Is there too much overlap between FIM 2010 and Exchange 2010?

I’ve been getting myself up to speed on the new feaures of Exchange 2010, and some of them look a little familiar…

  • The ECP, or Exchange Control Panel, is a web interface where users can perform certain administrative functions such as modifying their own profile and managing Distribution lists they own.
  • Users can request to join groups which may include an owner-approval workflow.
  • And finally Role Based Access Control simplifies assigning the right level of permissions – so intead of making someone an organization-wide Exchange administrator, you can grant more finely-grained permissions, and it’s based on roles so it should be simpler to apply.

So, in one swoop, a number of the key features of FIM look less relevant: the FIM user portal for self-management, the distribution list management and workflows, and the MPRs which give access to other user’s attributes. Hmmm.

Of course we get a lot more with FIM, and it’s a generalised platform, as opposed to being targeted specifically at Exchange-enabled objects. Also one can make the argument that it’s more secure to make modfications outside of AD and then sync them across in a controlled way, rather than giving people access directly into AD. And finally FIM gives us password reset…

But considering the expected cost of FIM CALs, how many IT decision makers will look at FIM and decide it doesn’t give them enough over what they’re going to be getting anyway with Exchange 2010?

About: Carol

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.