Hi all!

I'm creating a new IDM driver to sync users and groups from eDirectory
(MID) to AD. Today there is a AD driver but it is very very old and the
development of a new driver is required.

The actual AD driver sync users and groups. My new driver will use
entitlements and I would like to sync users and groups, both using
entitlements. But, here, I have a question. My environment is all
synchroized by actual AD driver. I can't fail to implement this new
driver and no users and groups attributes can't be changed by new
driver. Only association can be changed and other operational

I don't know how the new version of AD driver sync groups and If can I
use entitlements for this.

For group sync using entitlments, the groups must exists in AD or not?
Today all groups exists in AD but new groups are created everyday.

Is there any kind of best practice to group sync with AD using

Thank you!

* Alan Cota | Open Consult | Brazil, Novell Platinum Partner.
CNE | ISM & Security Specialist.
AlanCota's Profile: http://forums.novell.com/member.php?userid=1961
View this thread: http://forums.novell.com/showthread.php?t=415070