Hello,

I have been trying to move users in ConsoleOne in an attempt to test that
the synched user would also move in Active Directory. I get an error
massage in the trace log of "Attempt to move an object to an uassociated
container.

I have two hierachical structures and they are neither flat nor mirrored.
I use the location attribute on the eDIr OU to match that of the OU in
AD.
It works great except for this part. I guess when the user object is
moved,
it has no association with the new OU. I am guessing. I am new at doing
this so I am not well versed in the XML syntax for IDM3.

I have tried to come up with a rule after doing some reading on the
newsgroups and the knowledgebase at Novell. I put it in the Command
Trasformation Policies. I made it the first one above all the default
policies::

<rule>
<description>Moving user in eDIR to move in AD also
</description>
<comment xml:space="preserve">16.3.2006</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-
class-name>
<if-operation op="equal">move</if-operation>
<if-attr name="L" op="available"/>
<if-class-name op="equal">Organizational Unit
</if-class-name>
</and>
</conditions>
<actions>
<do-move-dest-object>
<arg-dn>
<token-src-attr class-name="Organizational
Unit" name="L">
<arg-dn>
<token-src-dn length="-2"/>
</arg-dn>
</token-src-attr>
<token-text
xml:space="preserve">,dc=nisdtest,dc=net</token-text>
</arg-dn>
</do-move-dest-object>
<do-break/>

Any help would be greatly appreciated. It is drive me crazy!
</actions>
</rule>