I'm working on a project where we are moving management of group membership from native AD tools and processes to using the FIM portal to leverage its policy and workflow features. The part we are working out now is how to transition from one method to the other over a long time period (i.e. we're not going to be switching over all the groups at once) The current plan is- Config- 2 MA's - AD and FIM AD import flow to MV - Join on accountName<>Samaccountname - no projections Export MV to AD - Send all the FIM managed attribs (members,owners etc) from MV to AD FIM is authorative for everything For each group we want to migrate - Export the group data to a file/db etc Import group into FIM with PS Once that happens, the group will join to the AD CS object. Since the two groups (FIM/AD) are the same, no changes are exported at the start. Once changes in the portal start happening, they will update into AD I was wondering if anyone else has solved this scenario differently. I was thinking about adding an AD schema extension (something like 'fimManaged') that would affect the projection of groups into the MV and the direction of attribute flows, but didn't want to create too much complexity.

my migration was simple: original state: AD MA -> group projection to MV -> provisioning to SQL table SQL MA -> membership import to MV -> export to AD join by sAMAccount name or objectSID migration phase 1: FIM MA setup, MV objects linked to FIM objects, all groups provisioned to FIM portal automatically, no declarative rules attribute flow from AD to MV, export to SQL and FIM MA, membership import from SQL MA only migration phase 2: import all attributes from AD to MV and from FIM to MV with equal precedence turned on for everything except membership export all attributes to AD, SQL MA and FIM migration phase 3: SQL MA decomitted, FIM MA is the only authorative source for membership, equal precedence turned off. projection from AD to MV is still on migration completed: classic rules only, no declarative rules, as declarative rules seems to be 10 times slower than AD MA rules extention.