Is it a good idea to use ObjectSID as a relationship criteria between FIM and Active Directory for Users and Groups? If so what is the best way to get ObjectSID values to a SQL Table to cross-reference it with the HR system unique identifier?

Is it a good idea to use ObjectSID as a relationship criteria between FIM and Active Directory for Users and Groups? If so what is the best way to get ObjectSID values to a SQL Table to cross-reference it with the HR system unique identifier? Hi- Yes this would be a suitable unique ID. An even better one if you have a multi-domain forest in particular, though is objectGuid. For objectSid, you can use this function in a Sync Rule to export the SID to SQL: ConvertSidToString. For the GUID, you'd need to use an advanced attribute flow rule it looks like.My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com

Just to add-on to this: Design Concepts for Correlating Digital Identities. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation