Hey all, I have limited programming skills, but I can eventually get the job done with enough trial and error. So before i go too far down the wrong path and waste a lot of time, I am looking for advice on where in the architechture to implement the code to generate a unique account name. Should I use a rules extension and add the samAccountname on export to AD? Should it be a global extension or should i use the advanced attribute flow? I am still not clear on if I can have Sync rules as well as attribute flow. Should I create a custom activity? maybe something else that i am unaware of? I guess I am just looking for what is recommended so I can spend my time learning that method. i would like to generate the account name and will likely remove the ability for the portal user to enter one. i will just populate it on export in the FIMMA. Thanks, Rich

Rich, I guess the right answer is it depends. In the past and before FIM days, we addressed this issue using MV extension rules. And although, Microsoft did not recommend branching out to AD from any rule extensions, I dealt with sAmAccountName as an exception. We implemented this in different ways. For small environments, the easiest way is to branch out to Active Directory during MV code initialization and build an array of all sAMAccountNames and then use it to validate uniqueness. For large AD, this approach is not practical so you either need to check with AD or other external system to verify uniqueness. Any other method will not guaranty uniqueness as there is no guaranty that your FIM/ILM MV contains all AD accounts. (it depend on your implementation). With FIM you can build a custom workflow that can accomplish the same thing. Personally I kept using the old method as it is more convenient. Issam Andoni http://www.zevainc.com

Hi Issam, I am learning FIM 2010. I have experience in ilm 2007. Q1: We can use XML configuration to generate OU structure for each location code in ILM 2007. I know in FIM 2010 we can concatenate a string to form a CN but i need to generate the CN dynamically based on my location code. Can i use Synchronization rule and MVextension simultaneously? Q2: Generate the unique SamaccountName. i have to check AD since we are not managing all the user accounts using ILM. How can i achieve this in FIM. SamaccountName generation rule: First Name + Last Name First Name + First Character of Last Name First Name + First Character of Last Name + 01 .... HR MA ----> MV--à AD CheckUniqueName (first name, last name) -------> AccountName-----à SamAccountName Regards, Enayathulla S