You should only delete metaverse objects when you don’t want to manage an object anymore. Although the HR connector is gone in your scenario, you still want to manage the object! You can switch the object deletion rule back to “delete MV object when last connector is cone”. Extend the MV schema with an operational attribute – e.g.: HRID. Make sure that your HR MA is the only contributor for that attribute. When the HR connector is removed due to the processed deletion, all attributes the removed connector has contributed are pulled – including the value for MV.HRID. This also triggers provisioning. Your AD facing outbound synchronization rule should contain the following logic for DN flow: If IsPresent(MV.HRID) DN = my user container Else DN = deleted users container End If You need to implement the same logic for the userAccountControl attribute to disable the related account. That way, you can accomplish exactly what you are looking for. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus, Thanks alot, that was the explanation I was looking for and that should definately do what I'm trying to achieve. Regards, Thomashttp://setspn.blogspot.com