In FIM Agent -> Configure Attribute Flow I have automated configure setting: Export Type - sync-rule-mapping - expression Metaverse Attribute - (nothing is specified) Data Source Attribute - dn Why do I need this parameter? What it does?

Can you clarify what you're trying to do? Are you trying to automate the FIM MA confguration?CraigMartin Edgile, Inc. http://identitytrench.com

I create custom import agent from text file. In this text I manual configure DN for user in AD (position user in Active Directory). In metaverse I create additional attribute - "ad_dn" and link DN field from text file to this attribute. When I add new user entry to text file - FIM successfully create Active Directory user in specefied OU (by DN in attribute "ad_dn" in meteverse). My problem is: changes DN in text file for an existing user do not replicate to AD. My custom agent after full sync always try Outbound Synchronization to ActiveDirectory MA (Export attribute flow) and FIM MA(export attribute flow, provsioning adds, provisionong disconnects). All attribute sync update correctly from custom agent to Active Directory. How can I correctly configure export changes user DN to AD? Any examples? Export Attribute Flow (AD MA) -> Pending Export Tab. At each synchronization I see Modification type: update Object type: user Changes - add Attribute name - dn Old Value - <nothing> New Value - CN=User12,OU=FIMObject,dc=domain,dc=com Why Old value always <nothing>? Why in user class object does not have attribute DN? Why it worked in first time?

Here are more details about the rename scenario. In general, you will have to configure two attribute flow mappings on the ADDS side, to make DN updates to work. Also, you must complete an export by running a delta import + delta synchronization. This is also known as confirming import. If you don't do this, the system doesn't have enough information to calculate the values you are looking for. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

I found very strange solution http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/6095c934-33e8-4ee2-8333-b5e6ac9c701e/#4e9c98bc-319f-4d07-84c0-e31cde84bd77 and its work... FIM Portal -> Synchronization Rules ->AD User Sync Rule -> Outbound Attribute Flow Trim(ad_dn) -> dn after that my user in Ad rename\move correctly... why function Trim help me?

You should always "trim" string values before further processing them to avoid the potential risk of whitespace related issues. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Why not just sync attribute from metaverse with DN attribute in the Active Directory directly? This would be solved the problem Question - Why?, rather than as a different