I'm new to IDM and currently working with a test environment.

We have a heirarchy production tree and I'm thinking ahead about issues
that I need to be able to resolve by duplicating in the testing

In our production environment, we have containers for students and
nondistrict personnel, etc.... At this time, we do not want these
containers synchronized to MAD.

In the tree there are about 40 STUDENTS containers.

How and where would I write a rule that would look at the context of
the object being synd' with AD to and the rule determines that the
context of the user is STUDENTS and thus a veto occurs and the object is
not syncd'.

I'd like to write one rule and not 40 rules if possible.

Also, I have the same issue with Groups. I'd like to sync Group
memberships, but not Groups. In MAD, I'll only need two groups and can
manually create these in MAD. I just want the group membership synching
for these 2 groups.

We have about 400 Groups in our production tree and all in a context
called Groups.

The 2 MADGroups could go in a special container for MAD objects and


