Hello,
When we original setup FIM 2010 R2 we only had one domain (AD1). Our original inbound sync rule has a relationship criteria based on MetaverseObject:accountName = ConnectedSystemObject:sAMAccountName.
After a few months we added a second domain (AD2), which has a inbound sync rule based on MetaverseObject:ObjectSID = ConnectedSystemObject:ObjectSID.
Each end user has an account in both domains and the same username is used. Our problem occures when a user is pulled into FIM from AD2 first then the same username is added from AD1. Since AD1's relationship is based on accountName, it tries to join with the AD2 object which has the same username.
I believe a solution would be to add a second relationship criteria to AD1 which would be :ObjectSID = ConnectedSystemObject:ObjectSID
Does this sound like a possible solution? what happens to all the exisitng objects if i add a second relationship to an existing inbound rule?
Any information is appreciated.
thanks,
Josh