Hi everybody, I have a problem provisioning any kind of objects from an external source via the FIM portal to my AD. A week ago, it worked just fine when I followed the technet introduction to provisioning from two authoritative data sources. Now though, I have created a text file MA that imports "user" objects and another one that imports "position" objects. The provisioning to the portal works fine, only when running an import & sync on the FIM MA, there is no outbound synchronization to the AD MA (as there should be). I have set the attribute flow precedence to equal on the anchor attribute for person (which is employeeID), and I have configured the AD User synch. rule to inbound and outbound (with creating the resource in the external system). The respective MPR's Target Resource Definition After Request is set to "All Users and Groups". What seems strange to me is that provisioning to AD works fine when creating sample users in the portal. I suppose it's just a minor mistake but I don't see it... is anyone able to help? Thanks a lot in advance!

By any chance did you make the requestor for the MPRs the Administrator account? If so, that could be your problem. When creating object in the portal, you make the request as Administrator. When using sync engine, it would be in the context of Built-in synchronization account. If you want the MPR to apply to either case, your requestor's set should be set to a set that includes both of the above.

Hi, thanks for your quick reply - but no, the requestor set was specified to "all people". I tried creating another set only including the Admin and the Built-in sync. account and then setting it as the requestor for the respective MPR but that didn't work. Any other ideas?

For provisioning, you should use set transition based MPRs instead of request based MPRs - this is the recommended method. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

For the MPR, what do you have defined for the 'Resource Attributes' section of the Target Resource property page? On mine, I only configured a specific attribute, which was not being used when synchronizing from a different MA, and the MPR wouldn't fire in that case. I changed it to 'All attributes' so that all creation operations should apply and now I see the exepected rule entry for the proper outbound sync rule.

Hi again, thanks for your replies - it finally works. I suppose, creating another MPR that is set transition based instead of request based did the trick. @ Glenn and all those that have or might have the same problem as I had: I already had the problem with unprovisioned attributes once, therefore my target resource attribute was already set to "All Attributes".