Hi, Im currently trying to export a 2 users create in fim to an AD management agent..ive set up all attributes flows and synch rules as per the "introduction to publishing to AD from 2 authoritative sources" doc...however when it comes to exporting into the AD the next users...i get a bunch of errors as below: Export error CN=Joe Goldberg,OU=DealerUsers,DC=fim,DC=com,DC=au "permission issue" when validating against object schema it says: "required attribute 'cn' is missing A search of the MV shows "joe goldberg" user with a AD synch rule applied. Have i got my inbound attribute flows wrong? Not sure if it helps but i got this in the eventvwr aswell: Requestor: urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4 Microsoft.ResourceManagement.Service: System.IndexOutOfRangeException: Index was outside the bounds of the array. at Microsoft.ResourceManagement.ActionProcessor.SyncRuleActionProcessor.AdjustPrecedence(Dictionary`2 syncRuleDictionary, Guid currentSyncRuleId, Int32 newPrecedence, Dictionary`2& updateParameterDict) at Microsoft.ResourceManagement.ActionProcessor.SyncRuleActionProcessor.PreProcessUpdateRequest(RequestType request) at Microsoft.ResourceManagement.ActionProcessor.SyncRuleActionProcessor.PreProcessRequestFromObjectType(RequestType request) at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.PreProcessRequestFromObjectType(RequestType request) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(CreateRequestDispatchParameter dispatchParameter) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId) at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation) at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)

Regarding your export error: How can I manage my FIM MA account? Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

With regards to the first error, make sure you have the proper AD permissions delegated to the ADMA account you've specified. Another possibility is that this user is getting their security overridden by AdminSDHolder, see this thread to see if it applies: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/e81d4910-7988-4353-bb5f-99bcc9ba675c/?prof=requiredBrad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com

Thanks brad...spot on!!!! I just gave my adma account those permissions and it worked perfectly!! thanks you for the assistance. stu