This is a good explanation except it doesn't use the exact same values for EmployeeStatus as 50382: http://blogs.dirteam.com/blogs/jorge/archive/2010/07/29/managing-the-useraccountcontrol-attribute-in-ad-by-fim.aspx //HenrikHenrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

ok thanks - will have to pass this unto our dev team to figure out.

Hi, I am working through MOC 50382 (FIM 2010) and have a question about EmployeeStatus. If I look at the HR application, the employee status can be one of 3 states: active, inactive, delete. If I analyse the data in the Metaverse, the employee status attribute is either active, inactive or delete. Then, looking at the attribute flow, the employeeStatus (MV attribute) flows into the userAccountControl (AD attribute). It automagically becomes 512, 514 or something else for delete.... I cannot find any logic in FIM Portal or Sync Service Manager that actually takes the "active, inactive or delete" values and translates them into 512, 514, and whatever value 'delete' requires. Please could someone clarify this bit of magic to me, thanks.

Just found a reference to a 'Adatum AD Extension.dll' - could this be where the logic is held for the above question? In a production environment - would we need to write our own such DLL?

I guess you it's Lab5 you're referencing to?You're correct, it's in the MA Extension this automagically takes place: Case "userAccountControl" Dim currentValue As Long If csentry("userAccountControl").IsPresent Then currentValue = csentry("userAccountControl").IntegerValue Else currentValue = ADS_USER_FLAG.ADS_UF_NORMAL_ACCOUNT End If If mventry("employeeStatus").Value = "active" Then csentry("userAccountControl").Value = (currentValue Or ADS_USER_FLAG.ADS_UF_NORMAL_ACCOUNT) And (Not ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE) Else csentry("userAccountControl").Value = currentValue Or ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE End If It depends on the complexity of your rules if these kinds of rules is needed, in this case they've used this pretty simple rule to show how an MA Extension could be used but for this you could instead with some changes in implementation use a custom expression in your outbound sync rule attribute flow. //HenrikHenrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

hmm, so I could achieve the same result without code? do u perhaps have a URL that demostrates this?