I was looking at an example in the Developer's help on Deprovisioning objects after a specified time http://msdn.microsoft.com/en-us/library/ms696020.aspx by storing values in the MV. This looks really good, except that i'm trying to update the person's MV object with a term date based on the disconnection (deletion) of another CS item, not flowed in from the CS. When this happens, I don't see a way to update the associated MV object. I looked at MV – ShouldDeleteFromMv – the MV entry is read-only CS -- Devprovision – no access to the MV entry I could write the expiration to the AD account, and process it externally, but it would be much cleaner to handle it in FIM rather then writing an external app to check for expirations in AD. If that's the only option, i'll have to go that way..

The only way to update attributes on a metaverse object is through an import flow rule.http://www.wapshere.com/missmiis

Frank, I have a HR source which "deletes" objects rather than set them to an "inactive" state. So I more or less had the same problem. What I have done is a rules extension which uses the "attribute recall" feature as a "disconnector detector". I've got a dummy attribute which is only contributed by the HR MA. If the HR MA deletes the object, the attribute is recalled and thus "mventry(dummy).isPresent = false". Then I flow something towards AD for which I know that user is no longer employed. In my case I use the AD account expiration date (accountExpires). On the other had I have an import flow for the AD MA which monitors the expiraton date and then flows "active/inactive" to my "account status" attribute for which FIM can handle the logic like we want. Does this help you? regards, Thomashttp://setspn.blogspot.com

Frank, for DateTime driven activities, you can also leverage the concept of temporal Sets in FIM. As indicated by the name, the resources of such a Set are transitioned out of it after the configured time interval. You can use the a temporal Set (transition out) to remove a resource from the scope of a synchronization rule. When configured this way, removing a resource from the scope of a SR can trigger deprovisioning. You can find more details on how this works in Understanding Deprovisioning in FIM. To get the initial trigger for your process, you can either use Thomas' suggestion with the operational attribute or Expected State Detection. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Thanks Markus and Thomas I was working down the attribute recall path but ran into issues where some of those attribs needed to stay around. I forgot to mention this was a sync server only setup, so the FIM service capabilities were out (good idea though) I ended up creating an Aux SQL MA When the source MA connector is disconnected- (aka zero connectors to source ma) · a new connector is provisioned into a ‘delay aux ma’ with the MV Guid and future term date. · The future term date is flowed back into the MV · The MV provision code looks for entries where the term date is present and if so, disconnects all MA’s when the date passes. The AUX and AD MA's are set to delete on disconnect, so they cleam themselves up after the time period expires With this setup, I only need to full sync against entries in the ‘delay aux ma’, not the entire MV (210k entries in this case) so i like it Thanks again for all the ideas - i'm sure at some point i'll run into applications for those too.