We are currently using ILM 2007 with a custom-built group population MA based on CarolW's awesome blog (http://www.wapshere.com/missmiis/who-needs-group-populator-when-you-have-multivalue-tables). We're an educational institution with over 100,000 user accounts managed by ILM. I put employees into groups based on location, and students into groups based on whether they are a current or former student based on their OU (which is determined by admitted/registered term data). I'm looking at FIM as a way to improve our group management capabilities. Requirements haven't been nailed down yet, but I believe we want to enable the portal for end-users to be able to manage their own groups. I anticipate there is also a need to create and populate groups based on other data, such as department code (which is currently an attribute of employee records) and/or course number (from student data but the method of getting it is TBD...either a flat file or some kind of SQL table). I've been following the example in the FIM 2010 Ramp Up online training that Microsoft posted (thanks guys! that rocks!) and I can find my way through setting things up so someone can log in to the FIM portal and create a group based on manual selection. However, what I want to be able to do is create a rule that automagically creates the groups in AD based on data in the FIM metaverse and then automatically populates them based on user attribute data. I know I could do this with my old SQL MA that contains employees and students, and a subset of their attributes, along with the associated metaverse provisioning extension code. I even created a couple of views of that data and a new MA that imports the department codes and associates the members of those departments to them multivalue-attribute-style. But what I can't seem to do is use declarative provisioning in FIM in order to create AD groups based on those department codes. Note that the department codes come in as a different metaverse object type from other groups, and I wonder if the fact that they don't get to the FIM Service database is the source of my problem. The sync rule I created through the portal does project them into the sync service metaverse, but no connector is provisioned to AD or the FIM MA. After I got a manually-populated group to successfully provision to AD, I reworked my department code MA to project as the mv object type that was linked to the FIM service type "group", but I got web service failures on exporting to FIM because required attributes were not populated. I've since torn that down, but I believe the problem was it was looking for the group's owner, but there is no owner and I'm not interested in setting an owner on these groups. I tried to set up an owner through a static flow rule, but I'm fairly certain that's a reference value and I don't think I can just type in a string that would link to any real object. Has anyone done anything similar to this before, and how did you go about it? Note that this is dynamic provisioning of new groups based on input data, not just dynamic population of manually created groups based on data. There are far too many groups for me key them all in manually, and they will change (especially the ones in the future based on course number). Thanks!