Hey all, In researching a potential move to FIM 2010 within our company, there are a few "processes" that I can't seem to figure out if FIM can deliver on or not, and was hoping the experts on here could maybe answer... These are: 1)I understand FIM can perform group managment via ownership delegation (I own group, and approve you to be in my group), but can FIM automatically place users in defined groups based on attributes such as Dept. ID, etc. (i.e. Tim is provisioned new user in Dept 1, based on a "policy?" can FIM automatically place user in groups defined already for Dept 1.? 2)Audit resource ownership management (who owns what), outside of AD users/groups. i.e., unix groups, mainframe ID's, database information (sa, etc.) Thanks again for any/all comments based on this question as it is much appreciated.... cm0ss

Hey all, In researching a potential move to FIM 2010 within our company, there are a few "processes" that I can't seem to figure out if FIM can deliver on or not, and was hoping the experts on here could maybe answer... These are: 1)I understand FIM can perform group managment via ownership delegation (I own group, and approve you to be in my group), but can FIM automatically place users in defined groups based on attributes such as Dept. ID, etc. (i.e. Tim is provisioned new user in Dept 1, based on a "policy?" can FIM automatically place user in groups defined already for Dept 1.? 2)Audit resource ownership management (who owns what), outside of AD users/groups. i.e., unix groups, mainframe ID's, database information (sa, etc.) Thanks again for any/all comments based on this question as it is much appreciated.... cm0ss 1) Absolutely, FIM supports both of these plus a specialized form of the latter called a Manager group which provides a stored query for building groups of direct reports. 2) Not as easy, while FIM would contain much of the data you would need, it doesn't have the capability internally to do the reporting or auditing itself. You would need to look at ISV solutions that extend FIM to provide these capabilities. So, the model here is, have FIM capture the data and then use the 3rd party products to provide the reporting. Think about how Crystal Reports complements SQL Server here.Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com

FIM 2010 could also be extended to support some really neat requirements. A group of all the direct and indirect reports to a manager. This is quite helpful when you have a requirement of automatically maintaining a distribution group with list of all people who directly or indirectly report to a manager (like CIO). Maintain sensitive groups; groups which are specific to a particular identity type like: Employee Only groups. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com