MIM 2016: Outbound Synchronization without ERE and DRE

Expected Rule Entry (ERE) and Detected Rule Entry (DRE) can be an operational load to maintain. On top of that, it clogs up your MV and and FIM service MA! Now you have got some 1000’s of objects to sync when you do a Full Sync. So lets talk about how to live the Outbound Sync life without them.


When you create the Outbound sync rule chose the option down below (Apply Rule) to use scoping filter rather than synchronization rule. Then on the next page you must select a scoping filter. Remember the filter is to specify what you want to be synced not what you don’t want.If you want an IsPresent say you want to sync every Person use

csobjectID notStartsWith %


When you create the outbound attribute flows, do not check the “Use as Existence test”

Cleaning up ERE and DRE

So you have converted your Sync Rules to non DRE and non ERE. To delete the DRE and ERE, remove the MPRs and workflows created for the Synchronization rule policy. Then Create two MPRs that gives you rights to delete ERE and DRE, Target set will be the All DRE and ALL ERE. Then go to PS

$obj=search-resources -Xpath “/ExpectedRuleEntry”

$obj2=search-resources -Xpath “/DetectedRuleEntry”

Remove-resources -resourceobjects $obj

Remove-resources -resourceobjects $obj2

If you have 1000s (which you probably do) then you may want to do the remove in batches. See my blog on how to do batch composite operations.

Use Remove-resources -ResourceObjects $ObjsToDelete for each array collection you have to delete

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s