I have an existing Management Policy Rule, provisioning users from an Active Directory, via FIM, into an AD LDS instance. I use the "all people" set, and I'm using the "Transition In" for marking a person object applicable for the sync rule. This means that new users in AD, projected in the Metaverse, exported to FIM, get the rule applied. During the first run, all FIM "users" got the rule and finialy created in the AD LDS. Now I'm adding a new AD LDS instance in the same FIM setup, creating een new AD LDS MA, new policy rule, new workflow, ... I'm running against the problem that "all people" is already filled, and thus there is no "transition in" and my new rule does not get "active", no additional rule apply for the existing users in the FIM. What is a good practice for this? Is there a way to start a force transition in for a new policy rule? Please add (if possible) enough details or provide link that has this information. Regards, David

I'm now using a dirty trick I've created a set, based on a criteria that does not return any results. I use this set in my new policy rule All is configured, I add one user manually to see that the configuration works Then I change the criteria to match all users (no condition) => this is generating "transition in" New rule got applied on all users :)

Hi Keith, I've read the link. I understand that I can set this option, do the necessary profile runs, see that my new AD LDS instance is filled, uncheck the "run on policy update" again to avoid indeed large activity (thus use with caution). Thanks for the guidance! David.

If the workflows fired by the MPR have "Run on Policy Update" enabled, the set can be re-evaluated and the MPR/workflow run by disabling and re-enabling the MPR. Warning though, this can create a large amount of activity in the FIM service and database. Use with caution... For more info on "Run on Policy Update", see here: http://social.technet.microsoft.com/wiki/contents/articles/run-on-policy-update.aspx Keith

If the workflows fired by the MPR have "Run on Policy Update" enabled, the set can be re-evaluated and the MPR/workflow run by disabling and re-enabling the MPR. Warning though, this can create a large amount of activity in the FIM service and database. Use with caution... For more info on "Run on Policy Update", see here: http://social.technet.microsoft.com/wiki/contents/articles/run-on-policy-update.aspx Keith

I now use a dirty trick I've created a set, based on a criteria that does not return any results. I use this set in my new policy rule All is configured, I add one user manually to see that the configuration works Then I change the criteria to match all users (no condition) => this is generating "transition in" New rule got applied on all users :)

I make heavy use of retroactive policy application. I create a couple of "deployment" MPRs and sets. I keep the MPRs in a disabled state. When I need to reapply action WF I update the set membership and then enable and disable the MPR. I have a couple of generic ones, e.g. a deletion, an attribute cascade, etc. I find it is a requirement when initially deploying a solution, particularly in development.