I have several IDM design questions. I am interested in implementing an
environment where I have IDM synching our current active directory
environment and edirectory environment. I have read that User
Application can only scope on one container. Our current edirectory
environment (Edir1,2,3) has our users in 11 different containers. When
I initailly populate our IDM environment I was planning on placing
everyone in one container. Then I would point the UserApp1 server at
this container on the IDM1 server. Does this sound logical? I also of
coarse plan to turn on Universal Password and have users populate
challenge questions. I understand that IDM can not synchronize this
information between my Edir and IDM trees. Currently my workstations
all point at my Edir servers to authenticate. If I point my User App at
my IDM environment and users are populating their challenge questions in
the IDM edirectory will this cause problems? Do I also need to have
challenge questions on my Edir servers? Or should I be pointing my User
App server at my Edir servers instead of IDM? Should I make a matching
password policy on both trees but just not require a challenge set on my
Edir tree? Thanks Andy

Edir1
Edir2 IDM 3.5.1 installed
Edir3

AD1
AD2

IDM1
IDM2

UserApp1