Microsoft BHOLD Core Operations Guide


Applies To: Forefront Identity Manager

This operations guide provides administering and managing information for day-to-day operations of Microsoft® BHOLD Core, the principal module of the Microsoft BHOLD Suite Service Pack 1 (SP1). This guide consists of the following sections:

When to use this guide

Use this guide when:

  • You want to manage users’ access to information technology (IT) resources based on the users’ roles (job titles) within the organization.

  • You want to manage users’ access based on their position within the organizational hierarchy.

  • You want to manage users’ access based on their participation in a cross-organizational project team.

  • You want to manage individual users’ access without regard to their job function or group membership.

You can also use this guide to learn how to manage the elements of the BHOLD Core role model, including applications, roles, permissions, organizational units, and users.

This guide assumes a basic understanding of BHOLD Core, how it works, and how your organization uses it in conjunction with Microsoft Forefront Identity Manager (FIM) 2010 or Microsoft Forefront Identity Manager 2010 R2 to manage identities throughout your organization.

This guide contains detailed procedures that are designed for operators (or designated users) who have varied levels of expertise and experience. Although the procedures provide operator guidance from start to finish, operators must have a basic understanding of how objects in the BHOLD Core role model relate to each other and their purpose.


In a typical deployment of the Microsoft BHOLD Suite, the BHOLD Access Management Connector module will be used to synchronize identity data among BHOLD Core, Forefront Identity Manager, Active Directory Domain Services, and other identity data stores, such as a human relations (HR) database system. As a consequence, in such deployments, you will not normally use the BHOLD Core portal to add users, organizational units, and roles to the BHOLD Core role model. Instead, you will rely on the FIM Synchronization Service to provision the BHOLD Core role model with data entered and maintained in another, authoritative identity data source, such as Active Directory or an HR database.

The information provided in this guide for managing the BHOLD Core role model is intended to be used when the normal synchronization mechanism is not sufficient for accomplishing your objectives, such as when you need to manage access to IT resources by members of a temporary project team.

For information about installing Microsoft BHOLD Suite SP1, see Microsoft BHOLD Suite SP1 Installation Guide.