I'm using IDM 3.6.1 to synchronize eDirectory user objects over to AD.
The driver has been in production for over a year now. During the
development / testing of the driver, group synchronization was not
discussed. Shortly after I placed the driver into production, it was
requested that I synchronize selected groups over to AD. So I came up
with the idea of setting the location (L) attribute in eDir to "AD" to
indicate that a group should be synchronized over to AD. In my filter,
I am synchronizing the following attributes for Group objects over to
AD: Description, Member and CN. I only used notification for the
location (L) attribute and have logic in the driver to veto all groups
coming from eDir that don't have their location set to "AD". I did not
make any changes to the filter for the user object and am not
synchronizing the group membership attribute. I then migrated a few
groups over and found that it worked. However, I have recently
discovered that users who are added to the synchronized groups are not
being added to the corresponding groups in AD. They are only added when
a group is initially migrated.

Exactly what attributes do I need to include in my filter for Users /
Groups in order for newly added group members to be synchronized to AD.
Any help would be greatly appreciated!


jstaffor's Profile: http://forums.novell.com/member.php?userid=18218
View this thread: http://forums.novell.com/showthread.php?t=429446