One of the most common external systems we have in FIM is Active Directory. Managing users in Active Directory is very much a question of understanding how Active Directory works. I have seen many FIM designs violating the basic functionality of Active Directory.
There are also quite a few attributes in Active Directory that require special treatment and knowledge. The most common one is the attribute
userAccountControl
.
At The Company, the idea is that management of normal users in Active Directory is to be made using FIM. A few things, however, are not managed by FIM; one is the initial password.
At The Company, the initial password is set by the users themselves when they visit the security officer's desk to identify themselves and sign a form about account usage. At the desk, there is a small web application where the user can fill in his initial password.
The initial password, as well as account name and e-mail addresses, are common attributes in Active...