IDM 3.5.1 on Netware 6.5
Driver config modified to enable incremental values
AD Forest and domain are operating at Window Server 2003 domain
functional level.

I am synchronizing groups between AD & eDir and have the following
issue:
When removing more than one member from an AD group, only one of the
members is removed from the Equivalent to Me attritute on the group in
eDirectory. All the users are removed as members of the group.
On the user side, the group is removed from Group Membership but only
one user (same one removed from Equivalent to Me on the group) has the
group removed from the Security Equals.

There are no issues adding multiple users to a group in AD and no
issues removing multiple groups from a user in AD.

Do I need to add a rule to remove the remaining users from the
Equivalent to Me attribute and another one to remove the group from the
Security Equals attribute on the user? That doesn't seem right since
it's not needed for the adds or for a single user removal on a group.

What am I missing?

Thanks,

Cindy


<nds dtdversion="2.2">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="Group" dest-dn="CS\AD\Global
Groups\Security\!3ADtestgrp-IDM" dest-entry-id="56707" event-id="0"
src-dn="CN=!3ADtestgrp-IDM,OU=Security,OU=Global
Groups,DC=testphci,DC=org">
<association>0840f6733c73f549b00f01238d41b164</association>
<modify-attr attr-name="Member">
<remove-value>
<value naming="false"
type="dn">\TESTIDENT\users\u30689</value>
<value naming="false"
type="dn">\TESTIDENT\users\u34078</value>
<value naming="false"
type="dn">\TESTIDENT\users\u75181</value>
<value naming="false"
type="dn">\TESTIDENT\users\p641</value>
<value naming="false"
type="dn">\TESTIDENT\users\p1485</value>
</remove-value>
</modify-attr>
<modify-attr attr-name="Object Class">
<add-value>
<value type="string">DirXML-ApplicationAttrs</value>
</add-value>
</modify-attr>
<modify-attr attr-name="DirXML-ADContext">
<remove-all-values/>
<add-value>
<value type="string">CN=!3ADtestgrp-IDM,OU=Security,OU=Global
Groups,DC=testphci,DC=org</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Equivalent To Me">
<remove-value>
<value type="string">\TESTIDENT\users\u30689</value>
</remove-value>
</modify-attr>
</modify>
</input>
</nds>
[06/26/08 11:46:43.436]:$$$ PT:Filtering out notification-only
attributes.
[06/26/08 11:46:43.436]:$$$ PT:Pumping XDS to eDirectory.
[06/26/08 11:46:43.436]:$$$ PT:Performing operation modify for
CS\AD\Global Groups\Security\!3ADtestgrp-IDM.
[06/26/08 11:46:43.454]:$$$ PT:Modifying entry CS\AD\Global
Groups\Security\!3ADtestgrp-IDM.
[06/26/08 11:46:43.536]:$$$ PT:Fixing link from CS\AD\Global
Groups\Security\!3ADtestgrp-IDM#Member.
[06/26/08 11:46:43.677]:$$$ PT:Fixing link from CS\AD\Global
Groups\Security\!3ADtestgrp-IDM#Member.
[06/26/08 11:46:43.813]:$$$ PT:Fixing link from CS\AD\Global
Groups\Security\!3ADtestgrp-IDM#Member.
[06/26/08 11:46:43.859]:$$$ PT:Fixing link from CS\AD\Global
Groups\Security\!3ADtestgrp-IDM#Member.
[06/26/08 11:46:43.906]:$$$ PT:Fixing link from CS\AD\Global
Groups\Security\!3ADtestgrp-IDM#Member.
[06/26/08 11:46:43.979]:$$$ PT:Fixing link from CS\AD\Global
Groups\Security\!3ADtestgrp-IDM#Equivalent To Me.
[06/26/08 11:46:44.078]:$$$ PT:
DirXML Log Event -------------------
Driver: \TESTIDENT\services\DirXML-DriverSet\PHC-AD
Channel: Publisher
Object: CN=!3ADtestgrp-IDM,OU=Security,OU=Global
Groups,DC=testphci,DC=org (CS\AD\Global
Groups\Security\!3ADtestgrp-IDM)
Status: Success


--
cll5723
------------------------------------------------------------------------
cll5723's Profile: http://forums.novell.com/member.php?userid=11625
View this thread: http://forums.novell.com/showthread.php?t=334291