Hi all and THANKS to all for helping me get my IDM back up and running. I have been reading a lot of Novell documentation on IDM and came across a tid-bit that may help me out:

Publisher: Event Transform
"This is the place to put a policy like "block add events" to keep an application administrator from being able to create new eDirectory objects, or "handle delete events" so that an object being deleted in the application may actually only cause the associated eDirectory object to be modified."

My ultimate goal is to set up a one-way connection from eDir into AD. Currently I am doing this with the filter, preventing the sync from AD to eDir, but the documentation indicates a better way is to place a Veto rule into the Publisher channel's Input Transform Policy that basically vetoes all actions coming out of AD. I set up a new rule that basically says that if the incoming operation is an add, delete or modify, veto it on the spot. However, there are a myriad of other actions that can occur and I don't want to add each one into the rule. So, is Add, Delete and Modify enough to block everything? Or, is there a better way of writing the rule to accomplish what I want?

Thanks again, Chris.