Have configured FIM 2010 RTM to have a number of domains and a dropdown list appears to allow you to select the required domain when creating users and security groups, however the domain attribute/binding doesn't appear when creating or modifying a Distribution Group. Anybody got any ideas why the domain attribute doesn't appear for DLs? P.S. I've already played around with policies and it doesn't make any difference. (created a temporary policy to allow all users to create, modify, add, delete and remova all attributes on groups)

Trevor, Before FIM RC1 DLs had a Domain option listed and you had the option to pick the type of a DL. With RC1 update 2 or update 3, both DL type option and the domain option disappeared. The logic behind it was the a DL by nature are universal and not Domain specific Hope that help Issam Andoni http://www.zevainc.com

If this functionality is something thats really required in your situation then you can obviously extend/create a binding between the group object and the domain attribute. Ofcourse, the RCDC would also need to be extended to have the domain drop down displayed during the group creation. You could the proceed to apply the domain specific outbound sync rules based on this domain attribute value.Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Jameel, I understand all about extending the schema, but in this instance the attributes (and bindings) are already there (out of the box). They are also already in the RCDC for the "Group" FIM resource type. The issue is that FIM uses the same resource type "Group" for both Distribution Groups and Security Groups (inc mail enabled). So during the loading of the "Group" RCDC's it does some additional logic inside its DLLs to determine what is really needed to be displayed to the user. Therefore it is not possible to simply update the schema and RCDC. As a workaround we have created our own "DistributionGroup" FIM resource type and then use custom workflow to generate the actual distribution group in the relevant domain (on a create) and sync its membership (on creation and modification). We lose the built-in join/leave functionality, but then have absolute control over what is shown to the user.

Based on what I know such behavior is controlled by code. So even if you adjust RCDC, the behavior is controlled by underlying code and thus it will not change the issue.Best Regards Issam http://www.zevainc.com/andoni