I noticed a strange behavior of the AD driver (tested v.3.5.14 and
3.5.17, IDM v.4.0.1). When user or group objects are coming from
Edirectory (IDV) after objects are created in AD there is an
add-association event which triggers DirXML-ADContext value being set in
IDV. However, when a group object already exist in AD and matching
policy finds the object and merges the attributes for some reasons I see
only status event coming back from AD and no add-association. The
DirXML-Associations attribute is populated properly (after a match is
found) but I don't see that events in the trace and it seems because
there is no add-association events the DirXML-ADContext attribute is not

I'm not sure if it's some new behavior of the AD driver in v.4.x - as
far as I remember all previous versions had the add-association event
coming back and I was using it to confirm that association had been

I was wondering if anybody else has seen this problem or it's something



slavat's Profile: https://forums.netiq.com/member.php?userid=953
View this thread: https://forums.netiq.com/showthread.php?t=44973