About Rules Extensions

Microsoft Identity Lifecycle Manager 2007, Feature Pack 1 has a flexible synchronization rules engine that allows you to process identity data between your connected data sources and the metadirectory according to your business rules. Your business rules are expressed as synchronization rules in ILM 2007 FP1 either as declarative rules or through rules extensions.

Declarative rules are synchronization rules that are configured through the Identity Manager of ILM 2007 FP1. For business rules that are beyond declarative rules, you can use a rules extension to express otherwise complex logic in a well-structured form.

Both declarative rules and rules extensions coexist to provide you with the flexibility of choosing the appropriate method for a given scenario. The following list shows some of the rules that can be expressed in rules extensions:

  • Apply sophisticated filters that use logic applied to specified attribute values and conditions to control data flow into the metaverse.
  • Resolve complex object conflicts.
  • Resolve unwanted object joins between the connector space and the metaverse.
  • Handle attribute precedence.
  • Transform and convert attribute values between connected data sources.
  • Provision objects in the metaverse to export the attribute values to other connected data sources.
  • Implement new business rules on existing connector space objects and metaverse objects.

A rules extension is a .NET Framework assembly implemented in the form of a dynamic link library (.dll) file. You can create a rules extension using any programming language and compiler that creates a .NET Framework assembly. For more information, see Creating Rules Extensions.

Type of Rules Extensions

The following types of rules extensions are supported by Microsoft Identity Integration Server 2003.

Rule extensionDescription
Management agentUsed on data that flows between the connector space and the metaverse, such as data transformations, join rules, and deprovisioning. Each management agent can have only one rules extension.
MetaverseUsed on data that flows between the metaverse and connector space in response to a change in the metaverse, such as when an attribute value changes or a link is added or removed from a metaverse object. For example, you can use a metaverse rules extension to create provisioning rules to ensure that all the connected system objects contain the unified identity data that is stored in the metaverse. You can have only one metaverse rules extension.

Rules extensions are called when identity data is processed. For more information, see How Rules Extensions Are Called. To see how the synchronization rules map to the rules extension methods, see Synchronization Rules Mapped to Rules Extension Methods.

Accessing Objects

Objects in the connector space and metaverse are created from the following classes.

CSEntryConnector Space Object
MVEntryMetaverse Object

Most of the classes in the Microsoft.MetadirectoryServices namespace are related to these two objects.

Send comments about this topic to Microsoft

Build date: 2/16/2009

Community Additions