One of the most common external systems we have in FIM is Active Directory. Managing users in Active Directory is very much a question of understanding how Active Directory works. I have seen many FIM designs violating the basic functionality of Active Directory.

There are also quite a few attributes in Active Directory that require special treatment and knowledge. The most common one is the attribute userAccountControl.

At The Company, the idea is that management of normal users in Active Directory is to be made using FIM. A few things, however, are not managed by FIM; one is the initial password.

At The Company, the initial password is set by the users themselves when they visit the security officer's desk to ...