Hello, I am setting up a test enviornment where i am importing data from a HR data source, exporting it into the FIM Database and then Export it to AD. I have an issue where once the user is exported into the FIM database the MPR rule stays in a pending state under the properties of the user. I have completed sveral full imports, Syncs etc with no change. Same thing happens when i create a new user in the FIM Portal. Have i missed something or is the below settings incorrect Here are my settings Management Policy Rule Configuration Name AD User Provision MPR Description Created Time 17/06/2011 Type Request Grants Permissions False Disabled False Requestors and Operators Requestor All People Operation Create, Modify Target Resources Before Request All Active People After Request All Active People Resources Attributes AccountName Policy Workflows Type Display Name Action AD User Provision AD Export Sync Rule Synchronization Rule Configuration Name AD User Export Description Created Time 17/06/2011 Precedence 1 Data Flow Direction Outbound Dependency Scope Metaverse Resource Type person External System AD External System Resource Type user Relationship Create Resource In External System True Enable Deprovisioning False Relationship Criteria ILM Attribute Data Source Attribute employeeID employeeID Initial Outbound Attribute Flows Allow Nulls Destination Source false dn +("CN=",lastName,"\, ",firstName,",OU=Test,OU=Users,DC=TestDomain,DC=com") false userAccountControl Constant: 514 false unicodePwd Constant: P@ssword! Persistent Outbound Attribute Flows Allow Nulls Destination Source false sAMAccountName accountName false employeeID employeeID false givenName firstName false sn lastName false displayName displayName false dn +("CN=",lastName,"\, ",firstName,",OU=Test,OU=Users,DC=TestDomain,DC=com") HR Import Sync Rule Synchronization Rule Configuration Name HR Data User Import Description Created Time 17/06/2011 Precedence 1 Data Flow Direction Inbound Dependency Scope Metaverse Resource Type person External System HR Data External System Resource Type person Relationship Create Resource In FIM True Relationship Criteria ILM Attribute Data Source Attribute employeeID EmployeeID Inbound Attribute Flows Destination Source employeeID EmployeeID firstName FirstName lastName LastName accountName UserID displayName +(UpperCase(LastName),", ",FirstName) WorkFlow Workflow Configuration Name AD User Provision Description Created Time 17/06/2011 Workflow Type Action Run On Policy Update False Synchronization Rule Name AD User Export Action Add

Hi BlueMan - Please explain your logic for using a 'Request' MPR rather than a 'Set Transition' MPR. Please also explain your logic for flowing two (different) DNs in your ADDS provisioning OSR. Cheers, MMS_guru Identity & Metadirectory, Hewlett-Packard UK Hi MMS_Guru, I am testing out a Request MPR because eventually i will be setting up notifications and authorization. But first i need to get the MPR to provision the user in AD before i start making all these changes. I madea mistake with the two different DNs i will edit the post above and fix it. Thanks

Have you enabled 'Synchronization Rule Provisioning' in the Sync Engine? Please check that this is turned on in Tools > Options in the Sync Engine. Locate a person object in the FIM MA CS, click Preview & Generate Preview. Is there anything obviously causing provisioning to fail in the Preview UI..? Cheers, MMS_guru Identity & Metadirectory, Hewlett-Packard UK

Yep Synchronization rule provisioning is enabled. In the preview view it displays Connector Updates - Random numbers - FIM Management Agent Export Attribute Flow All Attributes applied expect for ObjectSID No errors have been reported

Are you flowing the ExpectedRulesList attribute in the FIM Service MA? Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

thanks ms_guru, no, i'm not flowing the expectedrulelist attriute in the FIM service. SHould i? I do see a few in the MV but they are only created when a new object is made and have a status of pending. thanks

The 'ExpectedRulesList' attribute should be configured on the FIM Service MA. For the [FIM Service] 'Person' object to the [MV] 'person' object, flow ERL into the MV. The Sync Engine uses the ERL to determine which SR to apply to MV objects. Cheers, MMS_guruIdentity & Metadirectory, Hewlett-Packard UK

Thanks MMS_guru that solved it. Legend