Here's the situation...

Two eDirectory trees, IDM3, NDS2NDS driver.

The "main" tree is managed by multiple people, using different tools
(ConsoleOne, iManager, maybe even some NWAdmin - I can't say for certain).
I have a need to replicate only certain people from the main tree to a
secondary tree. And, because there are different people, of different
skill levels, using different management tools involved, I need the
replication to happen based on very simple rules.

It is my intention to use Group Membership in the main tree as a trigger
to create the account in the second tree and sync the password. Removal
from the group removes the account. That's it. There's no black magic
necessary. The needs are exactly what I would accomplish if I was using
Entitlements with AD.

I know that this can be done, but it requires an iterative process to go
through very group membership entry for a user, or every user that's a
member of the trigger group, and make the corresponding change. I'm not a
coder. It will take me literally weeks to figure out how to write that
into a driver, so I'm looking for some assistance with that piece.

Father Ramon? Maybe you have a code sample that I could work from?

Thanks in advance.

- Mark