On a delete group request, we have a requirement to delete all the members for the security group and leave it in FIM for a certain grace period before deleting it permanently. What is the best approach to achieve this?

Hi Neelima, I think that a possible approach would be: 1) create a custom boolean attribute for the group object, say 'ToBeDeleted'. 2) create a custom activity that removes all the users from the group and sets the group's expiration time to now + grace period. 3) create a MPR + Workflow that triggers the custom activity when the 'ToBeDeleted' attribute becomes true. Then you also need some extra configuration to assign appropriate permissions to the expiration workflow, which you can find here: Automatically Deleting Expired Objects in FIM 2010 . Cheers, PaoloPaolo Tedesco - http://cern.ch/idm

Thanks Paolo for the possible approach. As suspected it will have to be all custom....