Hi,

We are running FIM 2010 R2 Sp1 (build 4.1.3613.0)

Also running Windows 2008 R2 Forest and Domain functional level environment. (Windows Server 2008 R2 SP1 on all DCs). The previous Recycle Bin hotfix https://support.microsoft.com/en-us/kb/979214/ fails to install since we are already running WS08 R2 SP1 on all the DCs.

During deprovisioning, when a user is deleted from the source HR system, FIM deletes the object from AD, FIM Sync & Portal.

FIM also manages a FIM Portal group, where membership is assigned manually. This membership is then updated in AD.

When a user (who is part of this group) is deleted in HR, FIM deletes it from AD, FIM Sync, FIM Portal, FIM also removes user from FIM Portal group. The user is also removed from the AD group (by FIM group object membership attribute flow to AD)

...however, on the next AD Export, FIM fails to update the same group and complains about this very same user (CD Error) and lists the user as: CN=username\0ADEL:GUID, CN=Deleted Objects,DC=domain,DC=com

It appears that there is a problem with FIM and the Recycle Bin again?

Are there any new Recycle Bin/FIM hotfixes ?

Thanks,

SK

May I suggest you review the following:

1. Is the AD MA user account part of the Domain Admins group? If yes, please remove it from this Group
2. Verify that the "CN=Deleted Objects" container has not somehow been included in the AD MA OU scope

• Edited by T Zukowski 3 hours 55 minutes ago

May I suggest you review the following:

1. Is the AD MA user account part of the Domain Admins group? If yes, please remove it from this Group
2. Verify that the "CN=Deleted Objects" container has not somehow been included in the AD MA OU scope

• Edited by T Zukowski Monday, March 23, 2015 3:25 AM

May I suggest you review the following:

1. Is the AD MA user account part of the Domain Admins group? If yes, please remove it from this Group
2. Verify that the "CN=Deleted Objects" container has not somehow been included in the AD MA OU scope

• Edited by T Zukowski Monday, March 23, 2015 3:25 AM