Hi, With FIM, is it posible to synchronize passwords across different systems, for example, AD and an ERP with Oracle?

Hi - the answer is definitely YES, using PCNS configured as per these instructions, but with the caveat that this can only ever be with the AD password being authoritative. PCNS is installed on EACH DC in your domain to capture password changes and notify the specified target FIM sync service of the pre-encrypted value of each password so that it can be set for each connector of an MA "downstream" of the PCNS source AD MA. Note that in each case you need to have a downstream MA which either supports password sync, or have your MA configured with a custom "Password Extension" ... Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

That is certainly the way I would want to do it, and the way we do it at my workplace. However, is it possible to write a custom password extension for the MA and a process outside of FIM to capture and transmit the passwords to FIM to send out to AD, perhaps through the old WMI interface the SSPR process uses? I don't know if that is what the original poster would want, or if it would be recommended. I'm just curious as to the customization capabilities, and when I see "can only ever be" it is in my nature to question it. :-) Of course if AD wasn't authoritative for passwords, there wouldn't be a need for PCNS. Chris

However, is it possible to write a custom password extension for the MA and a process outside of FIM to capture and transmit the passwords to FIM to send out to AD, perhaps through the old WMI interface the SSPR process uses? I don't know if that is what the original poster would want, or if it would be recommended. I'm just curious as to the customization capabilities, and when I see "can only ever be" it is in my nature to question it. :-) The password extension is used to forward passwords received by FIM Sync to the MA. You can certainly use some out of band process to make calls to the WMI interface and push passwords in that way and FIM will in turn push them out.My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com