Microsoft Forefront

  • Published:
    November 20, 2011
  • Languages:
  • Audiences:
    IT professionals
  • Technology:
    Microsoft Forefront Identity Manager
  • Credit toward certification:

Microsoft Forefront Identity & Access Management, Configuring

This exam has been retired

For currently available options, please see the Microsoft Certification exam list.

Skills measured

This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Plan and design FIM topology (21%)
  • Plan and design FIM topology
    • Identify single point of failure, match topology to performance requirements, capacity planning, design highly available implementations for FIM Service and Portal
  • Install the FIM Service and the FIM Portal
    • Microsoft SharePoint web configuration, service account permissions, prerequisites, certificates, groups
  • Upgrade Microsoft Identity Integration Server (MIIS)/Microsoft Identity Lifecycle Manager (ILM) to FIM 2010
    • Plan for upgrade, recompile extensions, upgrade SQL databases, upgrade third-party clients
  • Deploy and manage client components
    • Automated installs, client images, multi-language support installation, plan for configuration of Microsoft Outlook for group management (Outlook plug-in for approvals and group management), use Group Policy objects (GPOs) to manage FIM client components, registry settings on client machines
  • Implement disaster recovery for FIM 2010
    • Backup and restore, FIM Service, FIM Portal, Sync Service, initial load scenarios; key backup and recovery

Preparation resources

Plan and configure core portal functionality (19%)
  • Plan and configure user and group provisioning
    • Provision to Active Directory, deprovision, data-driven provisioning and deprovisioning, configure Management Policy Rules (MPR)/workflow/sync rule triples required for provisioning in the portal, expected rule entries, detected rule entries, workflow parameters
  • Plan and configure group management
    • Configure dynamic groups (query-based) in the portal, owner-based groups and approvals, distribution groups, security groups
  • Plan and configure synchronization rules
    • Inbound and outbound sync rules, create objects in metaverse using declarative rules, advanced attribute flows, relationships
  • Plan and configure authorization and action workflows
    • Configure approvals, including multiple approvals and escalations; notifications; deploying and configuring custom workflow activities
  • Plan and configure security permissions and Management Policy Rules (MPRs)
    • Delegated administration, plan and implement user profile self-service, plan and implement group self-service, temporal objects, sets and set membership

Preparation resources

Configure advanced portal-based scenarios (17%)
  • Configure the Resource Control Display Configuration (RCDC) for object and attribute display
    • RCDC capabilities, validations, attribute permissions, data sources and data binding, form controls
  • Customize the user experience
    • Search scopes, menu navigation items, organizational branding, home page configuration, create and configure email templates, usage keywords
  • Extend the portal schema
    • Resource types, attributes, bindings, schema validation, synchronization filters
  • Plan and configure self-service password reset and registration
    • Authentication workflow for password reset and registration, QA gates, case sensitivity, lockout gates, password reset action workflow
  • Write and interpret XPath queries
    • Create valid FIM XPath filters, reference objects and attributes, filters, conditions

Preparation resources

Configure FIM synchronization (22%)
  • Create and configure standard management agents (MAs)
    • SQL Server MA, Certificate Management MA, Active Directory MA, file-based MAs, difference between call-based and file-based MAs, attribute flows, filters, projection rules, join rules, deprovisioning rules
  • Create and configure the FIM Service MA
    • Resource type mapping, Synchronization Rule filter, understand the constraints of the FIM MA, attribute flow
  • Configure the metaverse
    • Plan precedence, extend the schema, object deletion rules
  • Create and automate run profiles
    • Clear run history, multi-step run profiles, run sequencing
  • Implement rules extensions
  • Install and configure password synchronization and Password Change Notification Service (PCNS)
    • Configure Active Directory MA, install services on domain controllers, schema changes related to PCNS, service principal names

Preparation resources

Monitor and maintain FIM (21%)
  • Migrate the FIM configuration between environments
    • FIM Portal configuration, DLLs and code, synchronization service server configuration, run scripts and automation tools, Windows PowerShell scripts, how to move configurations from development to test to production
  • Perform root cause analysis of provisioning issues
    • Issues with management policy rules, set definitions, workflows, and expected rule entries; misconfiguration of synchronization service server; coexistence of classic provisioning and declarative provisioning; result sequence
  • Perform root cause analysis of issues related to password management
    • Issues with password synchronization, self-service password reset, requirements for registration, end-to-end process
  • Perform root cause analysis of issues related to data flow and unexpected data
    • Data discovery issues, join issues, filter issues, run profile issues, threshold issues, Stack trace, precedence issues, object deletion rules
  • Perform root cause analysis of permissions issues
    • MPR definitions, set definitions, portal permission errors, service account permissions, provisioning issues, synchronization service server roles

Preparation resources

Who should take this exam?

Typical candidates for this exam are Identity Specialists who deploy and manage Forefront Identity Manager 2010 in an enterprise environment consisting of more than 5,000 identities with a dynamic lifecycle. These organizations may be geographically and/or organizationally dispersed and may require compliance with extensive regulations. The environment may include multiple applications that consume identities and/or multiple disconnected data sources.

More information about exams

Preparing for an exam

We recommend that you review this exam preparation guide in its entirety and familiarize yourself with the resources on this website before you schedule your exam. See the Microsoft Certification exam overview for information about registration, videos of typical exam question formats, and other preparation resources. For information on exam policies and scoring, see the Microsoft Certification exam policies and FAQs.


This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format. To help you prepare for this exam, Microsoft recommends that you have hands-on experience with the product and that you use the specified training resources. These training resources do not necessarily cover all topics listed in the "Skills measured" section.