IDM 3.51
Netware 6.5 SP6
AD Driver
Password sync turned on
Win 2003 server with remote loader
Mainly 'out of the box' config.


My users are one way syncing to AD from eDir. I have a rule that event
transforms a delete user from AD to remove association.

This got me thinking about what exactly a basic remove association does
to the User object attributes in eDir.

When a user is created in eDir, and the IDM driver is up and running, it
would seem that two auiliary classes are added to that user -

DirXML-ApplicationAttrs
DirXML-PasswordSyncStatusUser

These then manifest two attributes viewable in DSBROWSE and Console One -

DirXML-Associations
DirXML-PasswordSyncStatus

I CANNOT see the attributes -

DirXML-ADAliasName
DirXML-ADContext


When the User delete in AD is transformed into a remove association the
following happens to the user object in eDir -

DirXML-ApplicationAttrs - remains unchanged
DirXML-PasswordSyncStatusUser - remains unchanged

DirXML-Associations - attribute flag=deleted value
DirXML-PasswordSyncStatus - attribute flag=present

My questions are

1) I expected the DirXML-ADAliasName and DirXML-ADContext attributes to
be viewable in BSBROWSE or C1. I cannot see them. Does this mean they
are not actually present or hidden? How do I check they have been
deleted if the are present and hidden?

2) Should the DirXML-PasswordSyncStatus attribute be deleted on remove
association?

3) What other attributes I might have missed should be removed from the
eDir user object on remove association, and how do I check/facilitate this?

Regards

Charles