Are you implementing a group management deployment with FIM? If so, we'd love to hear from you. In particular, it'd be great to get your feedback on our documentation for group management scenarios - what documentation do you need or want, that we don't provide today? What problems have you had in your deployment, where additional documentation from Microsoft would've been helpful? Our team is currently doing some planning work for potential additional documentation for group management. So, it'd be great to get feedback as to what you'd find most helpful, so that we focus on the most valuable things for you. For example: Dynamic groups? Cross-forest? Detail on implementing self-service DG management? AD security group management? Migrating to FIM from an existing group management application? How to begin evaluating FIM group management features? Using the Outlook Add-in? Something else? And of course if you have other feedback about group management scenarios in FIM - tasks that are hard to accomplish that you'd like to be simpler, or problems you want to solve but can't, but haven't found a way to solve in FIM, do let us know. Cheers, --Jeff.

Jeff, Thank you for asking. On behalf of the community thank you for the commitment to improvment. Some folks may want to share feedback in a more private setting and may not already have your email address. You may want to consider offering an avenue for them to do so, or direct them to one already made (like perhaps a private suggestion in connect?).David Lundell www.ilmBestPractices.com

Better guidance around tranisitioning from managing groups in AD to managing them in FIM. The existing documentation is very suited to greenfields sites where People and Sets will be created in FIM first, and FIM will then provision Users and Groups into AD. However for many large enterprises with hundreds of existing AD groups, scripts, integrations and support staff (often with delegated AD permissions) this is not likely to be an instant transition, but a gradual one. Sets will need to be created in FIM which reflect existing (AD Group) memberships, but the existing documentation is light on best practices for addressing this scenario. For instance I ended up creating SETs with membership filters based on (imported) AD security group memberships, although this is not formally supported. A retrospective policy would probably have been a better approach but looked too complicated with the documentation available.

Good point - there is in general always also the option to use the FIMExperts alias for submitting feedback. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Excellent point, the migration strategy is one that pretty much every customer will need to tackle and is an excellent priority. Next up I would look at: Cross-forest GALSync Creating custom request/fulfillment channels for group management The most frustrating thing about group management today is that we can no longer nest group memberships in Sets in order to do self-service delegation of rights to the portal. There is currently no way to have say, HelpDesk manage their own delegation through an Owner Approved group. The scenario should look like this: A portal administrator delegates a set of rights via several MPR's to the HelpDesk Users Set (criteria based) An owner approved Helpdesk Users Group is created with the owners set to the HelpDesk manager and his backup(s) The HelpDesk Users Set is added as a clause into the HelpDesk Users Set filter [Resource ID member of HelpDesk Users Set] (this was possible in an early RC build) Leveraging the Owner Approval group allows us to embrace the owner paradigm for rights delegation within the portal.Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com

Jeff; We implemented several Group Management solutions using FIM 2010. We submitted one group management implementation as a case study. I was planning to write extensively on our findings and the challenges we have to address but did not have enough time to do so. I started blogging about the subject but get busy with another project that took all my time. The original blog can be found under http://www.zevainc.com/index.php?option=com_idoblog&task=viewpost&id=58&Itemid=18 In addition, we are planning to submit a presentation for The Expert Conference 2011(TEC2011) under the name: FIM 2010 Group Management notes from the field. Although some of these challenges are technical others are implementation challenges. Building a robust group management solution based on organization business structure is a complex task and presents a huge challenge. We will be more than happy to work with you and your team to contribute to the new set of documentation Best Regards, Issam Andoni Best Regards, Issam Andoni http://zevainc.com/andoni