I have IDM 3.5.1 and the eDirectory driver managing account synchronisation between an identity vault and a production tree. Users who are no longer current will be moved to an OU called Dormant in the vault, and I have created a rule on the driver in the production tree that deletes the user in that tree when a user is moved to the Dormant OU in the vault. However, I can't work out how to remove the association in the vault once this happens. I have an event transformation on the publisher channel in the vault that removes the association if the user is manually deleted from the production tree, but it seems that if IDM itself performs the delete the event is not seen by the driver in the vault.

The only way I've been able to get this to work is to use a rule that deletes the source object in addition to the destination object in the production tree, which then gets translated to a remove association in the vault, but this doesn't seem very elegant. Any other ideas?