Yes, I have those attributes in the Inbound flow.

Now, in the Outbound flow, when I am selecting member --> member as the initial flow only, I am getting the error: "An initial flow contains a reference attribute as its source value. Initial flows cannot contain reference attributes."

Without setting that initial flow (in the Outbound flow), the Inbound flow is not working as we want.

Also to let you know, I want to pass the members, owner etc. (required values) while creating a group from FIM along with some optional attributes. The users may change the group membership and ownership (only if they want) from Exchange.

• Edited by Sam_1123 Monday, June 15, 2015 6:21 PM

Yes, I have those attributes in the Inbound flow.

Now, in the Outbound flow, when I am selecting member --> member as the initial flow only, I am getting the error: "An initial flow contains a reference attribute as its source value. Initial flows cannot contain reference attributes."

Without setting that initial flow (in the Outbound flow), the Inbound flow is not working as we want.

Also to let you know, I want to pass the members, owner etc. (required values) while creating a group from FIM along with some optional attributes. The users may change the group membership and ownership (only if they want) from Exchange.

• Edited by Sam_1123 Monday, June 15, 2015 6:21 PM

I was just wondering if there was a way around. Thank you for your help and all the input.

• Edited by Sam_1123 Monday, June 15, 2015 7:29 PM

I was just wondering if there was a way around. Thank you for your help and all the input.

• Edited by Sam_1123 Monday, June 15, 2015 7:29 PM

Yes, I do want AD to override. Initially, some administrator will create a group with all its members and owners and the owner will manage the group (add/delete member) later in Exchange/AD.

• Edited by Sam_1123 Monday, June 15, 2015 7:41 PM

Yes, I do want AD to override. Initially, some administrator will create a group with all its members and owners and the owner will manage the group (add/delete member) later in Exchange/AD.

• Edited by Sam_1123 Monday, June 15, 2015 7:41 PM

I am looking to establish the following scenario.

I have two MA's: FIMMA and ADMA

I want to create a Distribution Group through FIM Portal (FIMMA). Also I want to make all the changes to the group only through the AD (NOT through the FIM Portal). I have created both Outbound Sync rules (to push the group to AD upon creation) and Inbound Sync rules (to push the changes to the FIM Portal).

Since I want to make all the changes to a group through AD, I have set ADMA with higher precedence than FIMMA for the Group attributes. This is pushing the group to the AD, but not pushing the attribute values. This happens similarly the other way if I change the precedence. If I set equal precedence, I am able to push the group with all the attributes to the AD, but the changes in the AD is not pushed to the MV. 

I am little confused at this point. Is there a way to handle the situation? Any help will be much appreciated.

1.  If all you want FIM to do is create the group, then you have the Sync Rule with initial flow only.

2.  You need a sync rule for Inbound Flow in AD MA with the rest of the attributes.  Precedence is not even in question here.   You create in FIM and update in AD.

3. If this is not clear enough, please provide some screen shots of your configuration of MAs, and Sync Rules.

Thank you Nosh for your reply.

I have tried exactly what you have mentioned. I am able to create the group from FIM Portal and pass it to the AD. But the change in AD is is not seen in the MV after running DI/FI and DS on AD MA.

(I am not being to able to upload images)

1. Here is what happened, you create group in FIM, and say that AD has priority. Because you most likely are not flowing anything from AD to MV, then MV never sees the changes. The red arrow is flow from FIM to AD, which is FIM.  Green arrow is your flow that should come from AD to MV. Sorry about the shapes, not using any standards, just trying to illustrate. (Yellow figure is your group in MV. Red Arrow is flow From FIM Portal - FIM MV - AD.  Green Arrow is Inbound Flow from AD to MV.  If you want the information to be synched with FIM Portal, naturally you would need those attributes set as Export Flow in FIM MA)

2. To upload images, click the icon as seen and follow the prompts.

Yes, I have both the export and import flow defined in the in the Synchronization Rules.

WHen I am attaching the image and clicking on Submit, I am getting the message: "Body text cannot contain images or links until we are able to verify your account".

And for each attribute you care AD MA has higher precedence in MV, (1)?

What attributes exactly you are missing or are wrong in MV?

I care only about member, owner(msExchCoManagedByLink) and displayedOwner(managedBy).

Right not FIM MA has higher precedence (seeing in Configure Attribute Flow Precedence). This is preventing the Inbound Sync.

If I change the precedence, then I am not able to get what I want from Outbound sync rules.

On your outbound flow for AD, you need to set the attributes as initial flow. That means only create.  Then AD MA has higher priority and overrides them. 

While trying to apply that setting, I am getting this error:

"An initial flow contains a reference attribute as its source value. Initial flows cannot contain reference attributes."

You do not need those attributes in Outbound flow.  You only need DN, groupType, sAMAccountName. The rest will come from AD

Then how will the members, displayed owner and owners be passed to the AD/Exchange?  Also I am values for several other variables like email, delivContLength, msExchRequireAuthToSendTo etc.

You need to state your case in full and not assume we know what you are trying to accomplish.

These attributes (delivContLength, msExchRequireAuthToSendTo) are not required, unless your specific business case asks.  

Email is created based on mailNickName (Sorry mailNickName needs to be there in initial flow)

In short, anything you want to create in FIM , set in Outbound Flow as initial only.  The rest all goes on Inbound Flow from AD To MV.

Sorry for the confusion. For the organizational requirements, I have several attributes in the outbound sync rule. But, so that the owner can manage the group, he/she will make changes from the Exchange and I want only those attributes (member, owner and displayedOwner) back from AD to FIM. 

Perfect, those are the attributes you assign to Inbound Flow Only and you are OK. 

Yes, I have those attributes in the Inbound flow.

Now, in the Outbound flow, when I am selecting member --> member as the initial flow only, I am getting the error: "An initial flow contains a reference attribute as its source value. Initial flows cannot contain reference attributes."

Without setting that initial flow (in the Outbound flow), the Inbound flow is not working as we want.

Also to let you know, I want to pass the members, owner etc. (required values) while creating a group from FIM along with some optional attributes. The users may change the group membership and ownership (only if they want) from Exchange.

• Edited by Sam_1123 12 hours 55 minutes ago

Member does not belong in outbound if you want AD to manage it. Only inbound.

Is there a way that I can pass the members and owners while creation of the group and then later managed from AD?

1. As you found out, the reference attributes cannot be set as initial only

2. You cannot have it both ways, either FIM or AD have the authority, so even if this was possible, AD would override them, so what is the point?

3. You could, however, accomplish this only in Classical Rules Provisioning (Code)

I was just wondering if there was a way around. Thank you for your help and all the input.

• Edited by Sam_1123 11 hours 46 minutes ago

Yes, I do want AD to override. Initially, some administrator will create a group with all its members and owners and the owner will manage the group (add/delete member) later in Exchange/AD.

• Edited by Sam_1123 11 hours 35 minutes ago

1. Owner: Set owner in outbound (not as initial). FIM will have authority.

2. Member: Your requirement not work

Solution: Classical Rules (Code)