Forefront Identity Manager 2010 (FIM 2010) build 4.0.3594.2 (kb2520954) introduces several new features across the product. The KB text defines feature 3 for the Synchronization Engine as follows:
Adds the ability to filter objects before they are imported into the AD MA connector space.
What does this actually mean? And how do we configure this? Here’s a screenshot:
Whereas in the past we had “None”, “Declared” and “Rules extension” the AD MA now has a fourth option – “Declared (Import Filter)”. The purpose of this feature is for customers that have a large number of valid disconnectors. When I say valid I mean there’s nothing wrong with their join rules –there’s just loads of objects in the containers selected but out of scope of FIM. Having a large number of disconnectors obviously slows down delta synchronisation therefore this option filters during import so that they’re never re-evaluated during synchronisation.
When you implement a declared import filter any new objects that match the filter are not created in the CS. If there are existing objects that match the filter they are deleted during the next Full Synchronization. Yes, I said full synchronisation. They’re not obsoleted during Full Import they are deleted during Full Synchronization.
Hopefully that’ll help someone. And in case it’s not obvious I’ll state it. This needs to be configured in the FIM Synchronization Service Manager, i.e. this is a property of an MA and is different from an external scoping filter on a Synchronization Rule (SR).