I am building an ActiveDirectory driver which is Subscription only, I only
push accounts from the Identity Vault to AD. Passwords will synchronize both
ways.

I am trying to take all the extra policies out that I do not need, and I am
fairly confident I will not need the Matching Policy on the Subscriber
channel. I will be starting with a blank AD system. The only entity that
will have rights to create users is the Identity Vault.

Does anyone know why I would need to built a matching rule?