IDM Environment / Configuration:
OES2 (Server1) w/ Remote Loader <--eDir Driver (BiDirectional)-->
MetaDir Engine OES2 (Server2) <--AD Driver (BiDirectional)--> 2008r2 AD
(Server3) w/ Remote Loader

When I create a new group in my production eDir tree on Server1 and add
users to the new group, the group is created in the MetaDir tree on
Server2. The user object in both trees (server1 and server2) both show
membership to the new group, but the group object that I just created
does not have any members in the MetaDir tree (server2) - the members
list is empty. But the user in the same tree shows that it is a member.
The new group object is created on the AD (server3), but the new group
has no members. Also the user object in AD does not show group
membership in the "Member Of" tab.

If I change the password for the user in the production tree (server1),
the user is populated in the group members list on MetaDir (server2),
and also is added to the group in AD (server3).

Is this working as designed, or am I missing something? If IDM is
password change oriented, how/why does it create the group, and why
would it modify the user object's group membership? If it can do that,
why does it not modify the group as well?

robwillcox318's Profile:
View this thread: