I've got the NIM 3 BE working on our test network. I would like to control which users in the Identity Vault get created in Active Directory. I am doing this by adding the action "Do veto if operation attribute not available" using the "SA" attribute (SA is the Street field on the General | Postal Address tab in C1). But, I would prefer to control the Creation based on eDirectory group membership. That is, I only want the user created in AD if it belongs to a specified eDirectory group (or any one of several eDirectory groups).

I haven't been able to figure that out. Any suggestions?

David Mizenko