I have been tasked with researching ILM. We have several legacy applications we have to maintain (most run a SQL DB). I am trying to find out if ILM will assist in resetting and maintaining accounts on those applications. If so, what type of technology would it be. For example, would there need be code written, or a defination created within ILM?From the sources I have found on the web and TechNet it looks like ILM works great if you are in an entire Microsoft shop. Regards,Jason

Jason,You will find that you can accomplish your goal using both the current ILM 2007 offering and the future ILM "2" aka FIM2010 offering. Account management will be slightly simpler using FIM2010 for the reasons you will find described on the FIM2010 website.For password management for your SQL applications I will suppose that you are talking about actual SQL accounts. You will find an approach on how to work with those on Alex Tcherniakhovski's blog at http://blogs.msdn.com/alextch/archive/2006/06/05/ADtoOra.aspx. Though the article describes Oracle, the approach for SQL Server will be exactly the same. This will give you an extensible MA that will allow you to manage your SQL Server users. The next step will then be to extend your solution to also manage passwords. You do this by coding a Password Extension. An example of how to build this you will find the Developer help that comes with your system: just search for "Creating Password Extensions" and you will find what you need.I hope this helps ...Paul.Paul Loonen (Avanade)

HI paul,I was actually talking about applications that store username and passwords in a SQL or Oracle database. Most of the usernames are the same in several applications but the passwords are all different. I am hoping to connect them with ILM so when you reset your AD password it can reset your password inside a SQL or Oracle database.Thanks,Jason

Do I understand correctly that you are storing the username and password in a SQL or Oracle table in your database to support your application? Also in that case, you would need to code a password extension that pushes the password to your database table. You will need to provide again the code to store the data that you need in your database. The article in pointed you to above is your guide to accomplish this.Paul Loonen (Avanade)

Just to add a little bit to what Paul has been wisely saying, with ILM 2007 and with FIM 2010 you can synchronize password changes from AD to other systems (using PCNS), including password stored in SQL tables (assuming you follow Paul's instructions to build a password extension). However, Self-Service Password Reset is a feature that only comes with FIM 2010.So here is the work involved:After defining each app and learning how passwords are managed in each (confirming that they can handle complex passwords from AD):Setup FIM 2010Create the AD MACreate the SQL MA (one for each SQL app you want to manage)Import from AD and SQL MAsDefining how to join between AD and the SQL dataWriting code for the Password Extensions for each SQL MAInstalling PCNSSetting up the SQL MAs as Password Sync TargetsSetting up the AD MA to receive PCNSDavid Lundell www.ilmBestPractices.com