I've got a strange issue which I can't seem to work out why it's happening.
Setup is single domain pair from Domain A to Domain B.
Domain B already has a pre-created accounts based on the accounts in Domain A. This is done using FIM. So, effectively, Domain B has a clone of domain A accounts, but not all attributes.
I have a Dir Sync setup focused on one OU (and subtree) in Domain A and will only sync objects if that object has ExtensionAttribute3 set. The sync is setup to skip certain attributes because they are already synced using FIM. sAMAccountName is one of the attributes being skipped.
The domain pair was initially setup to Object Match on SID History and Email.
Adding a value to the ExtensionAttribute3 in Domain A, in the source OU, syncs the account attributes from Domain A to Domain B.
That all works fine. If I make a change to an account in Domain A covered by the sync setup, it gets replicated across.
However, under Domain A source OU, I have accounts that don't have a primary SMTP address and thus when I set ExtenstionAttribute3, they don't get synced to Domain B. This, I expect, is because I have only got Object Matching on SIDHistory and Email.
With this in mind, I turned on AccountName object matching. Since the same sAMAccountName exists in both domains. Having turned this on and run an initial sync, I still do not get these accounts synced across. The service attributes are not set.
If I try and do a migration session on one of these accounts, I get the Conflict of attribute for sAMAccountName. If I skip sAMAccountName in the migration session, it creates a new account in target domain with a $ random number sAMAccountName. In the DSA log it still complains about a conflict. Well, there will be, as both domains have the same sAMAccountNames.
I don't understand why since I have enabled AccountName matching, the sync isn't working and also when I do a migration session (with merge account don't create new), it insists are on creating new.
What have I missed?
Many thanks for taking the time to read this, if you got this far