While you can configure most rules by using Synchronization Service Manager, Microsoft® Forefront Identity Manager (FIM) 2010 administrators can customize the way that management agents and the metaverse work by creating rules extensions. You create rules extensions by using a programming language such as Microsoft Visual Basic .NET or C#. Rules extensions are implemented as a Microsoft .NET Framework class library or as a dynamic-link library (DLL), and they are stored in the Extensions folder of the FIM root directory.


When you create a rules extension project using Synchronization Service Manager in FIM, the project will now be created in Visual Studio 2008. If you use Visual Studio 2008 with rules extensions that were created using Visual Studio .NET 2003, the extensions will be converted to a Visual Studio 2008 project and will be converted to Microsoft .NET Framework 2.0. You will be able to run all existing rules extensions (whether they have been compiled with Microsoft .NET Framework 1.1 or Microsoft .NET Framework 2.0) on FIM without having to recompile your projects. Note, however, that all new development and debugging work done on FIM rules extensions will require the use of Visual Studio .NET Professional 2008, Visual Basic® 2008 (or Express Edition), Visual C#® 2008 (or Express Edition), and can no longer be done with Visual Studio .NET Professional 2003. For more information about upgrading Visual Studio .NET Professional 2003 projects to Visual Studio .NET Professional 2008, see this MSDN article. (http://go.microsoft.com/fwlink/?LinkID=77551)

The following table lists and describes the types of rules extensions that FIM supports.

Rules extension type Description

Management agent

A management agent rules extension is applied to data as it flows from the connector space to the metaverse. Each management agent can have only one rules extension. Management agent rules are:

  • Connector filter rules

  • Join rules

  • Projection rules

  • Attribute flow rules

  • Deprovisioning rules


A metaverse rules extension is applied to data as it flows from the metaverse to the connector space. The metaverse can have only one rules extension. Metaverse rules are:

  • Provisioning rules

  • Object deletion rules

Some of the common tasks that you can perform using a rules extension are:

Password extensions

For file-based, database, and extensible connectivity management agents, which do not support password change and set operations by default, you can create a .NET password extension dynamic-link library (DLL), which is called whenever a password change or set call is invoked for any of these management agents. Password extension settings are configured for these management agents in Synchronization Service Manager.

Password management is supported by default in the management agents for: By using a password extension, password management is also supported in the management agents for:
  • Active Directory

  • Active Directory Lightweight Directory Services (ADLDS)

  • Lotus Notes

  • Novell eDirectory

  • Sun and Netscape directory servers

  • Attribute-value pair text files

  • Delimited text files

  • Directory Services Markup Language (DSML)

  • Extensible Connectivity

  • Fixed-width text files

  • IBM DB2 Universal Database

  • IBM Directory Server

  • LDAP Data Interchange Format (LDIF)

  • Microsoft SQL Server

  • Oracle Database

For more information about creating and using rules extensions and password extensions, see the FIM Developer Reference.