In a scenario similar to the one descirbed in "Publishing Active Directory Users from Two Authoritative Data Sources ", I forgot to tick the "Initial Flow Only" checkboxes for the attribute flows concerning dn, employeeID, unicodePwd and useraccountControl. As a result, the Expected Rule Entry objects were imported in the MV, but no user was created in Active Directory - no provisioning add to AD was present after a full synch. Checking the "Initial Flow Only" checkbox solved the problem. I noticed that the document states that "some attributes are required to be configured for initial flow only". What does that mean, exactly? My understanding is that dn, unicodePwd and useraccountControl should not be modified after creation, while the employeeID must be configured for initial flow only as it's the attribute used as relationship between the objects. Is this correct? is the attribute used as relationship required to be configured for initial flow only in order for things to work correctly? Thanks, Paolo

Almost :o)The initial flow has nothing to with whether something should not be modified or not.Initial flow means "minimum required to create an object + something".In case of AD, the minimumyou must initialize is the DN.It is hard to be more specific becauseminimum required to create an object is MA specific."+ something" are all attributes that are part ofyour relationship criteria.You can - and in some sceanrios, you even must - modify the uAC attribute since it dictates, for example, whether an account isenabled.You can flow unicodePwd in an EAF - whether this makes sense is a differnt question.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation

Hi Markus, thanks for your answer! What I actually meant with "should not be modified after creation", here, was that the attributes should not be modified by the same rule, i.e. avoid resetting the password because the phone number is changed :) Cheers, Paolo

Hello, PaoloJust a point about the "initial Flow".If you use ILM "2" RC0, You must create an account with mailbox during the creation (initial Flow).If you try to create an account without mailbox during first pass (initial Flow), After you cannot create the mailbox for this account during the second pass.This issue is still opened sinceILM "2"Beta3and it will be fixed after RTM. Regards, Eric

Hi Eric, that's an interesting point, thanks for sharing it and letting me know :) Cheers, Paolo