I'm currently syncing users from our AD into FIM, which is working perfectly. The issue I have is that when I user is removed from AD, it also needs to be removed from FIM. Does anyone know if there are instructions on creating a run profile to complete this task?

Go to the metaverse designer. Right click person and go for configure object deletion rule. There You could select that if AD disconnect from the object the object is deleted from metaverse. On the FIMMA go to deprovisioning options. There you can chose stage delete on next export.

Please could you confirm; Within the Meta-Designer, right clicking person, and "configure object deletion". Which type should I be choosing "delete metaverse object when the last disconnector is disconnected" or "delete metaverse object when the connector from any of the following management agents is disonnected"? Also, within the FIM Mnagamenet Agent; "Make them disconnectors", "make them explicit disconnectors" or "stage delete on the object"? Many thanks.

Its just different options depending on what you want to do. Think if you read its not too hard to see what the different options will do. You want objects to delete from MV when they delete from AD so selecting AD in"delete metaverse object when the connector from any of the following management agents is disonnected" should do that. This link will tell you something about the other options within the FIMMA http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/603c4f8c-d782-4625-a045-009d15ed0f3b

I was pretty sure thats how it worked, although it doesnt actually seem to be removed users from the FIM database. I have the FIM Managment agent configured as follows; http://ablh1g.blu.livefilestore.com/y1pFV203g9nwooNAnDgPjNplx4wvCQmtllrz7f_M7I7HYj2sKz7-eOoHarJcwffBj2FfkBbCyETLQlWdRZUSWgehnyQM9hTswnI/fimmanagent.png?psid=1 And my metaverse designer for person looks like this; http://ablh1g.blu.livefilestore.com/y1p37CJDackM7q2gthrNtZ5ykYETNl4CsBn61EhrU_WxQos57pUzUi9UVFOV8OVt6-ER40Ptov5OkaolyIMFfhToCYcEqcQ6GFV/person.png?psid=1 Yet I have deleted objects from AD, but FFILM does not remove them from the FIM database. If I go into the portal and search for the user (who no longer exists in AD) they still appear. I've tried restarting the the services and server, and running a full import/sync/export. Thank you again for any help you can provide.

Well your config looks fine, running Import and sync on aADMA should delete it from metaverse, and stage a delete on the FIMMA, that should be executed on the next export. Is the object deleted from the metaverse ?

If I search the metaserve the objects are NOT there, but they are still there in the FIM portal.

Sussed it...I think. Inside the FIM Managment Agent run profiles, I edited the export run profile. The 'specify number of deletions to process' was defaulted to untick/0. I changed this to ticked/5 It now seems to be working fine. Thank you for all your help Robin.

Thanks for this, it was really helpfull. How do you delete users from portal, who now only exists in MV with a portal connection? *Clean orphaned users script" thingie, that does'nt dele the two builtin\sync user and the setup user./Frederik Leed

if your object deletion rule in the SYnc Engine has been configured to delete person objects when a disconnecting occurs from the FIM MA, the MV objects will be deleted when you delete the person objects in the portal -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------ "FrederikLeed" wrote in message news:5b73830d-2b02-4e88-8cf3-01e621b91a26... Thanks for this, it was really helpfull. How do you delete users from portal, who now only exists in MV with a portal connection? *Clean orphaned users script" thingie, that does'nt dele the two builtin\sync user and the setup user. /Frederik LeedJorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)

Thanks, but i'm in a situation where i have about 4k users in the FIM portal and last week, about 200 users was removed from HR & AD, but at that time i did not have an object deletion rule configured. So now i have 200+ users in the FIM portal + MV, with no other connections. Them not being connected, they can't be affected by object deletion rule... So how do i delete users from Portal, that are not connected to other sources? I've tried removing some of the MV objects, but they just get projected again./Frederik Leed

I'm doing the same exercise right now, but for 1000 objects :) So doing by hand in the portal is not really a fun way. What I did was: using a source which is connected to all other objects, flow a dummy attribute to a field in the MV and the from the MV to the Portal your 200 users which are not connected to that source don't have that dummy attribute filled as they are not in the scope of the first source create a filter which says: "if dummy attribute not equal to value x" This will return your 200 users Using powershell you can easily use that filter in xpath and delete them from the Portal This will then delete them in the MV (after import/sync) The only caveat is that it will probably also return your FIM Portal installer account and Built-in Synchronizatin Account. Which you do not want to delete :) I just set the dummy attribute on those accounts by hand to exclude them from the filter. For some PowerShell example: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/a5486d43-7e76-4d1e-b906-9fbecf6a600a http://setspn.blogspot.com

Yes! This worked, i just flowed constant xxxx to Job Title wich was emty, did an advanced search and deleted everyone where Job title is not xxxx... before that i manually updated the Setup account and the Buil-in sync. After that i just flowed "" to Job title and removed the export flow rule from the fim ma again /Frederik Leed