We've got a red and orange administrator scenario in our company. In this case every admin needs two active directory accounts, the red and the orange one (red = domain admin, orange = less administrative privileges than domain admin). Now I have to build this scenario Using FIM 2010 RC1 Update 3. My test user created on the FIM portal needs to be provided into two active directory accounts in the same domain and the same ou. The difference between the red and the orange active directory user account are the samaccountname, dn, displayname and of corse the group memberships. I've created two different synchornization rules, two sets, workflows and MPRs. The provisioning of the user into a single active directory account works fine (never mind if it is the red or the orange one). But if I try to provide the user into both accounts the red one works fine and the orange one fails with the following stack trace (synchronization error: sync-rule-flow-provisioning-failed): Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: The partition filter criteria for management agent "Fabrikam AD MA" do not include an object with DN "CN=Orange Adm Sim Britta,OU=FIMObjects,OU=FIM,DC=im,DC=local" and object classes user. What's the problem? How can I manage that scenario?

You have either a typo in your DN, you haven't selected the related OUs in your ADMA configuration or you haven't imported the container structure from Active Directory into the ADMA connector space yet.Having multiple connectors from the same CS to a single metaverse object is not supported in FIM 2010.This is a known limitation. You will have to treat your accounts as separate accounts.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

There was a similar thread for ILM 2007http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/5e0fdb29-fbcf-40f7-9556-7a9623388912

Be careful with this - in ILM 2007, you can have multiple connectors from the same CS - so, this is not the same.Cheers,Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Thanks for your extremly fast answer! As you said the DN was the problem ;-)