Hello,

I'm not sure of the best way to explain this, but here goes.  Simple HR, FIM Portal, AD system.  The HR and AD MA sync rules are defined in the portal.  The AD rules are MPR based.

I have data flow from HR, into the metaverse and back out to the portal.  All that looks good.  But, the ADMA doesn't even appear to be recognized by FIM.  The syncs generate no export flow for the ADMA.  The ADMA discovery import works, so it doesn't appear as if it's an authentication issue.  If I run an AD full sync or full export, the only objects that show up even identified are those associated the the OUs identified during the discovery import.

Now, I will say that I don't think Kerberos in properly configured on this environment.  I'm working on that.  But, I wouldn't think Kerberos would prevent object from flowing from the metaverse into the ADMA connector space.  I have a sneaking suspicion this is and MPR/Workflow/Set issue.  But, everything related to those looks fine.

Looking for ideas.

Thanks in advance,

Greg

Hi Greg,

If your AD Sync rule is MPR based, you need to ensure that users are triggered by the MPR and FIM creates one ERE per users, to apply the AD sync rule. You also need to put this ERE into the metaverse. Last check is look at the FIM Sync engine options (Tools menu > Options), and check the box "Enable Synchronization Rule Provisioning"

Regards,

Thanks Sylvain,

I knew there was a setting I missed, but forgot where is was.  The ERE were being generated and in the metaverse.

Greg

• Edited by Greg Wilkerson Wednesday, January 28, 2015 2:01 PM