We are running IDM version with the AD driver, which sync`s a
single eDirectory OU to an Active Directory domain OU. Everything seems
to be working fine, except for about 5-10% of our users, who have
somehow lost their AD association. I don`t think there is an issue with
their account, as all of them either have an association within our test
IDM environment or within the previous IDM install (we upgraded
recently, starting with a new driver). When I make a change to their
account, I get error messages like <ldap-err ldap-rc="68"
ldap-rc-name="LDAP_ALREADY_EXISTS">, which I would expect since they
have an account in this domain that was sync`d to their edirectory
account previously. I really do not want to delete their AD account, as
some of the users have been using them for close to a decade. But ID
Manager doesn`t want to resync with them. Is their a way to manually
configure an association? I see the option within the user`s account in
Imanager, but I have no idea what to put in the association box.

Hawk312's Profile: https://forums.netiq.com/member.php?userid=874
View this thread: https://forums.netiq.com/showthread.php?t=51233