I'm sure this is a dumb one.
"primary" tree has eDir to eDir driver
Which syncs to a Vault
Vault has eDir to eDir driver (sync back to Primary) as well as eDir to
In the Primary tree, there's basically three UP policies:
1) Default User
2) One for "special" service accounts so their passwords do NOT change
3) The IDM policy (the one you cannot touch/edit)
If I make a change to the Default User one (ie, let's say remember
password for X days or do Case Sensitivity), do I need to also adjust
the one for the Vault?
Nobody authenticates to the Vault (except for an Admin account).
We sync passwords one way from eDir to AD (we don't sync from AD to eDir
Technically the eDir to eDir is setup to allow bi-directional password
sync, but I don't think we've ever used that sinc shutting off AD to
eDir password syncing.