Hello. I import user and group data from FIM using FIMMA into the metaverse using FIM Synchronization Service Manager. All user data (also objectSid attribute) is correctly present in the metaverse and in the FIMMA Connector Space. When I run export on ADMA to export data in Active Directory, an error appear for every object which are being exported: cd-error. Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM). Every object compairs with export error in the Connector Space of ADMA (objectSid appears within export in progress attributes) and if I try to Validate Object Against Schema compares another error saying Cannot modify read-only attribute 'objectSid'. Moreover, if I try to create objectSid <- objectSid export flow (direct or advanced) for users and groups in ADMA, a message says me that objectSid is read-only. How can I resolve this problem? I'm not able to export anything..

GreenMP, it looks like you are attempting to export the objectSid attribute to AD DS.. The directory service is responsible for setting objectSid when an account is created. Remove the objectSid attribute from your Export Attribute Flow in your OSR. Cheers Tom Houston, HP Enterprise Services - UK Identity Management Practice

In addition to Thomas his remark, this might be interessting to read: How to Provision Users to Active Directory Domain Services http://setspn.blogspot.com