Hello everyone:

I need to synchronize several groups between IDM and AD. Each group
contains about 10K members. Currently each time a member get
added/removed to the group, on the next polling cycle on AD publisher
channel, the entire group list was sent back with the one addition or
deletion. I was reading the cool solution called "really optimized
modifies". I noticed the following statement."Prior to IDM 3.5.1 and
Active Directory 2003 Native, this came back as the entire group list
with the one addition or deletion. (This solution is run on mixed mode
AD 2003, Native Mode AD 2000 and IDM 3.01 on eDirectory 8.8.1.)" Our
system is IDM 3.5.1 and active directory 2003 forest functional (i
think it means AD 2003 native, please correct me if i am wrong. I know
very little about AD). I am about to install the patch 3 for IDM 3.5.1
Can anyone tell me how I can prevent AD sending me the whole list but
the real change? Is that a configuration I can change to achieve that?
I also did some research on this forum and found some suggestions turn
off the "modify optimizer" in the filter. Is that a good idea? What is
the best practice interns of synchronizing Group between AD and Vault.

Thank you


