Continuing to a more complicated policy that I need to understand:

I have a hierarchy tree which has a separate OU for each physical
building. In each OU there is a container called students. There are
over 40 sites.

I'd like to make a policy on user objects that would exclude any user
object which exists in a STUDENTS container without creating 40
policies/rules if possible. Or would it be easier to write policies
the specify what I need to synchronize. So, reverse logic would be use
Teachers, which I do want synchronized. Again, there about 40 Teachers
containers. I also don't want Users created when servers are created
to by synchronized, etc..... I actually have more users that I would
not want to sync than to be sync'd.

Thus my logic would be:

If class name = user AND container contains the word STUDENTS then
Action would be VETO

If class name = user AND container contains the word TEACHERS then
Action would be to ALLOW SYNC

How would I set this up in IDM rules? I'm confused as to what
container/subtree is meaning. I'm been experimenting with this and
can't seem to get anything to work the way that I need it to.

Can I specify wildcards for the word students?

I'd really like to not have to set up 40+ rules.

Again, I'm understanding this would be best placed in a Subscription
Event Transformation Policy.

Again, thanks in advance,

lcurrie's Profile:
View this thread: