I've got an old AD driver (built like what 8 years ago or thereabouts?),
so obviously it doesn't have all the newfangled policies, etc. in it.

Currently eDir is hierarchical, syncs to the ID Vault (which is flat)
and then syncs to AD (which is also flat). We only do users.

I want/need to add groups. However, for sanity sake, I only need to
sync specific groups (groups in a particular OU in the "source" eDir
tree) as a start. I've got the policies done/tested so that only those
groups sync.

However, I took a look at a default AD driver (unfortunately I clicked
the entitlement enabled when making a new driver just to see what it was
doing), and it doesn't look like hardly anything in the schema mapping
is there for Group.

What I'd like to do is map the CN of the eDir Group to the
sAMAccountName in AD (okay I did that and it seems to work okay). Our
AD is all 2003 (so the 15 or 20 character limitation isn't really
applicable for us since only "pre-Windows 2000" needs it and we don't
have that anymore).

However, I noticed that, while the group is created correctly (the
display name? shows up okay even if it's really long), and the group
membership seems to go okay as well, that there's a field in the AD MMC

GroupName (pre-Windows 2000) that gets mangled to some random stuff.
(well I say "random" but it'll show up like: $1M5100-TOD6UHPQTQN4)
Is that the sAMAccountName limitation kicking in?

Or bug? (I'm not sure what patch level the Remote Loader for AD is at
off the top of my head. I'm using the Remote Loader from 4.0.1 IDM
codebase, so not sure what actual version it is).

Or do I not even need to worry about since our AD level is at 2003 and
we have no 2000 stuff or earlier in the domain at all?

The opinions expressed are my own.
Check out my OES2 Guides:
Installing OES2 SP2:
Upgrading to OES2 with ID Transfer:
GroupWise Migration with OES2 ID Transfer:
kjhurni's Profile: http://forums.novell.com/member.php?userid=734
View this thread: http://forums.novell.com/showthread.php?t=453670