Hi all, I have an outbound rule that should create users in AD; however, when I import and sync new users from FIM, the Expected Rule Entry objects' status attribute passes from Pending to Not Applied. How do you troubleshoot this kind of problems? Where can you get relevant information about why the rule was not applied? Until now I've done the following: - checked the attributes marked with initial flow only with this script (Using PowerShell to check the initial flow configuration of your AD MA). - checked the event log, couldn't find any information - enabled tracing and restarted the service, but couldn't find any information in the service logs either. Any suggestions? Thanks, PaoloPaolo Tedesco - http://cern.ch/idm

hi,did you manage to find a solution for this problem? i have the same problem/ThanksMM

Please post your synchronization rule.To do so, you can use this script.Instructions for how to post a synchronization rule on this forum are included in the description.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Paolo, Marie-Ange,do you have an update?Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Hi, Couple of things to check on the FIM MA: 1) Make sure the following object types are selected during the definition: ExpectedRuleEntry DetectedRuleEntry 2) Make sure the attribute flow is configured for the following attributes between the 'Person' object & its corresponding metaverse counterpart 'person' Flow Direction: Import ---> Source (Person Object Attribute: ExpectedRulesList) ---> Destination (Metaverse 'person' Object Attribute: expectedRulesList) This should help: http://technet.microsoft.com/en-us/library/ee534902(WS.10).aspx Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Sorry, James, but this doesn't really help at all...To apply EREs to a managed object, DREs are fully irrelevant.In fact, there is no relationship between EREs and DREs. Paolo and Marie-Ange have a status of “not-applied” on the ERE.This means, there must be an ERE flow configured – otherwise, you wouldn’t see an updated ERE status. This eliminates your suggestions as options. There are reasons for this status that are typically related to the OSR configuration.This is why I was asking them to post the current configuration.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Hi all, sorry for not updating this post before... Actually, in my case, the problem was just that I had not enabled synchronization rule provisioning . You can enable it from the Synchronization Service client: select Tools -> Options -> check "Enable Synchronization Rule Provisioning". I'm not sure if this option was present in previous versions, in any case it's something that you have to enable explicitly. Marie-Ange, I hope this helps... Cheers, PaoloPaolo Tedesco - http://cern.ch/idm

well it turned to be same thing for me... :) i forgot this click thanks a lot for your replyMM