Hi. My general user flow is: HR -> FIM -> expected rule to AD -> AD account. Now, I have a number of users that are already in AD. The users are joined to the MV object created by HR. No expected rule yet. But when the Expected rule is created, the sync engine tries to make a provisioning to the AD MA, even though there already is a ojects in the CS. Is there any settings for checking the CS before provisioning? Thanks.

Hi Soren, To be able to join the AD account you must create an Inbound Sync Rule with the same relathinship parameters and set this rule with higher precedence than the Outbound Sync Rule. Doing this when you Run a Synchronisation from FIM Sync Service the objects will be joined and provisioning occur only for account with no match in AD. Hope this helps Fabrice

Hi Soren, Once all your synchronization rules are loaded into the Metaverse, use the preview on one of the problem entries. I have seen in one of my environments that the relationship criteria were failing and my "inbound" rules which joined the entry did not function correctly. Once you have confirmed that the rules are joining correctly (or you have configured classic join rules), run a full synchronization on AD to get everything joined up correctly. If you run a synchronization on another MA, it only checks the export attribute flows and therefore, doesn't actually try to do a join within the context of the AD object initially. This may be part of the issue you're having. Try adjusting the order of operations as you may want to do something like: Run the import from the HR system Run the synchronization with AD to have the inbound rules applied and the connectors joined to the MV entry created by HR (Remember, inbound synchronization rules are applied when the synchronization is run on the MA and the objects fall within the defined scope of the declarative rule. Therefore, the joins should occur if the appropriate data is present). Export the objects to the portal where the outbound rules are applied with the MPRs. Import the updated FIM service objects and associate EREs Run the synchronization on the FIM service MA which will then try to apply the outbound rules. Thanks B

This should not happen. The provisioning logic checks whether there is already a confirmed connector. If you can repro this behavior, you need to contact CSS since this an unexpected behavior. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation