Hi!

I have been asked to control 'Domain Admins' members in FIM.

For some reason, that I cannot figure out, the AD MA cannot see the membership of 2 specific users during import. The 2 users are in the connectorspace as user objects.

So, every time the MA exports I get an error, that the users are already members. But when importing, they are not there as members.

All other users in the group works just fine.

I guess it is a security problem, but I cannot figure out where the problem is.

anyone tried this?

Thanks,

Sren.

Do you have a filter preventing users from making it to the MV?

No both group and and all users are joined up just fine all the way from the Portal MA to the AD MA. And the problem is only in the import of the AD MA

/Sren

You through me off, when you said CS.  I thought they are not in MV.

Are you getting any errors??  Usually AD restricted security prevents you from adding/removing users from a group.  In that case, a very clear error appears.  "permission-issue".

Maybe you have 2 CS objects, one that is already a member and one that is trying to be added???

I believe you have an issue with order of operations.

No, I only have one CS object per user.

I only get an error when exporting (saying that the user is already a member). But the import does not show these 2 users as members.

/Sren

1. Do you have the OU where these 2 users live selected in Container Selection in AD MA

2. Does the user used to run AD MA have access to these containers and objects

Hello,

I think this is because the user is not directly a member of Domain admins Group, instead Domain Admins is set as a Primary Group on those 2 users.

In AD they seems to be in that Group directly if you check member of Groups but on Import they get not imported.

/Peter