I want the password reset users set to include members of an AD security group.Is there a way to do this? The security has been imported into FIM and is visible under security groups.I don't think user has a memberof attribute which I can use for criteria based, and I don't seem to be able to select a security group as a member for manually managed.

You can try this workaround if you want member of a group to be member of your set.Just go to your set and go to advance view.In the filter attribute, edit the text value of the Filter tag to be :/Person[ObjectID = /*[ObjectID = '3e27bc39-dd57-4e24-97b9-3c9726df788a']/ComputedMember]Replace the guid with the resource ID of the target group and save your set.If you go back to sour set and view the rule, FIM will display an error, but if you click on view member, you see that the user are correctly populate.

Awesome - Thanks Michael.Product team - Any chance of chaning the filter rendered to get rid of the error which gets displayed?"Sorry, the filter you are trying to display cannot be rendered with the Forefront Identity Manager Filter Builder. The filter may be corrupted or unsupported by the Filter Builder"

I highly doubt this since custom filters often can't be represented with the UI due to the complexity they have - which is why you have to manually enter them :o)The error reads "may be"...Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Cheers MarkusIs there a reason it couldn't drop back to displaying the XML like the advanced-filter box, when it can't render?Although you can just read the message an click through to the advanced tab, it would be nicer if it did.

This is really great and extremely usefull. When i try to submit the request i get an Acces is Denied error, even thoug i'm using the FIM admin account. Do i need to enable editing somewhere?

No - unfortunately you CAN'T save this as a set definition (any more at least!), as it violates one of the rules about sets that appears to have been introduced post RC0 ... see http://technet.microsoft.com/en-us/library/ff356871(WS.10).aspx and scroll down to the last entry under Unsupported filter definitions where it says "Sets cannot reference the membership of Group resources". As a consequence (even if you use /* instead of /Group) you will always get an "Access Denied" error. I think this may be "by design" for a number of reasons, but I too wish it wasn't because it would have saved an awful lot of effort in coding a custom workflow activity to maintain nominated groups with a corresponding set (matched through a schema extension of the Group object to include "MatchingSetID"). If you were sync'ing any other object with a ComputedMember attribute this would have worked ... Markus - could you please unmark the Answer above now?Bob Bradley, www.unifysolutions.net (FIMBob?)

This worked well until I've installed a FIM patch provided by Microsoft Updates (KB 978864 ). Does anybody know a solution for creating a set containing all members of a specific security group without writing a custom workflow? Cheers Tobias

This worked well until I've installed a FIM patch provided by Microsoft Updates (KB 978864 ). Does anybody know a solution for creating a set containing all members of a specific security group without writing a custom workflow? Cheers Tobias See this thread, iv'e done something that works; http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/b04e2cf7-c839-4394-87d7-3b38f92459a8 /Frederik Leed

Always I try to edit the filter definition of my set using /Person[OpusProfile = /Group[ObjectID = '3b7f84d7-ce8d-48f7-88f7-4bd6436d3710']/ComputedMember] I've get an "Request failed" message. The ObjectID is the right one, I've double checked it. Any advice? Cheers Tobias