I can't get a user in the AD cs to join up with a user in the MV. It tries to ADD the user to the AD cs. This is part of a data-migration and disaster-recovery test. I'm starting with one user before adding in more, so I'm only expecting one user to join. I've defined the join rule as below on the AD-MA. The error I get is: Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: An object with DN "CN=agadinapereira,OU=**,OU=Users & Desktops,OU=***,DC=***,DC=local" already exists in management agent "Active Directory Service Global MA". Is the acountName/samaccountname not a good join attribute? Should I use something else? The account-name in the MV entity matches up with the samaccountname in the ADMA, I've tripple-checked. I don't see why it's not joining... Any tips? Edit... A preview shows the SR relationship fails, but my join rule succeeds, yet I still don't get a join on a sync run... I'm going to try altering my SR relationship to be accountName/SamAccountName as well, see if that makes a difference...

Okay, changing the sync rule relationship to accountName=>SamAccountName has moved the goal-posts. It's now throwing this error: Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: An object with DN "CN=1000008473" already exists in management agent "Adapt Dev MA". But when I do a preview on this MA's CS object, I get the following: Adapt MA join looking okay: AD provisioning failing: It's all conflicting. One part saying the AD join is good, and the Adapt one bad, and then visa-versa. I don't understand. What could be wrong?

On which MA are you running the Full or Delta Synchronization step? Ideallity I think you have to run it on the AD MA, which has the object in it's CS, and has to link it up to an object in the MV. sAMAccountName - AccountName is good one to join I think.http://setspn.blogspot.com

Thanks Thomas... The entity exists in three CS' and was put in the MV by FIMMA. Here's my initialisation process: FIM Full import stage only AD Full import stage only AD-LDS Full import stage only Adapt Full import stage only 3x SQL MA's Full import stage only FIM Full Sync So the entity is put into the MV by the FIMMA full-sync. At this time Sync Rule Provisioning is OFF. Then I turn SR Provisioning back on and run this second part: AD Full sync AD-LDS Full sync Adapt Full sync 3x SQL MA's Full sync I'm expecting the AD and Adapt CS entities to join with the FIMMA/MV object. The migration/initialisation process is to insert the item into FIM via scripts and then have them link with AD and Adapt. It's done this way as not all resource types are in AD and Adapt has no inbound sync rules.

I had an inbound AD rule, which wasn't joining on account name, so I've changed that and it's looking in better shape, but failing on provisioning to the Adapt MA. Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: An object with DN "CN=1000008473" already exists in management agent "Adapt Dev MA".

Here is a similiar thread: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/36db6716-87c8-499a-b20d-35a96ecf56d8 Quote from Markus: To initialize your environment, you should first disable provisioning. Then, you should run full import stage only on all MAs - the order is irrelevant. The next step is to join your objects in the metaverse, which translates to a full synchronization. I would start with the MA with the highest number of connector space objects. As soon as this is done, you can enable provisioning again and run full syncs on all MAs to complete the initialization. SO you turned SR provisioning OFF, imported, enabled SR provisioning and synced. I think you need to have SR provisioning OFF all the time (until the joining is complete). Can you try that?http://setspn.blogspot.com

Sounds worth a go. This one entity is the only one that exists in more than one other CS, so I guess it makes sense to do a full sync on all MA's before provisioning is enabled. Thanks.

That's worked! Thanks Thomas. It makes complete sense now.