Hi All, I’m currently in the process of creating a prototype FIM 2010 system in our Lab environment using the various “How do I…” guides from the Microsoft FIM Documentation for direction. So far, I have three Management Agents: the FIM MA, an AD MA and an SQL MA. The AD MA was used initially to import existing users from the Active Directory in to FIM but, using the “How do I provision Users to AD DS” document as a guide, it is now used to provision new accounts created in the FIM Portal or using data imported from SQL. Any of the new user accounts that have been created by the AD MA can also be modified in Active Directory by making changes to them either in the FIM Portal or by altering an attribute flow (in the Sync Rule for example). This, for the most part, is what I want… …but there’s a problem: All of the above works ONLY on new accounts that have been created by the AD MA either from the portal or from the SQL data. Any changes made in the FIM Portal to the existing accounts that were imported FROM the Active Directory are not provisioned by the AD MA back into the Active Directory. This, I believe, is because the Outbound Sync Rule that is used to flow data to the Active Directory is not listed under the “Expected Rules List” for the users that were imported from the Active Directory even though they are members of the appropriate set. How do I bring the users that were imported from Active Directory into the scope of the Outbound Sync Rule referenced in the Expected Rules List? Cheers, Graeme

It sounds like your assessment is correct. To distribute outbound changes, an object must be in the scope of a related outbound synchronization rule. The answer to your question depends on how many affected users you have. For a few users, you could just delete them in FIM and get them reprovisioned - this approach assumes that these accounts do satisfy the trigger you have configured to bring an object into the scope of the related outbound synchronization rule. Another method is a temporary set that is triggered by an operational change. This could be something like a specific value of the description field. In this case, you would have to apply a change to the affected objects in AD. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Thanks Markus, your second suggestion was the one that worked for me… Much obliged, Graeme