Hello, I am studying the Identity and Access Managment solutions. I'm sorry, probably my question is obvious and stupid, but I cannot understand the differences or when it's necessary to have an Forefront IM solution, because at the point I know the Active Directory manage the identity life cycle and security rules. Can somebody give me a explanation or a reference so I can understand the different features of each one. Thanks very much.

Hi Active Directory is for authentication (and logon); all identities in Active Directory have to be manually (or scripted) managed. With an IdM solution, you're able to automate the lifecycle of accounts and then also automatically manage account in Active Directory, say based on data from an HR system (hire/fire and such) Regards, Soren Granfeldt http://granfeldt.blogspot.com

Soren gives a good answer. Indeed with an IDM solution such as FIM, you can get accounts automatically created in AD based on data from other systems such as HR. Then when the person leaves the organization you can automatically disable and delete their account. You can also automate and delegate group management, and empower the users to reset their own passwords and update their own profiles.David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html