I've created a Vault eDir the other day and sync'ed it from our
distribution eDir tree. That seems to have worked ok. Yesterday, we
installed an AD driver off the Vault tree and we couldn't sync any user,
just (empty) groups. While debuging the problem, we noticed it was because
we forgot to assign a Universal Password Policy to the context in the
vault where the users were created (AD creation was vetoed because of
'do-veto-if-op-attr-not-available("nspmDistributionPassword")'. Once I
enabled the universal password profile, a new user created in the
production tree was then created in the vault (like before) but also in AD.

My question is, can a 'Synchronize' or 'Migrate' from the production tree
be enough to sync the universal password to the Vault? And if so, will a
'Synchronize' or 'Migrate' from the AD Driver then populate my users into