On 23.05.2012 16:46, plummb wrote:
....
> [05/23/12 10:24:57.853]:mehealth domain ST: Evaluating selection
> criteria for rule 'Rename'.
> [05/23/12 10:24:57.853]:mehealth domain ST: (if-operation equal
> "rename") = TRUE.
> [05/23/12 10:24:57.854]:mehealth domain ST: (if-association
> associated) = TRUE.
> [05/23/12 10:24:57.855]:mehealth domain ST: Rule selected.
> [05/23/12 10:24:57.855]:mehealth domain ST: Applying rule 'Rename'.
> [05/23/12 10:24:57.856]:mehealth domain ST: Action:
> do-set-dest-attr-value("sAMAccountName",token-src-name()).
> [05/23/12 10:24:57.857]:mehealth domain ST:
> arg-string(token-src-name())
> [05/23/12 10:24:57.857]:mehealth domain ST: token-src-name()
> [05/23/12 10:24:57.858]:mehealth domain ST: Token Value:
> "WMH OHC".
> [05/23/12 10:24:57.858]:mehealth domain ST: Arg Value: "WMH
> OHC".
> [05/23/12 10:24:57.859]:mehealth domain ST: Action:
> do-set-dest-attr-value("UserPrincipalName",token-src-name()+"@mehealth.org").
> [05/23/12 10:24:57.860]:mehealth domain ST:
> arg-string(token-src-name()+"@mehealth.org")
> [05/23/12 10:24:57.860]:mehealth domain ST: token-src-name()
> [05/23/12 10:24:57.861]:mehealth domain ST: Token Value:
> "WMH OHC".
> [05/23/12 10:24:57.861]:mehealth domain ST:
> token-text("@mehealth.org")
> [05/23/12 10:24:57.862]:mehealth domain ST: Arg Value: "WMH
> OHC@mehealth.org".
> [05/23/12 10:24:57.863]:mehealth domain ST: Evaluating selection
> criteria for rule 'Rename Event - Update/Add proxyAddress'.
> [05/23/12 10:24:57.864]:mehealth domain ST: (if-class-name equal
> "User") = FALSE.
> [05/23/12 10:24:57.865]:mehealth domain ST: Rule rejected.
> [05/23/12 10:24:57.865]:mehealth domain ST:Policy returned:
> [05/23/12 10:24:57.865]:mehealth domain ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Standard" version="4.0.1.1">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <rename cached-time="20120523142457.611Z" class-name="group"
> event-id="VMIDMMETA#20120523142457#4#1:71505099-6dd0-4fa2-63a3-99505071d06d"
> old-src-dn="\META\IDM\Groups\AD WMHCC\OHC"
> qualified-old-src-dn="O=IDM\OU=Groups\OU=AD WMHCC\CN=OHC"
> qualified-src-dn="O=IDM\OU=Groups\OU=AD WMHCC\CN=WMH OHC"
> remove-old-name="true" src-dn="\META\IDM\Groups\AD WMHCC\WMH OHC"
> src-entry-id="87160" timestamp="1336519575#37">
> <association
> state="associated">20db186811b2d74586873d9d9a71324 7</association>
> <new-name>WMH OHC</new-name>
> </rename>
> <modify class-name="group"
> event-id="VMIDMMETA#20120523142457#4#1:71505099-6dd0-4fa2-63a3-99505071d06d"
> qualified-src-dn="O=IDM\OU=Groups\OU=AD WMHCC\CN=WMH OHC"
> src-dn="\META\IDM\Groups\AD WMHCC\WMH OHC" src-entry-id="87160">
> <association>20db186811b2d74586873d9d9a713247</association>
> <modify-attr attr-name="sAMAccountName">
> <remove-all-values/>
> <add-value>
> <value>WMH OHC</value>
> </add-value>
> </modify-attr>
> <modify-attr attr-name="UserPrincipalName">
> <remove-all-values/>
> <add-value>
> <value type="string">WMH OHC@mehealth.org</value>
> </add-value>
> </modify-attr>
> </modify>
> </input>
> </nds>


sAMAccountName needs to be unique in a domain
UserPrincipalName needs to be unique in a forest

You aren't checking if these values are unique - when setting these. I
think this might be the cause of your error.