Another question... Do objects have to exist in the FIM Portal for outbound sync rules to apply? Or am I doing something else wrong here? I'm importing contacts from a SQL table and exporting to AD. I don't need to manage them in FIM so I'm using an old-style provisioning extension. However I wanted to do the flow rules in FIM. I created inbound and outbound rules. The inbound (from SQL) work fine - the outbound (to AD) do not. My CS objects are created and joined, however they only have the minimal attributes I included in the prov code (dn, cn and employeeID). I expected all the other attributes to be populated by the outbound flow rules - however they are "Not Applied". Here's a copy of the outbound rule: Synchronization Rule Configuration Name Export-AD_Contacts-Companies Description Created Time 04/10/2009 Precedence 1 Flow Type Outbound Dependency Scope Metaverse Object Type customer-company Data Source AD_Mydomain_Contacts Data Source Object Type contact Relationship Create object in FIM False Create object in Connected System False Relationship termination False Relationship Criteria ILM Attribute Data Source Attribute contactID employeeID Persistent Outbound Attribute Flows Allow Nulls Destination Source false company company false displayName displayName false mail email false targetAddress email false telephoneNumber telephoneNumber false streetAddress address And here's what I see in a preview: Not Applied,telephoneNumber,sync-rule-mapping - direct,telephoneNumber,,(Unchanged) Not Applied,email,sync-rule-mapping - direct,targetAddress,,(Unchanged) Not Applied,email,sync-rule-mapping - direct,mail,,(Unchanged) Not Applied,displayName,sync-rule-mapping - direct,displayName,,(Unchanged) Not Applied,company,sync-rule-mapping - direct,company,,(Unchanged) Not Applied,address,sync-rule-mapping - direct,streetAddress,,(Unchanged)http://www.wapshere.com/missmiis

Hi Carol! You can't define declarative outbound sync rules for objects not residing in FIM DB, because you wont get any ERL's created for objects outside FIM DB. http://technet.microsoft.com/en-us/library/dd239141%28WS.10%29.aspx Edit: Of course you can define them but they wont work... //Henrik Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

I had not at all understood that I needed an ERL for an outbound flow rule - I thought I only needed an ERL for provisioning. I'm confused because I was sure I had outbound flows without provisioning in RC0. But of course I had to blow away my RC0 lab to build RC1 so I can't check. I'm also confused because I don't see how it is detecting the rules at all if it needs an ERL. It is detecting the rules - it is just not applying them. http://www.wapshere.com/missmiis

The ERL attribute of an identity object is a computed multi-valued attribute that enables the synchronization process to locate the right set of outbound synchronization rules that need to be applied to it. To calculate the value of the ERL attribute, a metaverse object must be brought into the FIM 2010 Service database. This means you must at least have had your objects within the FIM DB for making the outbound sync to work regardless provisioning or not. //Henrik Henrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

The ERL values enable the synch engine to find the the outbound synchronization rules that need to be applied to an object.Since outbound attribute flows are defined in an outbound synchronization rule, you need an ERL to get them applied to your object.In RC0, you had to do the same thing.I don't get your last point.Could you please clarify?You might want to take a look at the "Introduction to Outbound Synchronization" for more details.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation

Markus I have been through that document, but still ended up with the impression that ERLs were part of the provisioning process, and not part of the flow rule process. My last point: what I'm trying to say here is that if I needed an ERL to link to the sync rules then how has it found the sync rules without the ERL? If no sync rules at all appeared in the preview then that might have been a clue that another step was needed. However the sync rules are listed - they are just "Not Applied". I think this is confusing, and I'm prepared to bet that if I'm confused I won't be the only one. http://www.wapshere.com/missmiis

Because the sync rules exists in the sync engine and the sync rules points to the object type, connected system, etc. but without ERL on the objects you will get "Not applied" since there's no link from your objects to the sync rule. //HenrikHenrik Nilsson Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

Yes, obviously I can see that now. However if you search for "Not Applied" at the moment you find nothing at all that explains what it means. I'm sure more troubleshooting tips will be added to the documents before RTM.http://www.wapshere.com/missmiis

Hello I just found this interesting thread about the "Not applied" behaviour without ERE linked to a resource I am really surprise about this because, if I understand well the point, this means FIM cannot flow attribute without provisioning ?! So how to flow attribute when account are only linked by a join rule (Outbound Sync Rule without creation in the datasource) ??? There is case were customers use FIM as synchronisation engine but still provision account in external process, how can they do if they want to use the FIM portal as consultation or to edit accounts ? If there is no way to create ERE like enable provisioning from FIM, this means that for this scenario we must use classic flow ? This is a really bad point for FIM... Fabrice

You're correct but you need to understand how outbound sync works. When a MV object has been "touched" either by a full sync or a delta sync - change or add, provisioning will always be executed for that object and after that the outbound attribute flow will be performed. Provision doesn't necessarily create a new object, it will only do that when the object doesn't have a connector in the targeted system. It doesn't matter if the target CS object is joined or provisioned all that counts is if it's a connector or not. http://technet.microsoft.com/en-us/library/ff608273%28WS.10%29.aspx //Henrik Henrik Nilsson, ILM/FIM MVP Blog: http://www.idmcrisis.com Company: Cortego (http://www.cortego.se)

Well This precise case just blow up all I think to know about FIM There is abolutely no need to provision object from FIM to add ERE to a resource. But you need to add ERE to enable Attribute Flow from a sync-rule-mapping mapping type. If you skip this step you obtain the "Not applied" status in your outbound... Fabrice Note: I didn't delete my previous comment because it could be usefull, but if moderation think different I won't be angry ;)