This isn't so much a question as something others might like to be aware of...
When you install the FIM Portal and configure metaverse->FIM user sync, supposing you use an account of which your FIM metaverse is already aware, the sync service will be unable to export your account to the FIM MA with an uniqueness constraint violation. This is because merely setting up the portal and service cause your AccountName, SID, etc., to be populated in the database.
This will express itself as a "failed-creation-via-web-services" with error detail thusly:
Fault Reason: The request message contains errors that prevent processing the request.
Fault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>ObjectSID</AttributeType><AttributeValue></AttributeValue><FailureMessage>The specified attribute value must be unique for this Resource Type.</FailureMessage><AttributeFailureCode>ValueViolatesUniqueness</AttributeFailureCode></AttributeRepresentationFailure></RepresentationFailures>
My solution was to search (cautiously) the FIMService database to figure out the conflicting account's anchor value:
select ObjectID from fim.Objects with(nolock) where ObjectKey =(select ObjectKey from fim.DomainAndAccountName with(nolock) where DomainAndAccountName = 'mydomain\my.user')
This returns a GUID you can use in the FIM Sync Service admin interface to search the FIM MA by DN/anchor and disconnect. Now you have a user disconnector in the FIM MA, so head over to the joiner tab, and link it up.
I keep wondering if I've done something wrong in the FIM setup to arrive at this situation, but it's happened in several clean installs following the documented guidelines.
--Steve