My customer's environment is eDir 8.7.3.7 on Windows 2003 with IDM351.
The Domain Controller running the remote loader is Windows 2000. The
filter is set to only sync from AD to eDir. Object placement in eDir is
flat. AD placement is hierarchical. The driver monitors for a move to
keep an eDir extended attribute updated which holds the AD context of
the user or group object.

When a user is moved in AD, everything is synchronized including the
extended attribute for the context. There is a status=error which kicks
off an email to an administrator. I don't have a document of the user
move. I've varified that the user in this case has an association as
seen in iManager.

Error emailed to administrator:
CN=RMSTRN,OU=GenericUsers,OU=MHP,DC=mhsnr,DC=healt h-partners,DC=org
(MHPN\PEOPLE\RMSTRN) *** Error message Code(-9039) Element <parent> does
not have a valid association.

The email rule from sub output transform:
<rule name="Send Email on Error">
<description>Send email on Error</description>
<conditions>
<and>
<if-operation op="equal">status</if-operation>
<if-xpath op="true">@level='error'</if-xpath>
</and>
</conditions>
<actions>
<do-set-local-variable name="mailerrormsg">
<arg-string>
<token-xpath expression="./text()"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="maildriver">
<arg-string>
<token-xpath expression="./module"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="mailobjectdn">
<arg-string>
<token-xpath expression="./object-dn"/>
</arg-string>
</do-set-local-variable>
<do-send-email disabled="true" server="mail.mhsnr.org">
<arg-string name="to">
<token-text
xml:space="preserve">removed-customer-email-1@their.org</token-text>
</arg-string>
<arg-string name="subject">
<token-text xml:space="preserve">IDM Driver Error - </token-text>
<token-local-variable name="maildriver"/>
</arg-string>
<arg-string name="message">
<token-text xml:space="preserve">Error occurred processing object-dn
</token-text>
<token-local-variable name="mailobjectdn"/>
<token-text xml:space="preserve"> *** Error message </token-text>
<token-local-variable name="mailerrormsg"/>
</arg-string>
</do-send-email>
<do-send-email server="mail.mhsnr.org" type="text">
<arg-string name="to">
<token-text
xml:space="preserve">removed-customer-email-2@their.org</token-text>
</arg-string>
<arg-string name="subject">
<token-text xml:space="preserve">IDM Driver Error - </token-text>
<token-local-variable name="maildriver"/>
</arg-string>
<arg-string name="message">
<token-text xml:space="preserve">Error occurred processing object-dn
</token-text>
<token-local-variable name="mailobjectdn"/>
<token-text xml:space="preserve"> *** Error message </token-text>
<token-local-variable name="mailerrormsg"/>
</arg-string>
</do-send-email>
</actions>
</rule>

The move rule from pub command transform:
<rule>
<description>Add: MHPN Attributes</description>
<conditions>
<and>
<if-operation mode="nocase" op="equal">add</if-operation>
</and>
<and>
<if-operation mode="case" op="equal">move</if-operation>
</and>
</conditions>
<actions>
<do-add-dest-attr-value name="mhpnADContext">
<arg-value type="string">
<token-parse-dn dest-dn-format="src-dn" length="-2">
<token-src-dn/>
</token-parse-dn>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>