Forefront Identity Manager Synchronization Service (FIM Synchronization Service) has a flexible synchronization rules engine that you can use to process identity data between your connected data sources and the metadirectory according to your business rules. Your business rules are expressed as synchronization rules in FIM Synchronization Service, either as declarative rules or through rules extensions.
Declarative rules are synchronization rules that you configure through the Synchronization Service Manager of FIM Synchronization Service. For business rules that are beyond declarative rules, you can use a rules extension to express otherwise complex logic in a well-structured form.
Both declarative rules and rules extensions coexist to give you the flexibility of choosing the appropriate method for a given scenario. The following list shows some of the rules that you can express in rules extensions:
- Apply sophisticated filters that use logic
that is applied to specified attribute values and conditions to
control data flow into the metaverse.
- Resolve complex object conflicts.
- Resolve unwanted object joins between the
connector space and the metaverse.
- Handle attribute precedence.
- Transform and convert attribute values
between connected data sources.
- Provision objects in the metaverse to export
the attribute values to other connected data sources.
- Implement new business rules on existing
connector space objects and metaverse objects.
A rules extension is a Microsoft .NET Framework assembly that you implement in the form of a dynamic link library (.dll) file. You can create a rules extension by using any programming language and compiler that creates a .NET Framework assembly. For more information, see Creating Rules Extensions.
Types of Rules Extensions
FIM Synchronization Service supports the following types of rules extensions.
| Rule extension | Description |
|---|---|
|
Management agent |
Used on data that flows between the connector space and the metaverse, such as data transformations, join rules, and deprovisioning. Each management agent can have only one rules extension. |
|
Metaverse |
Used on data that flows between the metaverse and connector space in response to a change in the metaverse, such as when an attribute value changes or a link is added or removed from a metaverse object. For example, you can use a metaverse rules extension to create provisioning rules to ensure that all the connected system objects contain the unified identity data that is stored in the metaverse. You can have only one metaverse rules extension. The metaverse is also referred to as the FIM Synchronization Service database. |
Rules extensions are called when identity data is processed. For more information, see How Rules Extensions Are Called. To see how the synchronization rules map to the rules extension methods, see Synchronization Rules Mapped to Rules Extension Methods.
Accessing Objects
You create objects in the connector space and metaverse from the following classes.
| Class | Object |
|---|---|
|
Connector Space object |
|
|
Metaverse object |
Most of the classes in the Microsoft.MetadirectoryServices namespace are related to these two objects.