Quick scenario:

We have Production eDir tree to eDir IDV and IDV to AD. In prod tree we
have disabled users ou, where as you might expect we put disabled users
who have left the company. We have rule that once the user is put into
this ou they are put into a diff ou in IDV and in turn this moves them
into syc'd ou in AD. As it stands the login disabled attribute is
sync'd from prod to idv but not onto AD. The rule from prod to idv also
removes the idm association on the user for that driver in the idv as we
need to keep a handle on licensing and the disabled users can end up
sittong around for a while.

Now explained this what would be the best way to:

1. On the rule from prod to idv also remove the source objects idm
association as on the idv association is removed at the moment.

2. We would like login disabled to sync from idv to AD but only for
users not in the UsersPending ou in idv, for users in this ou we want
them to remain enabled as we have exchange and need to continue to
receive email to this account, eventually we will add exchange support
to the driver and prob deal with in a diff way, we then also want to
remove the source idv users ad idm association.

Many Thanks

greenage's Profile: http://forums.novell.com/member.php?userid=22071
View this thread: http://forums.novell.com/showthread.php?t=340637