you want to link one CS Entry to multiple MVEntries, right?

I've got a very odd scenario where a resource-type called Team is not joining properly with AD entries. Teams are actually of type security-group in AD and I have a join defined for both groups and teams, as you can see in the screenshots below. The MV objects have the accountName attribute that I'm using to join on. In the flow errors for various profiles, I see errors where FIM can't join the AD entries and so says an entry already exists in AD, which it does, but I'm expecting it to join, But, when I view the MV object for these teams, I can see a successful join on the AD entities. What is going on? Why can't it join up, but it says it does? Is my join rule incorrect? I want to join groups as normal, but also groups to teams. Hopefully I've got enough info in the screenshots to make it clear: Also, I'm sure this is by design, but it just doesn't much sense to me; why do I see AD propagation errors when viewing result for run profiles to do with other systems, not AD? It's confusing and clutters the Sync Engine UI. I presume it's because syncs to other CS' are dependent on the AD entities joining somehow.

No, one to one.

sync-rule-flow-provisioning-failed looks like you have wrong declarative provisioning rule, what's in your 'use as object existance test' and relationship criteria?

Evgeniy, I have a relationship criteria set to a globally unique id we use, but thinking about this, this isn't what we need, we need to use accountName/samaccountname. I've changed this and am re-initialising to see if it works. I don't have any existence checks (anywhere). Thanks for the pointer :)

All good now, thanks Evgeniy. Oddly other team sync rules did have the right relationship criteria. I don't remember changing this single SR... Odd.