Hello, I'm trying to setup inbound synchronization using AD as a connected source. I've followed the inbound synchronization guide and substituted HR file with AD MA. The intention is to create users in the FIM portal so that users can start leveraging the FIM portal functionality. When running the export run profile on the FIM MA i'm getting the following error messages: "failed-creation-via-web services" "failed modification via web services" Looking at the detailed error trace here's the output: There is an error executing a web service object creation request. Type: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException Message: Fault Reason: Policy prohibits the request from completing. Fault Details: <RequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"></RequestFailures> Stack Trace: at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request) at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Create createBody) at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource() Inner Exception: Policy prohibits the request from completing. I've used the powershell script to identify if all the MPRsare enabled and I;ve also enabled all the MPRs with "synchronization account" in the name. I'm at a loss on how to solve this. Any help will be appreciated. thanks Neil

Have you looked at the request queue yet? Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

sorry man where would I find the request queue? The objects exist in the MV and connector spaces in the MA.

On the FIM Portal home page, in the navigation bar, click Search Requests. Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Found a couple of denied requests. "update to person: 'administrator' Request: Denied "Create Person: 'Jimmy Bischoff' Request: Denied Any thoughts on where I go from here?

Are you sure, you did run this script?If not, you should run it now.The script will tell you, which MPRs you need to enable. For example, it sounds like "Synchronization: Synchronization account controls users it synchronizes" is disabled on your system. Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

i totally did. Here's what I get when i run the script: "your current MPR configuration meets all the requirements".

That's weird - but anyway :o)What we know is that there is at least one MPR blocking you. So, what is the state (enabled / disabled) of "Synchronization: Synchronization account controls users it synchronizes" in your environment? Cheers,Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

I nuked the VM and reinstalled the bits and it seems to be working. I've got an issue with Outbound sync now and will create another post. thanks for your help.

When I checked this state, it was enabled but there was a list of attributes to update and it did not match the attributes of the current resource type "Person", I check all attributes (to save time) and the error went away. Also the search requests allows you to drill down to see which MPR is blocking (denying) the update, won't let you update it there but that is just a few clicks away. Your mileage may vary...