Hi I have an outbound sycn rule to provision security groups in AD, the rules works and I'm able to provision the group in AD. However, regardless of what I select for the group type, it alwasys creates global group in AD. I have the following custom expression in my SR for grouptype attribute. IIF(Eq(type,"Distribution"),IIF(Eq(scope,"Universal"),8, IIF(Eq(scope,"Global"),2,4)), IIF(Eq(scope,"Universal"),-2147483640, IIF(Eq(scope,"Global"),-2147483646,-2147483644))) Any idea on this?

My first suggestion would be to validate the actual export value that you're getting. Based on your logic I am seeing the following results (which appear to be nested correctly): Universal Distribution = 8 Global Distribution = 2 Local Distribution = 4 Universal Security = -2147483640 Global Security = -2147483646 Local Distribution = -2147483644 Things I would be looking for (which you may have already done): Are you always getting a global Distribution Group or a Global Security Group? (validates that the type attribute in the Metaverse is set correctly). Are the attributes in the metaverse set correctly so that the two values are present as expected for the group? (validates that the scope attribute is set correctly.) Case sensitivity issues? (I would expect if this was an issue, nothing would evaluate as true which appears to be the case with the "Global" scope and your groups would be set to "local") Granted based on the logic you've provided I wouldn't expect the scope to always be global unless you had explict values set to that effect in the metaverse. Because in both cases, the "global" setting has to evaluate true in order for the "global" value to be applied. Hope this is of some help. But the logic does seem correct at first blush. B

Thanks Blain.... I got it working. I missed an import attribute flow for the "type" attribute when I created the FIMMA. I just added the "type" attribute and it started working. Thanks so much.

My first suggestion would be to validate the actual export value that you're getting. Based on your logic I am seeing the following results (which appear to be nested correctly): Universal Distribution = 8 Global Distribution = 2 Local Distribution = 4 Universal Security = -2147483640 Global Security = -2147483646 Local Distribution = -2147483644 Things I would be looking for (which you may have already done): Are you always getting a global Distribution Group or a Global Security Group? (validates that the type attribute in the Metaverse is set correctly). Are the attributes in the metaverse set correctly so that the two values are present as expected for the group? (validates that the scope attribute is set correctly.) Case sensitivity issues? (I would expect if this was an issue, nothing would evaluate as true which appears to be the case with the "Global" scope and your groups would be set to "local") Granted based on the logic you've provided I wouldn't expect the scope to always be global unless you had explict values set to that effect in the metaverse. Because in both cases, the "global" setting has to evaluate true in order for the "global" value to be applied. Hope this is of some help. But the logic does seem correct at first blush. B