I ran into some situation where primarily everything is working fine, provisioning is done when a person becomes active (based on begin date) and is deprovisioned (based on enddate + 30 days). When the enddate is reached the AD account is disabled, after 30 days it is removed. But when the enddate is changed after the account has been disabled some unwanted behavior occurs. The user is again added to the "Active Users" set and a workflow is triggert to send a email with the new user information. No i was wondering is it possible to filter in the set to check if the user already has a "detected rule entry of type X" that way the workflow is not triggerd anymore because the user will no longer be part of the set. Or do I need to set a "email" send flag and use this in my set to trigger the workflow or not. Any advice? Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!

How about if you were to use a set transition MPR (transition IN) to drive your new user notification based on START DATE alone? In other words only send the "new user" advice when the user object transitions into the set "all users with a start date >= today"? As soon as you include the end date into the set definition, and allow that to "move" you'll run into the problems you describe.Bob Bradley, www.unifysolutions.net (FIMBob?)

I use cheap DREs in the form of attributes on the metaverse object and FIM object which define what data sources an object exists in. For example I'd have an "existsAD" attribute. This would be populated with a sync rule flow '<dn> --> "true"'. With this you can tweak that first set definition to be people where "ExistsAD is not True".My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com

I have found out that there is another way to it: Create a set that contains "Expected Rule Entries" that match the "Synchronization Rule ID. In XML the filter looks like <Filter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Dialect="http://schemas.microsoft.com/2006/11/XPathFilterDialect" xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration"> /ExpectedRuleEntry[SynchronizationRuleID = '7bb8a7bb-c0ba-476e-ab6b-4db9b6265ea9']</Filter> Then use this set in a filter condition, this condition looks like this: <Filter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Dialect="http://schemas.microsoft.com/2006/11/XPathFilterDialect" xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration"> /Person[ExpectedRulesList = Set[ObjectID='e46ff8fb-3205-48d5-b40f-b52643b0f87f']/ComputedMember]</Filter> I am not sure how this will perform with large numbers, but currently it works as expected. Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!

Hello Erik, Tried your solution, but the second set is not populated automatically, when new user with ERE created. Its updated only when I renew first set. Can you help or confirm?