Hi, Just cant seem to get this happening... Im provisioning a security group to the AD...ive been following this help guide http://social.technet.microsoft.com/Forums/en/ilm2/thread/f09bc7d6-8a0f-484d-9038-1b54d8457e91 when i run the following run profiles to initialize i get the following outcomes, im not sure if theres a prblem so far except for maybe discobnnectors? Run Management agent Run profile result 1 Fabrikam FIMMA Full Import > 4 Adds 2 Full Synchronization > 4 Projections/4 Connectors w/flow updates 3 Export > 2 updates 4 Delta Import > 2 updates 5 Fabrikam ADMA Full Import > 1 add (my AD OU) 6 Full Synchronization > 2 disconnectors? It seems that i can provision synch rules and even my "test security group" appears in the metaverse....but when i come to running the AD MA run profiles nothing comes through...! One possibility is the below..i feel i should examine my AD MA..i wasn't to sure about the below line (can you confirm how i ensure this is done? Important: Ensure that you have an import attribute flow rule configured for the ExpectedRulesList attribute. hopfully you can understand where im at..because ive got no error messages as such (an am not sure how to output whats going on in more detail) i appreciate any help. if you need anymore detail i will try and provide it. stu

Stu, it is possible that provisioning is not yet enabled on your FIM Synchronization Service. Your best bet is to work first through the Introduction to Outbound Synchronization. This document walks you through all basic steps to get an object from FIM into an external system. You will also find instructions on how to verify whether you have an ERL flow configured. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus Sync rule provisioning is enabled the problem seems to lie with the AD MA...none of the run profiles have any effect when projecting the security group to the AD it is a bit frustrating. I have completed inbound and outbound synchronization docs aswell as projecting users to AD just having trouble with the users. stu

Stu, just making sure - your goal is to provision a group from FIM to AD - correct? If so, there is no provisioning activity taking place according to the table above. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Sorry Markus... i seemed to have described the initialization phase..its quite hard to describe where the problem may be alot of the time...is there a way i can out put all the profile run results into a report of some kind..maybe with a script.. i run these profiles when synchronising the user to the AD DS they dont seem to do anything..i think im just gonna delete it all and start again. Management agent Run profile Fabrikam FIMMA Delta Import Delta Synchronization Export Delta Import Fabrikam FIMMA Export Delta Import In my particular situation, i need to provisiong groups and users from an external source, through fim and into an AD...do you know of any more resources that can provide help with this process? stu

Stu, Looks like you are missing the definition of "Existence Tests" for some of the key attributes in your outbound sync rule. The attribute you might have defined for the joining/projection as part of the relationship criteria also needs to be marked this way. For example: You could choose samAccountName or EmployeeID for "Existence Test" for outbound user synchronization. For outbound group sync, you could chose samAccountName/dn for Existence Test. Let us know how that worked for you. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Found the problem..quite simple and cant believe i didnt notice...(must have just mindlessly gone through the "how to provision groups to ad" doc and not thought about it to much) anyway.. Im sure its documented elsewhere but there are two typos in the doc: 1. Got stumped after step 3 where it says "ensure you have an import attribute flow rule configured for the expectedruleslist attibute". this is a typo and dosent happen till a bit further into the how to guide. 2. the run profile sequence to provision the "test security group" to the AD are incorrect..the last 2 should be an export & delta import (confirming) to the AD management agent NOT the FIM MA...im sure this is just a copy/paste error, an i should of picked it up if id thought about it! .;) Thaks for everyones input. Cheers stu