Here's my situation:

eDirectory running IDM 3.5.x (latest) with two Orgs in the tree.

Special AD forest running some sensitive apps receives account provisioning
via IDM (one way sync eDir -> AD.)

I want an AD driver for each Org since they have different rules for who
gets propogated (using entitlements).

Is this possible? I tried it and got an odd error so I want to see if I'm
on the wrong track before I spend too much more time on it.