We are looking at implementing Forefront Identity Management.
I have two questions regarding FIM. One is about licensing and the other is technical.
The first question, the licensing data sheet says that you need a cal for every user account managed by FIM, it also states you need a cal for every smartcard managed by FIM. Here smart cards are our primary means of two factor authentication. So is that one or two cals per user based on the fact that every user has an account and every user has a smart card to go with the account.
Second question and I have researched this but been unable to find a definite answer. I know Forefront Identity manager can be used with filters to move user and computer accounts. My question is with those filters and some customization can I use Forefront to query find stale/inactive user/computer accounts and then both move them to another OU and disable them. The organization is looking for an alternative way to powershell to automate this.
Ric
Ric Nagy