HI I am using FIM 2010 for GAL sync purposes. it involves multiple sites. When I do export for one of these sites; duplicate contacts get created!. here is what I mean Source AD: user1, user2, Destination AD: user1, user1(1), user2, user2(2) I expect to see user1, user2 contacts on the other side however I get duplicates of them when I run the agent again. What gives? Thanks you

KMan, This usually happens because of one of two reasons: -You have existing contacts and you ran sync on MA with source mailbox objects, then ran exports on MAs with existing contacts. Correct next step instead of export would have been to run sync on target MAs, and then run export. GALSYNC solution includes a mechamism called 'transient provisioning', which helps in DR situations but can cause problems during initial load if run profiles aren't run in correct order. -You are exporting to Exchange 2007/2010 environment which does not have RUS. To imitate what the RUS used to do, ILM/FIM runs powershell cmdlet called 'Update-Recipient' which populates legacyExchangeDN. If this fails for any reason, then target contact is created but this attribute is not populated. Subsequent import and sync on this MA will result in object being disconnected due to filter(which looks for legacyExchangeDN). This now results in 'existing object' now being present in target MA. Provisiong routine sees this object as disconnector and makes new object with () characters(department attribute value if it exists, numerals otherwise). As long as Update-Recipient continues to fail, this cycle can continue. I have seen customers who have objects with (998) in them. I hope this helps Glenn Zuckerman, Microsoft Support

Here is what I do when it comes to run order. am I doing it wrong? Initial sync: 1. Full import stage only 2. Full sync 3 export 4. delta import Subsequent syncs: 1. Delta import stage only 2. delta sync 3. export 4. delta import

KMan, Are these runs all on one MA? If update-recipient is failing, then even if you run these in the right order it will create duplicates. And this would fail under initial load scenario only if you have existing objects. If you didn't have existing contacts already, then this is a moot point. Glenn Zuckerman, Microsoft Support

Yes. On one of the MAs. During initial sync; there are no duplicates on the other site. So contacts do get created (user1, user2) But subsequement ones create user1(1), user1(2), user2(1), user2(2) Is there anything on Exchange 2007 (remote site) that needs to be checked? Btw; the site that I see duplication on runs exchange 2007.

Yes. On one of the MAs. During initial sync; there are no duplicates on the other site. So contacts do get created (user1, user2) But subsequement ones create user1(1), user1(2), user2(1), user2(2) Is there anything on Exchange 2007 (remote site) that needs to be checked?

Look at app log on Sync server, it should show per-object events if update-recipient is failing. Also, check 'configure extensions' for the MA that has these dups in it, verify that the checkbox for Exchange provisioning is checked. Glenn Zuckerman, Microsoft Support

How do I know that "Update-recipient" is failing??? Yes. On one of the MAs. During initial sync; there are no duplicates on the other site. So contacts do get created (user1, user2) But subsequement ones create user1(1), user1(2), user2(1), user2(2) Is there anything on Exchange 2007 (remote site) that needs to be checked? Note 1: The site that I see duplication on runs exchange 2007.

Would you please tell me how can I find out if update-recipient commandlet is successfully running or not? I get this message in event log during export. Does it have something to do with this? Event ID: 6500 There is an error in Exch2007Extension AfterExportEntryToCd() function when exporting an object with DN CN=user...... Event ID: 6801 "Microsoft.MetadirectoryServices.ExtensionException: Failed to reconnect to Active Directory server remotedc.domain.local. Ensure the server is available and that you are using valid credentials.