Forefront Identity Manager 2010 R2 (as well as FIM 2010 hotfix 4.0.3594.2 - see kb2520954) has a new feature available for the Active Directory Domain Service (ADDS) MA that allows you to pre-filter objects imported from AD.

Currently, when you configure a Connector Filter in the ADDS MA properties, the filtered objects are brought into the MA connector space (CS) and are evaluated during synchronization to insure sure they still comply with the filter criteria. This occurs during both Full and Delta synchronization run profile executions. This can leave you with a large number of objects you don’t want to deal with hanging about that have to be processed, even during delta synchronization (which we want to be as lean and fast  as possible)

This new functionality allows you to filter objects pre-import. In the MA properties, a new dropdown option is available for connector filters. The drop-down item is “Declared (Import Filter)” - as shown below.

filter 

 

Select this option and configure your filter and it applies on import so that those objects that meet the filter criteria never get imported.

If you create this filter after you have imported objects that meet the filter criteria, those objects will be deleted on the next full sync (not full import)

This option is not configurable in an inbound portal sync rule, just in the FIM Sync manager. The scoping filter does not expose this functionality. As a reminder - portal inbound sync rules define what is "Included" - not what is 'Excluded"

I'm sure this new feature will be a real improvement for people having a large number of filtered disconnecters in their ADDS CS.

 


References