Hi All,
I am using FIM Sync Manager to synchronise various attributes between our domains. We have several logon domains and one resource domain. The resource domain contains disabled accounts with the user's mailboxes, these are linked to the user's logon domain accounts for authentication. I can use the common sid attribute between the 2 as a basis for my join rules in FIM and this allows me to sync other attributes back and forth.
This is all working fine, however . . . when a user moves from one part of the business to another (ie change of job role) which means they change logon domain I am having a problem. The user has a new logon account created and the Exchange admins re-link their existing resource domain account to this new account. In real terms this rewrites the resource domain account's msExchMasterAccountSid attribute with the objectSid attribute from the user's new logon account. My join rule in FIM is based on these 2 attributes, however the change does not cause FIM to disconnect the accounts, even though they don't match (and there is a new match) the old logon account keeps the resource account joined.
Question is, how can I go about making FIM disconnect these accounts once the join rule that brought them together is broken.
Thanks for reading.
Steve